Skip to content

Demonstrates a bug in Android that prevents device administrator apps from being uninstalled in certain cases

Notifications You must be signed in to change notification settings

benhirashima/DeviceAdminBugDemo

Repository files navigation

This project demonstrates a bug in Android that prevents device administrator apps from being uninstalled in certain cases. 

The bug is documented here: http://code.google.com/p/android/issues/detail?id=53130

The bug makes it impossible to deactivate the app as a device administrator, therefore making the app impossible to uninstall in the usual way. It appears when the device admin app does some device admin operations during boot, before the BOOT_COMPLETED broadcast has been received. We can cause this to happen by listening for the android.intent.action.MEDIA_MOUNTED broadcast or the android.net.wifi.STATE_CHANGE, which is sent before android.intent.action.BOOT_COMPLETED, and doing some device admin operations.

There is a workaround for the bug, which is to check whether boot has completed before beginning any device admin operations. By default, this demo app has the workaround enabled. To disable it and reproduce the bug, set the WORK_AROUND_BUG constant to false in Receiver.java.

WARNING: If you reproduce this bug, you will not be able to uninstall the app the usual way. There are two ways to uninstall an app that has triggered this bug. One requires root, and one doesnÕt.

Root method: Using either Titanium Backup (premium version) or another root uninstaller app, disable/freeze the app, then uninstall it. These apps run the following two commands as root, which you can also run yourself:

# pm disable com.mypackage
# pm uninstall com.mypackage

Non-root method: Boot your device into safe mode by holding the power button until the power-off menu appears, then press and hold on "Power off". You will see a pop-up that allows you to reboot to safe mode. Once in safe mode, go to Settings > Security > Device administrators,  uncheck the app, and deactivate it as a device administrator. If the checkbox isn't unchecked after you deactivate it, try rebooting into safe mode again and deactivating it again. You may have to do this quite a few times. Just keep deactivating and rebooting to safe mode and it will eventually stay unchecked (or disappear from the list). After you have deactivated the app as a device administrator, you can uninstall it the usual way.

To reproduce the bug, follow these steps on an emulator. 

0) Set the WORK_AROUND_BUG constant to false
1) Create an emulator instance. This has been tested on an Intel x86 Android 4.3 emulator.
2) Activate the app as a device admin by pressing the button in the app.
3) Reboot the emulator. Watch logcat for messages with the tag DeviceAdminBugDemo.
4) Reboot the emulator again. You will see that logcat shows multiple component names registered as device admins for this app. This indicates that the bug has been reproduced.
5) Try to deactivate the app as device administrator. It will be impossible.

This bug has been reproduced on a Galaxy Nexus running stock Android 4.3. To reproduce the bug on a device, follow the same steps, but make sure the device is connected to wifi first. On an actual device, the system may not send android.intent.action.MEDIA_MOUNTED on boot, so another way to activate the app is to listen for android.net.wifi.STATE_CHANGE, which is sent before android.intent.action.BOOT_COMPLETED. 

About

Demonstrates a bug in Android that prevents device administrator apps from being uninstalled in certain cases

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages