Some enterprises use devices that are customized for their requirement. For example having a custom android device that functions as a POS. In such situations, organizations prefer to have and maintain custom firmwares or get device vendors to build a custom device to suite their requirement. For example, apps or devices having the capability to sign their POS app with the vendor firmware signing key and install it on devices as a system app.
WSO2 IoT Server provides a separate service application that can be signed by a firmware signing key and installed on the devices as a system application alongside the Android Agent application. This enables you to have better control over the devices registered with WSO2 IoT Server. Since this is a system app, it provides system level capabilities, such as device firmware upgrade, reboot and enforcing security policies, and much more.
For more information on managing the system service Android application see the following subsections:
|Table of Contents|
When the system service app is installed on a device that is registered with WSO2 IoT Server, the Android agent communicates with it to trigger system level operations from WSO2 IoT Server. The communication between the system service application and the Android agent is secured by two layers of protection as listed below:
Via the signature - The system will grant permission only if the requesting application is signed with the same certificate as the application that is declared in the permission.
For more information on securing the communication, see <permissions> on the Android Developer documents.
- Check the package name of the intent who makes the call to verify that it’s a request from the Android agent.
Integrating the system service application
Follow the steps given below to integrate the system service Android application:
Operations supported via the system service application
The following operations are supported via the system service application:
|Device Reboot||Restart or reboot your Android device.|
|Firmware upgrade||Upgrade the firmware of Android devices.|
|Enforcing user restrictions||Restrict different functions on the user's device using this REST API. When adding a policy you will have the option of saving the user restriction policy or saving and publishing the user restriction policy.|
|Silent app installation, removal and update||Application installation, removal and update will be performed without the user's confirmation when the Android system service application is available on an Android device.|
This operation is only available for enterprise applications (apps that were created by your organization) and is not available for public applications (publicly available apps, such as free apps available online).