security - How to only allow an Android app granted Device Administration API access to control a given feature -

I have recently been reviewing Android's Device Administration API so that some apps are forced to close down or Find a way to keep the device safe. Uninstall I came to wipe data ():

What does it mean if a user can erase data from the device's "Settings" menu? When I originally posted this question, I did not know that an effective use could erase a device remotely. I think that, but what I am doing especially after protecting certain features, so that a user can not use it outside the app which provides the manager to those same features.

For example, on my special device, I type the system settings-> Backup & amp; Reset-> Factory Data Reset and Clear Everything DevicePolicyManager can make such a case for many other options.

When using the Device Administration API, there is a way to disable these built-in features so that only the app for the device is registered, what can the administration API do?

After protecting certain features, what a user is not outside of those apps Access to policies that have been provided to those administrators who do not have any meta device administration (i.e., the administration of the device administrator)

.

A type of devicePolicyManager ) Can be made for other options coming up. The user does not have nearly anything that is DevicePolicyManager .

For example, the user can not block the camera from the lock screen, nor can the user block the app widgets from the lock screen, which is why I had to write the AU (Ability to do this) I did not want to install a closed-source device administrator from Play Store). Most passwords pass around password quality on

DevicePolicyManager , and users can not set policies for their own password and they can be implemented.

And so on.

While using the Device Administration API, is there a way to disable these built-in features so that only the registered app for Device Administration API can execute them?

By definition, only Device Administrator Device Administrator can do things. However, there is no way for a device administrator to block another device administrator. The only exception to this is with reference to various password quality settings, where the most robust setting is applied.