Work profiles (original) (raw)

The Android platform allows devices to havework profiles (sometimes referred to as managed profiles). A work profile is controlled by an IT admin, and the functionality available to it is set separately from the functionality of the user's primary profile. This approach lets organizations control the environment where company-specific apps and data are running on a user's device, while still letting users use their personal apps and profiles.

This lesson shows you how to modify your application so it functions reliably on a device with a work profile. You don't need to do anything besides the ordinary app-development best practices. However, some of these best practices become especially important on devices with work profiles. This document highlights the issues you need to be aware of.

Overview

Users often want to use their personal devices in an enterprise setting. This situation can present organizations with a dilemma. If the user can use their own device, the organization has to worry that confidential information (like employee emails and contacts) are on a device the organization does not control.

To address this situation, Android 5.0 (API level 21) allows organizations to set up work profiles. If a device has a work profile, the profile's settings are under the control of the IT admin. The IT admin can choose which apps are allowed for that profile, and can control just what device features are available to the profile.

If a device has a work profile, there are implications for apps running on the device, no matter which profile the app is running under:

Prevent failed intents

On a device with a work profile, there are restrictions on whether intents can cross from one profile to another. In most cases, when an intent is fired off, it is handled on the same profile where it is fired. If there is no handler for the intent on that profile, the intent is not handled and the app that fired it may shut down unexpectedly—even if there's a handler for the intent on the other profile.

The profile admin can choose which intents are allowed to cross from one profile to another. Since the IT admin makes this decision, there's no way for you to know in advance which intents are allowed to cross this boundary. The IT admin sets this policy, and is free to change it at any time.

Before your app starts an activity, you should verify that there is a suitable resolution. You can verify that there is an acceptable resolution by calling [Intent.resolveActivity()](/reference/android/content/Intent#resolveActivity%28android.content.pm.PackageManager%29). If there is no way to resolve the intent, the method returnsnull. If the method returns non-null, there is at least one way to resolve the intent, and it is safe to fire off the intent. In this case, the intent could be resolvable either because there is a handler on the current profile, or because the intent is allowed to cross to a handler on the other profile. (For more information about resolving intents, see Common Intents.)

For example, if your app needs to set timers, it would need to check that there's a valid handler for the [ACTION_SET_TIMER](/reference/android/provider/AlarmClock#ACTION%5FSET%5FTIMER) intent. If the app cannot resolve the intent, it should take an appropriate action (such as showing an error message).

Kotlin

fun startTimer(message: String, seconds: Int) {

// Build the "set timer" intent
val timerIntent = Intent(AlarmClock.ACTION_SET_TIMER).apply {
    putExtra(AlarmClock.EXTRA_MESSAGE, message)
    putExtra(AlarmClock.EXTRA_LENGTH, seconds)
    putExtra(AlarmClock.EXTRA_SKIP_UI, true)
}

// Check if there's a handler for the intent
if (timerIntent.resolveActivity(packageManager) == null) {

    // Can't resolve the intent! Fail this operation cleanly
    // (perhaps by showing an error message)

} else {
    // Intent resolves, it's safe to fire it off
    startActivity(timerIntent)

}

}

Java

public void startTimer(String message, int seconds) {

// Build the "set timer" intent
Intent timerIntent = new Intent(AlarmClock.ACTION_SET_TIMER)
        .putExtra(AlarmClock.EXTRA_MESSAGE, message)
        .putExtra(AlarmClock.EXTRA_LENGTH, seconds)
        .putExtra(AlarmClock.EXTRA_SKIP_UI, true);

// Check if there's a handler for the intent
if (timerIntent.resolveActivity(getPackageManager()) == null) {

    // Can't resolve the intent! Fail this operation cleanly
    // (perhaps by showing an error message)

} else {
    // Intent resolves, it's safe to fire it off
    startActivity(timerIntent);

}

}

Share files across profiles

Sometimes an app needs to provide other apps with access to its own files. For example, an image gallery app might want to share its images with image editors. There are two ways you would ordinarily share a file: with a file URI or a content URI.

A file URI begins with the file: prefix, followed by the absolute path of the file on the device's storage. However, because the work profile and the personal profile use separate storage areas, a file URI that is valid on one profile is not valid on the other. This situation means that if you attach a file URI to an intent, and the intent is handled on the other profile, the handler is not able to access the file.

Instead, you should share files with content URIs. Content URIs identify the file in a more secure, shareable fashion. The content URI contains the file path, but also the authority that provides the file, and an ID number identifying the file. You can generate a content ID for any file by using a[FileProvider](/reference/androidx/core/content/FileProvider). You can then share that content ID with other apps (even on the other profile). The recipient can use the content ID to get access to the actual file.

For example, here's how you would get the content URI for a specific file URI:

Kotlin

// Open File object from its file URI val fileToShare = File(fileUriToShare)

val contentUriToShare: Uri = FileProvider.getUriForFile( context, "com.example.myapp.fileprovider", fileToShare )

Java

// Open File object from its file URI File fileToShare = new File(fileUriToShare);

Uri contentUriToShare = FileProvider.getUriForFile(getContext(), "com.example.myapp.fileprovider", fileToShare);

When you call the [getUriForFile()](/reference/androidx/core/content/FileProvider#getUriForFile%28android.content.Context, java.lang.String, java.io.File%29) method, you must include the file provider's authority (in this example,"com.example.myapp.fileprovider"), which is specified in theelement of your app manifest. For more information about sharing files with content URIs, seeSharing Files.

Listen for notifications

An app typically provides a[NotificationListenerService](/reference/android/service/notification/NotificationListenerService) subclass to receive callbacks from the system about changes to notifications. Devices with work profiles might affect how NotificationListenerService works with your app.

In a work profile

You can't use a NotificationListenerService from an app running in the work profile. When your app is running in a work profile, the system ignores your app's NotificationListenerService. However, apps running in the personal profile can listen for notifications.

In a personal profile

When your app runs in the personal profile, you might not get notifications for apps running in the work profile. By default, all personal profile apps receive callbacks but an IT admin can allowlist one or more personal profile apps that they allow to listen for notification changes. The system then blocks non-allowlisted apps. In Android 8.0 (API level 26) or later, a device policy controller (DPC) that manages a work profile might block your app from listening to the work profile's notifications using the DevicePolicyManagermethod[setPermittedCrossProfileNotificationListeners()](/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners%28android.content.ComponentName, java.util.List<java.lang.String>%29). Your app still receives callbacks about notifications posted in the personal profile.

Test your App for Compatibility with Work Profiles

You should test your app in a work-profile environment to catch problems that would cause your app to fail on a device with work profiles. In particular, testing on a work-profile device is a good way to make sure that your app handles intents properly: not firing intents that can't be handled, not attaching URIs that don't work cross-profile, and so on.

We have provided a sample app, TestDPC, which you can use to set up a work profile on an Android device that runs Android 5.0 (API level 21) and higher. This app offers you a simple way to test your app in a work-profile environment. You can also use this app to configure the work profile as follows:

If you manually install an app over a USB cable to a device which has a work profile, the app is installed on both the personal and the work profile. Once you have installed the app, you can test the app under the following conditions:

Test on work profiles: tips and tricks

There are a few tricks that you may find helpful in testing on a work-profile device.

For example, to find the users on a device, you would run this command:

$ adb shell pm list users UserInfo{0:Drew:13} running UserInfo{10:Work profile:30} running

In this case, the primary user("Drew") has the user ID 0, and the work profile has the user ID 10. To run an app in the work profile, you would use a command like this:

$ adb shell am start --user 10
-n "com.example.myapp/com.example.myapp.testactivity"
-a android.intent.action.MAIN -c android.intent.category.LAUNCHER