Oct 17, 2013 10:28:54 AM
Tablets are being used by multiple users at home and business premises. There is a need to provide privacy and control over the content of application, data usage, purchasing capability offered by many in-application items. Android Jelly Bean 4.3 release from Google has the support for multi user for tablet devices to address this requirement. Multiple users can use the same device and run applications and secure their private data. Multi user feature in Android came in two stages, 'Multi user’ creation in android version 4.2 and ‘Restricted Profile' creation in Android version 4.3.
Primary account or owner setup is done the very first time when the new device boots from just out of the box. The owner of the device creates multiple users of the device and each user profile will have isolated and secure space with its local storage area. Owner controls the user by enabling/disabling the installed applications for a profile and thus the owner can setup separate environments for each profile. Essentially, Android 4.3 supports following two types of user creation by the owner namely,
Normal User:
Owner of the device can create and delete users in the device from Settings application. Owner can also delete any of the applications installed by normal users.
Any normal user created by the owner is just a yet another user who has the privilege of access to entire Android stock applications within tablet, with user data separation in place. The only exception for him/she from Owner is that he/she doesn’t have the privilege to create/delete any user accounts. User will use his own Gmail account and credentials for Google apps authentication and contact information.
Restricted User:
Owner of the device can create users with limited access to Android stock applications. She/he can do so by selecting those applications from Settings application during creation of users. Applications that use Google services such as Gmail, Google hangout, G+ photos, and Calendar are blocked by default for a Restricted user wherein she/he won’t be able to see those applications at all. On top of this, an owner can selectively choose and restrict other Android stock applications. Restricted user will inherit Gmail account credentials from owner of the device. Owner can control or restrict access to both location tracking and in-application purchases for a Restricted User.
Once a user is created it can’t be converted from Normal to Restricted or vice versa. The appropriate choice has to be made by the owner during creation. Device main screen will have icons for all the user and profile with name. Device user can select these icons and login with unlock option. User is allowed to set unlocking option for password, pattern or picture through Settings.
Android will maintain isolated and secure space with each user of the device. Android allows each user to have his own lock screen and set his preferred wall paper. Each user in the device can buy application from Google play with her/his Gmail account. If same application is already downloaded in the same device by other user, then same binary is used to create instance. This way multi user feature allows sharing of application apk across the users. When an application is uninstalled by a user, then application is removed for only that user and not system wide. This is applicable to owner of the device too.
Another advantage is owner of the device can control user from purchasing advertised in application items based on location and buying ability. This is achieved through restricted profile for a user. Applications will have capability to recognise whether it is running under restricted mode and enable/disable advertisements. The downside here is application developer must support user profile configuration in the application using Google Profile API. This might reduce revenue for application developers for not allowing purchase of applications specific items. UsrManager and UserHandle classes are having extended APIs to manage multiple users. Applications can check restrictions on a user by calling getUserRestrictions () API.
For enterprise security and privacy in enterprise environment, owner can set controls in profiles. For example enabling only a set of websites can be achieved by owner entering website links in the browser settings for a restricted user. When browser is launched under restricted profile mode, it will have implementation to check for restricted profile mode and allow only pre configured websites.
Scope for Evolution:
Authored by Ravi TVS
Oct 17, 2013 10:28:54 AM
Tablets are being used by multiple users at home and business premises. There is a need to provide privacy and control over the content of application, data usage, purchasing capability offered by many in-application items. Android Jelly Bean 4.3 release from Google has the support for multi user for tablet devices to address this requirement. Multiple users can use the same device and run applications and secure their private data. Multi user feature in Android came in two stages, 'Multi user’ creation in android version 4.2 and ‘Restricted Profile' creation in Android version 4.3.
Primary account or owner setup is done the very first time when the new device boots from just out of the box. The owner of the device creates multiple users of the device and each user profile will have isolated and secure space with its local storage area. Owner controls the user by enabling/disabling the installed applications for a profile and thus the owner can setup separate environments for each profile. Essentially, Android 4.3 supports following two types of user creation by the owner namely,
Normal User:
Owner of the device can create and delete users in the device from Settings application. Owner can also delete any of the applications installed by normal users.
Any normal user created by the owner is just a yet another user who has the privilege of access to entire Android stock applications within tablet, with user data separation in place. The only exception for him/she from Owner is that he/she doesn’t have the privilege to create/delete any user accounts. User will use his own Gmail account and credentials for Google apps authentication and contact information.
Restricted User:
Owner of the device can create users with limited access to Android stock applications. She/he can do so by selecting those applications from Settings application during creation of users. Applications that use Google services such as Gmail, Google hangout, G+ photos, and Calendar are blocked by default for a Restricted user wherein she/he won’t be able to see those applications at all. On top of this, an owner can selectively choose and restrict other Android stock applications. Restricted user will inherit Gmail account credentials from owner of the device. Owner can control or restrict access to both location tracking and in-application purchases for a Restricted User.
Once a user is created it can’t be converted from Normal to Restricted or vice versa. The appropriate choice has to be made by the owner during creation. Device main screen will have icons for all the user and profile with name. Device user can select these icons and login with unlock option. User is allowed to set unlocking option for password, pattern or picture through Settings.
Android will maintain isolated and secure space with each user of the device. Android allows each user to have his own lock screen and set his preferred wall paper. Each user in the device can buy application from Google play with her/his Gmail account. If same application is already downloaded in the same device by other user, then same binary is used to create instance. This way multi user feature allows sharing of application apk across the users. When an application is uninstalled by a user, then application is removed for only that user and not system wide. This is applicable to owner of the device too.
Another advantage is owner of the device can control user from purchasing advertised in application items based on location and buying ability. This is achieved through restricted profile for a user. Applications will have capability to recognise whether it is running under restricted mode and enable/disable advertisements. The downside here is application developer must support user profile configuration in the application using Google Profile API. This might reduce revenue for application developers for not allowing purchase of applications specific items. UsrManager and UserHandle classes are having extended APIs to manage multiple users. Applications can check restrictions on a user by calling getUserRestrictions () API.
For enterprise security and privacy in enterprise environment, owner can set controls in profiles. For example enabling only a set of websites can be achieved by owner entering website links in the browser settings for a restricted user. When browser is launched under restricted profile mode, it will have implementation to check for restricted profile mode and allow only pre configured websites.
Scope for Evolution:
Authored by Ravi TVS
Sasken is a specialist in Product Engineering and Digital Transformation providing concept-to-market, chip-to-cognition R&D services to global leaders in Semiconductor, Automotive, Industrials, Consumer Electronics, Enterprise Devices, SatCom, and Transportation industries.
Sasken Technologies Ltd
(formerly Sasken Communication Technologies Ltd)
139/25, Ring Road, Domlur, Bengaluru 560071, India
CIN# L72100KA1989PLC014226