1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
<html devsite>
<head>
<title>Supporting Multiple Users</title>
<meta name="project_path" value="/_project.yaml" />
<meta name="book_path" value="/_book.yaml" />
</head>
<body>
<!--
Copyright 2017 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p>Android supports multiple users on a single Android device by separating user
accounts and application data. For instance, parents may allow their children to
use the family tablet, or a critical response team might share a mobile device
for on-call duty.</p>
<h2 id=definitions>Terminology</h2>
<p>Android uses the following terms when describing Android users and accounts.</p>
<h3 id=general_defs>General</h3>
<p>Android device administration uses the following general terms.</p>
<ul>
<li><em>User</em>. Each user is intended to be used by a different physical
person. Each user has distinct application data and some unique settings, as
well as a user interface to explicitly switch between users. A user can run in
the background when another user is active; the system manages shutting down
users to conserve resources when appropriate. Secondary users can be created
either directly via the primary user interface or from a
<a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device
Administration</a> application.</li>
<li><em>Account</em>. Accounts are contained within a user but are not defined
by a user, nor is a user defined by or linked to any given account. Users and
profiles contain their own unique accounts but are not required to have
accounts to be functional. The list of accounts differs by user. For details,
refer to the
<a href="https://developer.android.com/reference/android/accounts/Account.html">Account
class</a> definition.</li>
<li><em>Profile</em>. A profile has separated app data but shares some
system-wide settings (for example, Wi-Fi and Bluetooth). A profile is a subset
of and tied to the existence of a user. A user can have multiple profiles.
They are created through a
<a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device
Administration</a> application. A profile always has an immutable association
to a parent user, defined by the user that created the profile. Profiles do not live beyond the lifetime of the creating user.</li>
<li><em>App</em>. An application’s data exists within each associated user.
App data is sandboxed from other applications within the same user. Apps
within the same user can interact with each other via IPC. For details, refer
to <a href="https://developer.android.com/training/enterprise/index.html">Building
Apps for Work</a>.</li>
</ul>
<h3 id=user_types>User types</h3>
<p>Android device administration uses the following user types.</p>
<ul>
<li><em>Primary</em>. First user added to a device. The primary user
cannot be removed except by factory reset and is always running even when
other users are in the foreground. This user also has special privileges and
settings only it can set.</li>
<li><em>Secondary</em>. Any user added to the device other than the primary
user. Secondary users can be removed (either by themselves or by the primary
user) and cannot impact other users on a device. These users can run in the
background and continue to have network connectivity.</li>
<li><em>Guest</em>. Temporary secondary user. Guest users have an explicit
option to quick delete the guest user when its usefulness is over. There can
be only one guest user at a time.</li>
</ul>
<h3 id=profile_types>Profile types</h3>
<p>Android device administration uses the following profile types.</p>
<ul>
<li><em>Managed</em>. Created by an application to contain work data
and apps. They are managed exclusively by the profile owner (the app that
created the corp profile). Launcher, notifications, and recent tasks are
shared by the primary user and the corp profile.</li>
<li><em>Restricted</em>. Uses accounts based off the primary user, who can
control what apps are available on the restricted profile. Available only on
tablets.</li>
</ul>
<h2 id=applying_the_overlay>Enabling multi-user</h2>
<p>As of Android 5.0, the multi-user feature is disabled by default. To
enable it, device manufacturers must define a resource overlay that replaces
the following values in <code>frameworks/base/core/res/res/values/config.xml</code>:
</p>
<pre><!-- Maximum number of supported users -->
<integer name="config_multiuserMaximumUsers">1</integer>
<!-- Whether Multiuser UI should be shown -->
<bool name="config_enableMultiUserUI">false</bool>
</pre>
<p>To apply this overlay and enable guest and secondary users on the device, use
the <code>DEVICE_PACKAGE_OVERLAYS</code> feature of the Android build system to:</p>
<ul>
<li>Replace the value for <code>config_multiuserMaximumUsers</code> with one
greater than 1</li>
<li>Replace the value of <code>config_enableMultiUserUI</code> with:
<code>true</code></li>
</ul>
<p>Device manufacturers may decide upon the maximum number of users. If device
manufacturers or others have modified settings, they must ensure SMS and
telephony work as defined in the
<a href="/compatibility/android-cdd.pdf">Android Compatibility
Definition Document</a> (CDD).</p>
<h2 id=managing_users>Managing multiple users</h2>
<p>Management of users and profiles (with the exception of restricted profiles)
is performed by applications that programmatically invoke API in the
<code>DevicePolicyManager</code> class to restrict use.</p>
<p>Schools and enterprises may employ users and profiles to manage the lifetime
and scope of apps and data on devices, using the types outlined above in
conjunction with the
<a href="http://developer.android.com/reference/android/os/UserManager.html">UserManager
API</a> to build unique solutions tailored to their use cases.</p>
<h2 id=effects>Multi-user system behavior</h2>
<p>When users are added to a device, some functionality is curtailed when
another user is in the foreground. Since app data is separated by user, the
state of those apps differs by user. For example, email destined for an account
of a user not currently in focus won’t be available until that user and account
are active on the device.</p>
<p>By default, only the primary user has full access to phone calls and texts.
The secondary user may receive inbound calls but cannot send or receive texts.
The primary user must enable these functions for others.</p>
<p class="note"><strong>Note</strong>: To enable or disable the phone and SMS
functions for a secondary user, go to <em>Settings > Users</em>, select the
user, and switch the <em>Allow phone calls and SMS</em> setting to off.</p>
<p>Some restrictions exist when a secondary user is in background. For instance,
the background secondary user cannot display the user interface or make
Bluetooth services active. In addition, the system process will halt background
secondary users if the device needs additional memory for operations in the
foreground user.</p>
<p>When employing multiple users on an Android device, keep the following
behavior in mind:</p>
<ul>
<li>Notifications appear for all accounts of a single user at once.</li>
<li>Notifications for other users do not appear until active.</li>
<li>Each user gets a workspace to install and place apps.</li>
<li>No user has access to the app data of another user.</li>
<li>Any user can affect the installed apps for all users.</li>
<li>The primary user can remove apps or even the entire workspace established
by secondary users.</li>
</ul>
<p>Android 7.0 includes several enhancements, including:</p>
<ul>
<li><em>Toggle work profile</em>. Users can disable their managed profile
(such as when not at work). This functionality is achieved by stopping the
user; UserManagerService calls <code>ActivityManagerNative#stopUser()</code>.
</li>
<li><em>Always-on VPN</em>. VPN applications can now be set to always-on by
the user, Device DPC, or Managed Profile DPC (applies only to Managed Profile
applications). When enabled, applications cannot access the public network
(access to network resources is stopped until the VPN has connected and
connections can be routed over it). Devices that report
<code>device_admin</code> must implement always-on VPN.</li>
</ul>
<p>For more details on Android 7.0 device administration features, refer to
<a href="https://developer.android.com/about/versions/nougat/android-7.0.html#android_for_work">Android
for Work</a>.</p>
</body>
</html>
|
