Protect a device: sentry or wasted?

[alfredonodo]

Hi, I just found sentry and found out that it is written by the same developer as wasted. I have a device with lineage os 13 rooted with magisk and no google services, so I'm looking for a way to protect it in case of loss. On sentry safe boot, USB data signalling and controller are disabled and I can't access them.

adb kill-server
adb shell dpm set-device-owner me.lucky.sentry/.admin.DeviceAdminReceiver
* daemon not running; starting now at tcp:5037
* daemon started successfully

Exception occurred while executing 'set-device-owner':
java.lang.IllegalStateException: Not allowed to set the device owner because there are already several users on the device.
    at com.android.server.devicepolicy.DevicePolicyManagerService.enforceCanSetDeviceOwnerLocked(DevicePolicyManagerService.java:9588)
    at com.android.server.devicepolicy.DevicePolicyManagerService.setDeviceOwner(DevicePolicyManagerService.java:8421)
    at com.android.server.devicepolicy.DevicePolicyManagerServiceShellCommand.runSetDeviceOwner(DevicePolicyManagerServiceShellCommand.java:259)
    at com.android.server.devicepolicy.DevicePolicyManagerServiceShellCommand.onCommand(DevicePolicyManagerServiceShellCommand.java:89)
    at com.android.modules.utils.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:97)
    at android.os.ShellCommand.exec(ShellCommand.java:38)
    at com.android.server.devicepolicy.DevicePolicyManagerService.onShellCommand(DevicePolicyManagerService.java:9932)
    at android.os.Binder.shellCommand(Binder.java:1049)
    at android.os.Binder.onTransact(Binder.java:877)
    at android.app.admin.IDevicePolicyManager$Stub.onTransact(IDevicePolicyManager.java:6063)
    at android.os.Binder.execTransactInternal(Binder.java:1285)
    at android.os.Binder.execTransact(Binder.java:1244)

Thank you

Edit: I already tried with this and by removing all admin apps.

adb shell dpm remove-active-admin me.lucky.sentry/.admin.DeviceAdminReceiver

Exception occurred while executing 'remove-active-admin':
java.lang.SecurityException: Attempt to remove non-test admin ComponentInfo{me.lucky.sentry/me.lucky.sentry.admin.DeviceAdminReceiver} 0
    at com.android.server.devicepolicy.DevicePolicyManagerService.lambda$forceRemoveActiveAdmin$10$com-android-server-devicepolicy-DevicePolicyManagerService(DevicePolicyManagerService.java:3593)
    at com.android.server.devicepolicy.DevicePolicyManagerService$$ExternalSyntheticLambda132.runOrThrow(Unknown Source:6)
    at android.os.Binder.withCleanCallingIdentity(Binder.java:425)
    at com.android.server.devicepolicy.DevicePolicyManagerService$Injector.binderWithCleanCallingIdentity(DevicePolicyManagerService.java:1581)
    at com.android.server.devicepolicy.DevicePolicyManagerService.forceRemoveActiveAdmin(DevicePolicyManagerService.java:3589)
    at com.android.server.devicepolicy.DevicePolicyManagerServiceShellCommand.runRemoveActiveAdmin(DevicePolicyManagerServiceShellCommand.java:280)
    at com.android.server.devicepolicy.DevicePolicyManagerServiceShellCommand.onCommand(DevicePolicyManagerServiceShellCommand.java:93)
    at com.android.modules.utils.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:97)
    at android.os.ShellCommand.exec(ShellCommand.java:38)
    at com.android.server.devicepolicy.DevicePolicyManagerService.onShellCommand(DevicePolicyManagerService.java:9932)
    at android.os.Binder.shellCommand(Binder.java:1049)
    at android.os.Binder.onTransact(Binder.java:877)
    at android.app.admin.IDevicePolicyManager$Stub.onTransact(IDevicePolicyManager.java:6063)
    at android.os.Binder.execTransactInternal(Binder.java:1285)
    at android.os.Binder.execTransact(Binder.java:1244)

[SystemR]

I've played around with this and the only way to remove active admin that doesn't have the android:testOnly="true" in the manifest is to factory wipe the device.

You can try this deprecated API to see if it works on your device: https://developer.android.com/reference/android/app/admin/DevicePolicyManager#clearDeviceOwnerApp%28java.lang.String%29

Source: https://stackoverflow.com/questions/49128293/how-to-remove-set-device-owner-in-android-dpm

[alfredonodo]

Thank you for your reply. Lineage os 20 aka android 13 uses API level 33. I unpacked the apk with apktool and can confirm that there is no android:testOnly="true" in the manifest. I have tried to add it and rebuild, but I cannot install the package. Can the maintainer provide a package with this flag? Or are there any contraindications? Thank you

[Amelnaka]

dev should add a different app signed with the same keys and this android:testOnly="true" flag in the manifest, to make it removable

[fireneat]

Thank you for your reply. Lineage os 20 aka android 13 uses API level 33. I unpacked the apk with apktool and can confirm that there is no android:testOnly="true" in the manifest. I have tried to add it and rebuild, but I cannot install the package. Can the maintainer provide a package with this flag? Or are there any contraindications? Thank you

The application needs to be installed with adb using "adb install -t sentry.apk". Also make sure that you signed the apk file.

[aly-k]

Thank you for your reply. Lineage os 20 aka android 13 uses API level 33. I unpacked the apk with apktool and can confirm that there is no android:testOnly="true" in the manifest. I have tried to add it and rebuild, but I cannot install the package. Can the maintainer provide a package with this flag? Or are there any contraindications? Thank you

The application needs to be installed with adb using "adb install -t sentry.apk". Also make sure that you signed the apk file.

won't work because signing certificate will be different

[aly-k]

@x13a can you provide a signed apk with android:testOnly="true" in the manifest so that users can uninstall the app without a factory reset ? I incorrectly set sentry as profile owner and now i can't have a work profile. Edit: backups and find my device also don't work now

[x13a]

@aly-k ok, will add soon

[aly-k]

Thanks!

[x13a]

app-release.apk.zip @aly-k you can try this

[aly-k]

@x13a Thanks for providing the build. Unfortunately, The update fails with error code INSTALL_FAILED_UPDATE_INCOMPATIBLE. It seems that you can't update a production build to debug. Factory reset is the only way to remove profile or device owners.