Feature: Secure Notifications

Overview

The Secure Notifications feature is a Custom notification tray to be used as a replacement for the default Android System notification tray. This feature wiil allow device administrators to lock-down the notifications display and give them the ability to control which notifications are presented to the user.

About

Secure Notifications supports:

  • Whitelist of applications from which to show notifications
  • Blacklist of applications to not display notifications
  • Display notifications ordered by notification priority and latest time
  • A heads-up popup for high priority notifications
  • Dismissable and ongoing notifications
  • Pending intents, e.g. tapping on notifications to perform their action (such as launching into apps)

Technical Notes

Disabling Status Bar

The Android system status bar needs to be disabled on the device in order for a user to not be able to access the default Android system notifications. This can be done through an Enterprise Mobility Management (EMM) service.

VMware AirWatch:
This setup only applies to Work Managed Device Managed Mode and does not work with Work Profile Managed Mode

Step 1: Navigate to your AirWatch Dashboard's Profiles & Resources tab.

Step 2: Under Profiles, create or select a profile you want to disable the system status bar on.

AirWatch Profile

Step 3: Under Restrictions uncheck Allow Status Bar.

AirWatch Restrictions

Step 4: Save and Publish. Devices on that profile will now not be able to pull down the system status bar.

Configuration

{
    ...
    "secureNotifications" : {
        "enabled": true,
        "headsUpTime": 2000,
        "whitelist": ["com.example.phone", "com.example.music"]
        "blacklist": ["com.example.browser"]
    }
}
Key Description
enabled boolean true/false to enable/disable the secure notifications feature. If the key is missing, the secure notifications feature will be set to disabled.
headsUpTime integer Time in milliseconds to show a high priority heads-up popup the screen. The heads-up popup feature is disabled if this is key is missing or is set to 0.
blacklist array An array of packages to blacklist. Notifications from packages in this list will be suppressed. If the list is empty or the key is missing then no notifications are blacklisted.
whitelist array An array of packages to whitelist. If used, only packages that appear in this list will be allowed to display notifications. If the list is empty then no notifications will be shown. If this field is ommitted then all notifications will be presented unless they are specified in the blacklist.
Notes
  • If the "secureNotifications" configuration is not present, then the secure notifications feature is disabled.
  • If a package is both in the whitelist and blacklist configuration, the blacklist has higher priority, so the notification's from the package will not be shown.
  • The configuration "secureNotifications" section is under the root JSON.

Permissions

For secure notifications, Launcher will request these required Android Permissions:

  • Screen Overlay Permission. This permission grants access to Launcher to draw the notification tray on top of other applications. This permission is granted by using the "android.settings.action.MANAGE_OVERLAY_PERMISSION" settings menu.
  • Notification Listener Permission. This permission grants access to Launcher to allow notifications details to display in the secure notifications tray. This permission is granted by using the "android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS" settings menu.
Granting Required Permissions Flow

Step 1. When the Launcher is first launched after "secureNotifications" is enabled in the config, a dialog will appear to request the Screen Overlay Permission (if not already granted) as shown below.

Screen Overlay Dialog

Step 2. After OK is clicked, the settings screen for Display Over Other Apps will be shown. The toggle next to Allow display over other apps should be clicked.

Screen Overlay Screen

Screen Overlay Toggled

Step 3. After the toggle has been enabled for the Screen Overlay Permission, press the back button on the button of the screen. Once back to the Launcher, the another dialog will appear to request the Notification Listener Permission.

NOTE: If the Screen Overlay Permission wasn't granted, then Steps 1 & 2 will repeat until the Screen Overlay Permission is granted or "secureNotifications" is disabled in the config.

Notification Access Dialog

Step 4. After OK is clicked, the settings screen for Notification Access will be shown. The toggle next to EMS Launcher should be clicked.

Notification Access Dialog

Step 5. Another dialog will appear asking to allow notification accesses for EMS Launcher. Press allow.

Notification Access Dialog Notification Access Dialog

Step 6. After the toggle has been enabled for EMS Launcher, press the back button on the button of the screen.

NOTE: If the Notification Listener Permission wasn't granted then Steps 4 & 7 will repeat until the Notification Listener Permission is granted or "secureNotifications" is disabled in the config.

The Launcher has now been granted all the required permissions for the Secure Notifications features.

Feature Introduced

Feature Introduced in Launcher 3.1.x.