1 <html devsite> 2 <head> 3 <title>Supporting Multiple Users</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p>Android supports multiple users on a single Android device by separating user 27 accounts and application data. For instance, parents may allow their children to 28 use the family tablet, or a critical response team might share a mobile device 29 for on-call duty.</p> 30 31 <h2 id=definitions>Terminology</h2> 32 <p>Android uses the following terms when describing Android users and accounts.</p> 33 34 <h3 id=general_defs>General</h3> 35 <p>Android device administration uses the following general terms.</p> 36 37 <ul> 38 <li><em>User</em>. Each user is intended to be used by a different physical 39 person. Each user has distinct application data and some unique settings, as 40 well as a user interface to explicitly switch between users. A user can run in 41 the background when another user is active; the system manages shutting down 42 users to conserve resources when appropriate. Secondary users can be created 43 either directly via the primary user interface or from a 44 <a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device 45 Administration</a> application.</li> 46 <li><em>Account</em>. Accounts are contained within a user but are not defined 47 by a user, nor is a user defined by or linked to any given account. Users and 48 profiles contain their own unique accounts but are not required to have 49 accounts to be functional. The list of accounts differs by user. For details, 50 refer to the 51 <a href="https://developer.android.com/reference/android/accounts/Account.html">Account 52 class</a> definition.</li> 53 <li><em>Profile</em>. A profile has separated app data but shares some 54 system-wide settings (for example, Wi-Fi and Bluetooth). A profile is a subset 55 of and tied to the existence of a user. A user can have multiple profiles. 56 They are created through a 57 <a href="https://developer.android.com/guide/topics/admin/device-admin.html">Device 58 Administration</a> application. A profile always has an immutable association 59 to a parent user, defined by the user that created the profile. Profiles do not live beyond the lifetime of the creating user.</li> 60 <li><em>App</em>. An applications data exists within each associated user. 61 App data is sandboxed from other applications within the same user. Apps 62 within the same user can interact with each other via IPC. For details, refer 63 to <a href="https://developer.android.com/training/enterprise/index.html">Building 64 Apps for Work</a>.</li> 65 </ul> 66 67 <h3 id=user_types>User types</h3> 68 <p>Android device administration uses the following user types.</p> 69 70 <ul> 71 <li><em>Primary</em>. First user added to a device. The primary user 72 cannot be removed except by factory reset and is always running even when 73 other users are in the foreground. This user also has special privileges and 74 settings only it can set.</li> 75 <li><em>Secondary</em>. Any user added to the device other than the primary 76 user. Secondary users can be removed (either by themselves or by the primary 77 user) and cannot impact other users on a device. These users can run in the 78 background and continue to have network connectivity.</li> 79 <li><em>Guest</em>. Temporary secondary user. Guest users have an explicit 80 option to quick delete the guest user when its usefulness is over. There can 81 be only one guest user at a time.</li> 82 </ul> 83 84 <h3 id=profile_types>Profile types</h3> 85 <p>Android device administration uses the following profile types.</p> 86 87 <ul> 88 <li><em>Managed</em>. Created by an application to contain work data 89 and apps. They are managed exclusively by the profile owner (the app that 90 created the corp profile). Launcher, notifications, and recent tasks are 91 shared by the primary user and the corp profile.</li> 92 <li><em>Restricted</em>. Uses accounts based off the primary user, who can 93 control what apps are available on the restricted profile. Available only on 94 tablets and television devices.</li> 95 </ul> 96 97 <h2 id=applying_the_overlay>Enabling multi-user</h2> 98 99 <p>As of Android 5.0, the multi-user feature is disabled by default. To 100 enable it, device manufacturers must define a resource overlay that replaces 101 the following values in <code>frameworks/base/core/res/res/values/config.xml</code>: 102 </p> 103 104 <pre class="devsite-click-to-copy"> 105 <!-- Maximum number of supported users --> 106 <integer name="config_multiuserMaximumUsers">1</integer> 107 <!-- Whether Multiuser UI should be shown --> 108 <bool name="config_enableMultiUserUI">false</bool> 109 </pre> 110 111 <p>To apply this overlay and enable guest and secondary users on the device, use 112 the <code>DEVICE_PACKAGE_OVERLAYS</code> feature of the Android build system to:</p> 113 114 <ul> 115 <li>Replace the value for <code>config_multiuserMaximumUsers</code> with one 116 greater than 1</li> 117 <li>Replace the value of <code>config_enableMultiUserUI</code> with: 118 <code>true</code></li> 119 </ul> 120 121 <p>Device manufacturers may decide upon the maximum number of users. If device 122 manufacturers or others have modified settings, they must ensure SMS and 123 telephony work as defined in the 124 <a href="/compatibility/android-cdd.pdf">Android Compatibility 125 Definition Document</a> (CDD).</p> 126 127 <h2 id=managing_users>Managing multiple users</h2> 128 129 <p>Management of users and profiles (with the exception of restricted profiles) 130 is performed by applications that programmatically invoke API in the 131 <code>DevicePolicyManager</code> class to restrict use.</p> 132 133 <p>Schools and enterprises may employ users and profiles to manage the lifetime 134 and scope of apps and data on devices, using the types outlined above in 135 conjunction with the 136 <a href="http://developer.android.com/reference/android/os/UserManager.html">UserManager 137 API</a> to build unique solutions tailored to their use cases.</p> 138 139 140 <h2 id=effects>Multi-user system behavior</h2> 141 142 <p>When users are added to a device, some functionality is curtailed when 143 another user is in the foreground. Since app data is separated by user, the 144 state of those apps differs by user. For example, email destined for an account 145 of a user not currently in focus wont be available until that user and account 146 are active on the device.</p> 147 148 <p>By default, only the primary user has full access to phone calls and texts. 149 The secondary user may receive inbound calls but cannot send or receive texts. 150 The primary user must enable these functions for others.</p> 151 152 <p class="note"><strong>Note</strong>: To enable or disable the phone and SMS 153 functions for a secondary user, go to <em>Settings > Users</em>, select the 154 user, and switch the <em>Allow phone calls and SMS</em> setting to off.</p> 155 156 <p>Some restrictions exist when a secondary user is in background. For instance, 157 the background secondary user cannot display the user interface or make 158 Bluetooth services active. In addition, the system process will halt background 159 secondary users if the device needs additional memory for operations in the 160 foreground user.</p> 161 162 <p>When employing multiple users on an Android device, keep the following 163 behavior in mind:</p> 164 165 <ul> 166 <li>Notifications appear for all accounts of a single user at once.</li> 167 <li>Notifications for other users do not appear until active.</li> 168 <li>Each user gets a workspace to install and place apps.</li> 169 <li>No user has access to the app data of another user.</li> 170 <li>Any user can affect the installed apps for all users.</li> 171 <li>The primary user can remove apps or even the entire workspace established 172 by secondary users.</li> 173 </ul> 174 175 <p>Android 7.0 includes several enhancements, including:</p> 176 177 <ul> 178 <li><em>Toggle work profile</em>. Users can disable their managed profile 179 (such as when not at work). This functionality is achieved by stopping the 180 user; UserManagerService calls <code>ActivityManagerNative#stopUser()</code>. 181 </li> 182 <li><em>Always-on VPN</em>. VPN applications can now be set to always-on by 183 the user, Device DPC, or Managed Profile DPC (applies only to Managed Profile 184 applications). When enabled, applications cannot access the public network 185 (access to network resources is stopped until the VPN has connected and 186 connections can be routed over it). Devices that report 187 <code>device_admin</code> must implement always-on VPN.</li> 188 </ul> 189 190 <p>For more details on Android 7.0 device administration features, refer to 191 <a href="https://developer.android.com/about/versions/nougat/android-7.0.html#android_for_work">Android 192 for Work</a>.</p> 193 194 </body> 195 </html> 196
