I am working on an Android app that deals with sensitive user information. One of the requirements is that the user is required to log back into the application whenever they leave it and come back. This is easily dealt with for the case when the user presses the Home button and then relaunches the app (android:clearTaskOnLaunch
attribute on the Activity
in AndroidManifest.xml
). However, we need to do the same thing when the user long presses the Home button, switches to another application, then comes back.
I have researched this every way that I can think of and have not found a workable solution. Is this even possible with Android?
When answering, please keep in mind that this is a business requirement which I have no control over.
Well, I had the same problem yesterday. This is what I did and it works fine:
- Added
android:launchMode="singleTask"
to the main activity in the AndroidManifest.xml
- Called my boss and say: ey, this is going to take a long while... hold on!
- Went and drank beer all night.
Just to clarify, my main activity only has a button that says login and launches the login page.
What have you tried? You can always clear whatever session you are saving in the proper Activity lifecycle method.
If I understand you correctly that you want to require an authorisation every time someone backs into the app, whether afresh or coming back to it, then you can override the onRestart() activity lifecycle event on the activity (or activities). So in onRestart() you can redirect the user to the login screen (you may also wish to consider onResume() depending on your requirements)
The lifecycle chart on this page will make this clearer:
http://developer.android.com/reference/android/app/Activity.html
Would it be possible to make it a time based thing, rather than strictly left the app and returned?
You could have a separate service that keeps track of when the last time the user accessed the application was.
I.e, in each onPause the Activity tells the service that an Activity was paused. The service records the time of that.
In each onResume, the Activity informs the Service that it wishes to resume. If some amount of time has passed since the last onPause, then the Service indicates that a login is required.
I think this would make a nicer user experience than just every time they leave the app. That could be very frustrating, to take 30 seconds to read a text, and then have to sign in again.
I suppose if you tweak it to have the timeout be very short, it has very similar behavior to what you requested anyways, but with the option of making it less draconion.
I think the easiest way to implement this, would be to add a field to your main activity like private boolean isLocked = true;
.
To lock the app when another one is shown, set isLocked = true
in the onPause()
method. To make sure, that your don't lock your app, when returning from your own activities, start them via startActivityForResult()
and unlock it in onActivityResult
.
You can now check in onResume()
wether your app is locked and redirect the user to your login screen.