Hi, Android wipes the userdata if user enters wrong password on encrypted device for 30 times, which is defined in packages/apps/Settings/src/com/android/settings/CryptKeeper.java as follows:
*private* *static* *final* *int* MAX_FAILED_ATTEMPTS <http://opengrok.qualcomm.com/source/s?refs=MAX_FAILED_ATTEMPTS&project=kk> = 30; Following is the code where CryptKeeper checks the max failed attempts and clear the userdata: @Override protected void onPostExecute(Integer failedAttempts) { if (failedAttempts == 0) { // The password was entered successfully. Start the Blank activity // so this activity animates to black before the devices starts. Note // It has 1 second to complete the animation or it will be frozen // until the boot animation comes back up. Intent intent = new Intent(CryptKeeper.this, FadeToBlack.class); finish(); startActivity(intent); } else if (failedAttempts == MAX_FAILED_ATTEMPTS) { // Factory reset the device. sendBroadcast(new Intent("android.intent.action.MASTER_CLEAR")); } else if ((failedAttempts % COOL_DOWN_ATTEMPTS) == 0) { mCooldown = COOL_DOWN_INTERVAL; cooldown(); } else { final TextView status = (TextView) findViewById(R.id.status); status.setText(R.string.try_again); // Reenable the password entry mPasswordEntry.setEnabled(true); } } } Android provides a facility where device policy can be changed by MDM(Mobile Device Management) using following interface: http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#setMaximumFailedPasswordsForWipe(android.content.ComponentName, int) My questions are: Can MDM override the max failed attempts in case device is encrypted? if yes, how does it work? If this is not the right group, please let me know. Thanks, Dinesh -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
