When we mention digital signage with Android, we usually mean a so-called digital signage player. In this post, you'll learn a way to build an automatable, well-secured media player out of almost any Android version 7 or higher. Furthermore, technically interested people will also discover a lot of background information.
Android Technical Basics
Android is a user interface for mobile systems, based on a Linux kernel. From a purely technical perspective, such a system is not really suitable for use in digital signage devices. But there are ways to compensate for this to some extent.
What are the Disadvantages of Digital Signage with Android?
Android was designed for the requirements of mobile devices. It is optimized for minimal power consumption, and maximum responsiveness in user interaction. Furthermore, there are no native tools for remote maintenance and administration. This makes it suboptimal for use in an automated 24/7 running digital signage system.
Administration is a Problem
In desktop operating systems such as Linux, macOS, and Windows, there are administrator accounts. These have rights that system administrators of a company use for software installation, diagnostics, and repair. In Unix systems, this account is called “root”.
Android does not know such a thing natively. However, since Android is based on a Unix-like system such as Linux, this SuperUser can be upgraded manually. The process is called “rooting” and as soon as you do that with your smartphone or tablet, the warranty expires. Apart from the dubiousness of this concept to take away the buyer's control over his expensively obtained hardware, it also has some valid reasons.
While common systems always protect the administrator with a password, this does not happen with Android. In simplified terms, a software called “su” (SuperUser) will be installed, and it will have access to virtually everything. Other software can simply use the rights of this software.
This represents a deep intrusion into operational integrity, reduces system security, and handicaps support. That's why mobile device manufacturers don't like this. They try to complicate the root process and sanction success by withdrawing support, i.e., invalidating the warranty.
Digital Signage Devices require Administration
To administer Digital Signage, we need this root user. Root allows among other things the following:
Access to USB functions.
Silent updates, i.e., software installation without any requests
Watchdog Timer services for detection of crashes
Access to brightness, stand-by, global volume, etc.
No one wants to run software installations with a mandatory user confirmation on hundreds of distributed screens.
For these reasons, a market for rooted digital signage media players has developed mainly in Asia. Manufacturers provide their devices already rooted. But that creates new problems.
Disadvantages of Rooting
A classic rooted Android without password protection is problematic from a security perspective. Universally, any program, including malware, is granted permission to manipulate other files or (de)install software.
To prevent this, the device requires more security measures. However, this increase complexity. More complexity, in turn, means more opportunities for bugs, security holes and malware. We get into a kind of vicious circle.
Alternative Device Owner
Google has addressed this issue and created a mode called Device Owner starting with Android 7. The mode is not directly intended for digital signage. The main target group are companies or public authorities that provide their employees with Android devices and want to keep control over the installed software.
Thus, the administrator installs software updates as well as new data, configures the device and gets access to the USB interface. The processes work independently of the confirmations of the “owner” and without rooting the device. So, exactly the functionalities we need for the administration of a digital signage device.
In doing so, you define with onboard resources very precisely which applications are allowed to start. This concept gives us generally more security compared to a rooted device.
The Highlander Principle: There can be only one
Only one software on the device can function as the device owner. A device owner application, once set, can be updated, but not uninstalled again. This increases security even further because malware that is accidentally installed on the device has only limited powers and cannot obtain anymore.
The Android launcher used by SmilControl is based on the device owner concept. This gives you the ability to run and remotely maintain secured media players without the disadvantages of having to root your device.
Of course, there are also advantages that advocate digital signage on Android, and I don't disagree with them, despite all the disadvantages I've listed. At the end of the day, for software developers, it's all about developing solutions that are accepted by the market and not getting excited about technical ivory towers.
What are the Advantages of Digital Signage with Android?
Android has a very high distribution, and accordingly you can found many specialized service providers. Apart from the drivers, it is free software, it is cheap, and it can be marketed better than Linux. Most media players on the market therefore are based on Android.
Two applications to divide and conquer
At the time, when I decided to develop software for digital signage media players, I chose to take a dual approach to support multiple operating systems as effectively as possible.
The platform-independent garlic-player covers typical player functionality such as SMIL playlist processing, playback logic, network access, caching, reports, etc.
The platform-dependent functions mentioned above, such as installation, update, reboot, USB, etc., are encapsulated under Android by the garlic-launcher.
This allows to create a tiny program for each supported operating system with minimal time effort, which offers platform-dependent functions via API. Theoretically, any player can use this via a standardized interface.
Now, after the hopefully not too heavy discussions of the technical basics, let's get to the instructions.
It is important not to test this procedure on a productive device like your smartphone or tablet. The launcher can only be removed by a factory reset. Furthermore, you cannot have a Google Play account on your device. It is best to perform a factory reset first, just to be on the safe side.
The Android Launcher
The garlic-launcher must be registered as the device owner. There are two ways to do this. Installation with a possibly manual configuration or via provisioning.
Download, Install and Configure
Download the Android launcher here and install it either via adb (Android Debug Bridge) or directly on the device.
If your device is already rooted, the launcher will set itself as the device owner and give itself write permissions.
If that fails or the device is not rooted, set the launcher as device owner manually via adb shell command. The command to do this is:
Not rooted devices are prompted for write permissions. It is important to confirm this.
Provisioning via QR code
You can also conveniently build your device, if it supports this type of provisioning, with a QR code. At the SmilControl-CMS, you will find an input mask under the menu item: Player Android provisioning, which allows you to create a QR code.
I created an English-language video on this years ago, which you can find at YouTube.
In the video, I demonstrate the process with a Samsung tablet. This can be switched to provisioning mode at the welcome screen by tapping the screen seven times. With the camera, you scan the QR code generated by the CMS and the rest happens on its own, so to speak, after recognition.
The Media Player
Ideally, if the launcher does not find a garlic-player on the media device, it will automatically install its latest stable version. Since development is continuous, and I release stable versions only every few months, you may be missing certain features.
At the player downloads, you will also find the latest development versions, the so-called CI builds.
Unlike the stable versions, the developer versions have not passed the elaborate manual test suite for SMIL compatibility and have not undergone a longer field test.
Usually, most errors occur during root detection. Unfortunately, there is no secure standard procedure for this. We remember: Root is actually undesirable. There is a so-called “best practice”, but it is regrettably unreliable.
Some manufacturers make this even more difficult unintentionally by “un-rooting” the device afterwards, but forgetting a build flag called test-keys in the kernel, which fools the launcher. Contact the manufacturer to adjust the flag in the kernel.
If the launcher incorrectly detects a not rooted device as rooted, it displays a black screen with an error message that the device owner cannot be set. Even if you set the device owner manually, the software remains under the assumption that the device is rooted and installation operations fail.
If, for some reason, the garlic-player does not have the permission to write, it displays a white screen. In this case, check in the Android settings if the write permissions are correct. Set them manually if necessary.
The article is constantly updated and expanded according to new findings. If you have any suggestions for improvement, please feel free to contact me.