Steps to reproduce:

1. Enable an App1 as device owner. Setup kiosk by making one of the activity as home launcher.

2. Start lock task on ActivityA.

3. Stop lock task on a different activity(Accidentally).
   Do step three multiple times.

   Trying to uninstll App1 will take us to Device Administration Settings page. Unticking App1 as device owner crashes the Settings app.

Now the App1 can never be unistalled.

Device used: Moto g2 (Android M)

document TestDPC_UserGuide.pdf said that API 21 CAN install from unknown sources in managed-profile on 9th page, but in fact, it CAN NOT.
becuase the option Settings.Secure.INSTALL_NON_MARKET_APPS can not turned on by profile owner until API 22.
code from DevicePolicyManagerService:
API 21

    static {
        SECURE_SETTINGS_WHITELIST = new HashSet();
        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD);
        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS);

        SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new HashSet();
        SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST);
        SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE);

        GLOBAL_SETTINGS_WHITELIST = new HashSet();

API 22

    static {
        SECURE_SETTINGS_WHITELIST = new HashSet();
        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD);
        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS);
        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.INSTALL_NON_MARKET_APPS);

        SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new HashSet();
        SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST);
        SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE);

        GLOBAL_SETTINGS_WHITELIST = new HashSet();

I don't know how to install apks which from unknown source in managed-profile on API 21, if you know that, please give me a solution, thank you.

It is well known that many third-party ROMs kill applications frequently, if there is not any way to survive from these massacres, DPC is meaningless.

With the latest source I am not able to test NFC bump, always failing with the "Not able to setup Rest" on factory rest mode.

I tried installing the APK to see what could be the issue. Here is the issue when I trigger through terminal .
Failure [INSTALL_FAILED_TEST_ONLY]

Seems issue with the alpha gradle will not allow with the other than test mode.

Here is the gradle

dependencies {
classpath 'com.android.tools.build:gradle:3.0.0-alpha1'

    // NOTE: Do not place your application dependencies here; they belong
    // in the individual module build.gradle files
}

I tried with the Signed APK still the problem exists.

Sooner response is appreciated.

Opening the app doesn't open any setup process - just goes straight to Policy management with "This app is not an admin" at the top. Not sure what's wrong?

There is a reboot option in the test dpc app. This option is always disabled.

Can a device be rebooted by a device owner app? (Andorid M)

Hi Developer,

i just facing a issues, here is the scenario:

if i create a profile owner(have both personal and work space), if i install a CA certificate to the work profile. How can i tell from logcat this certificate is really install to the work profile.

In this case, what keyword should i apply?

Thanks for your answer.

Hi all:

Right now i am trying to remove some TestDPC function that i don't want. For example, "Camera,screen,capture and audio" and "Certificate management".

The file i modified is:

1. profilepolicy/ProfilePolicyManagementFragment.java
2. res/xml/device_policy_header.xml

However, the problem is: when i delete the related code, and build the project, it shows no error, which means i am good to go. But when i load the apk into my device and try to open it. It cannot, it just crash without any prompt.

So any ideas on how to delete the functions?

Thanks.

CosuConfig.java looks great but it's rather difficult to reverse engineer an XML file for it to parse. Can you please provide one?

When you go to Policy Management > Manage App Restrictions > Load Manifest Restrictions, the list is not sorted. The problem is that as you edit entries, they are thrown to the bottom of the list. This makes it hard to work with the restrictions as some entries are in their original positions, while others are at the bottom of the list.

I have written a Kiosk mode application but I want to allow system Dialog (example Bluetooth Pairing Request)
I have enabled SystemApp (com.android.bluetooth), but the Bluetooth Pairing Pin Dialog is not shown.

Any pointers to debug this

Hi, just found a wierd bug today. Here is what happen:

i try to side load this testdpc to my android device using Android Studio. I am sure i have all the pre-req dependency installed. Then when i try to configure the testDPC to on my android devices.
If i click on SET UP and wait for the work profile to be create. But the problem is after i click on SET UP, it supposed to prompt to ask me do i wish to add a account or skip to the AFW. However, i never seen such prompt. It either show no further respond or pop up a "Unfortunatly, testDPC has stopped" warning. Such that the work profile cannot be created.

I also try to install the testDPC from Google Play Store, for that app, it work and the work profile is configure just as expected.

Any idea what i do wrong or is there any problem with the app?

Thanks for your guys help.

During application restrictions testing I have found several issues in latest 3.0.11 version:

1. andorid:restrictionType="choice" is not supported. Choice restriction is displayed just as string restriction. Data provided by application using android:entries and android:entryValues are ignored.

2. If application defines complex restrictions using andorid:restrictionType="bundle_array" with several different settings inside each bundle, then string restrictions are not handled properly. String restrictions inside bundle are displayed as boolean and default values are ignored.

3. Restrictions are displayed in some random order. Not is order defined by application.

I have found an issue which is occurred when I try to enter the "Lock screen restrictions" menu in TestDPC 4.0
The issue is only happened at below conditions.
Device : Android 7.0
TestDPC : 4.0

03-29 11:26:52.922 5751 5751 E AndroidRuntime: Process: com.afwsamples.testdpc, PID: 5751
03-29 11:26:52.922 5751 5751 E AndroidRuntime: java.lang.NoSuchMethodError: No virtual method getRequiredStrongAuthTimeout(Landroid/content/ComponentName;)J in class Landroid/app/admin/DevicePolicyManager; or its super classes (declaration of 'android.app.admin.DevicePolicyManager' appears in /system/framework/framework.jar)
03-29 11:26:52.922 5751 5751 E AndroidRuntime: at com.afwsamples.testdpc.policy.keyguard.LockScreenPolicyFragment.setupAll(Unknown Source)
03-29 11:26:52.922 5751 5751 E AndroidRuntime: at com.afwsamples.testdpc.policy.keyguard.LockScreenPolicyFragment.onCreatePreferences(Unknown Source)
03-29 11:26:52.922 5751 5751 E AndroidRuntime: at android.support.v14.preference.PreferenceFragment.onCreate(Unknown Source)

As for above logs, it points out getRequiredStrongAuthTimeout()
Among many changes between 7.0 and 7.1, getRequiredStrongAuthTimeout() is one of them.
As the function is added from 7.1, all of the devices with version 7.0 maybe have the same issue.
Please check the issue.

Thank you.

When running the version on Google play, v4.0.2 the app crash when trying to set up add work profile

E/AndroidRuntime(13470): Process: com.afwsamples.testdpc, PID: 13470
E/AndroidRuntime(13470): java.lang.NoSuchMethodError: No virtual method getSystemService(Ljava/lang/Class;)Ljava/lang/Object; in class Landroid/content/Context; or its super classes (declaration of 'android.content.Context' appears in /system/framework/framework.jar)

getSystemService is added in API level 23

I tested testdpc 3.0.11 without such problem.

I downloaded and built the Test DPC with no changes (using the N SDK on Android Studio). After it starts creating the profile, I see it switch back to the home page and it puts up an error stating that Test DPC has stopped. In the logcat output, I see a fatal exception being thrown - it can't find the android.support.v4.content.FileProvider class.

Installing and running Test DPC from the Play Store on the same device seems to work just fine. Is there a specific version of Android Studio and the SDK required besides Android N alpha2?

Gradle sync failed: java.lang.AssertionError: ':setup-wizard-lib-platform-release:@aar' is not a valid maven coordinate.

It builds correctly on AS alpha 4, but fails on alpha 5. Seems like the local AAR dependency syntax causes trouble here.

After setting apps into kiosk mode, it is impossible to turn off the device.
Is it bug or feature? Thanks for any advice.

The device:
LG K8 with Android 6.0

I am getting this exception:

AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: android.ui
java.lang.SecurityException: Invalid uid, expected 0 callingUid=1000 effectiveUid=10093
at com.android.server.am.ActivityManagerService.stopLockTaskMode(ActivityManagerService.java:9599)
at com.android.server.power.ShutdownThreadAO.ajc$before$com_android_server_power_ShutdownThreadAO$4$eb262cff(ShutdownThreadAO.java:396)
at com.android.server.power.ShutdownThread.beginShutdownSequence(ShutdownThread.java:373)
at com.android.server.power.ShutdownThread.ajc$privMethod$com_android_server_power_ShutdownThreadAO$com_android_server_power_ShutdownThread$beginShutdownSequence(ShutdownThread.java:1)
at com.android.server.power.ShutdownThreadAO.ajc$around$com_android_server_power_ShutdownThreadAO$2$503f8934(ShutdownThreadAO.java:360)
at com.android.server.power.ShutdownThread.shutdownInner(ShutdownThread.java:146)
at com.android.server.power.ShutdownThread.reboot(ShutdownThread.java:239)
at com.android.server.policy.LGGlobalActions$9.onClick(LGGlobalActions.java:392)
at android.view.View.performClick(View.java:5210)
at android.view.View$PerformClick.run(View.java:21328)
at android.os.Handler.handleCallback(Handler.java:739)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:148)
at android.os.HandlerThread.run(HandlerThread.java:61)
at com.android.server.ServiceThread.run(ServiceThread.java:46)

because android-O sdk can only works on Android Studio 3.0, I use Android Studio 3.0 to build the project.
but I cannot install the app on pre-O devices even I choose target25 productFlavor, Android Studio tell me that minSdkVersion is 25 preview-O.

Hi,

Do you have any plans to add full support for every possible setting in DPM API's setGlobalSetting and setSecureSetting?

Currently, I can only find implementation for:
-STAY_ON_WHILE_PLUGGED_IN
-WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN
-INSTALL_NON_MARKET_APPS

Thanks,
Luis.

Hello everybody,

I'm using your QR-code example and trying to generate exact APK checksum (gJD2YwtOiWJHkSMkkIfLRlj-quNqG1fb6v100QmzM9w=) of the APK provided in example QR code http://down-box.appspot.com/qr/nQB0tw7b. I want to make sure I'm doing it the right way for my app.

Anyways, I was not sure if given checksum was generated with SHA1 or SHA-256 so I tried both.

When I tried cat TestDPC_4005.apk | openssl dgst -binary -sha1 | openssl base64 for SHA1
result was

qimlbnIVNEA2qtWpIr9O2m9O0XE=

When I tried cat TestDPC_4005.apk | openssl dgst -binary -sha256 | openssl base64 for SHA256
result was

z0KB1LIGCu3T+o7cDGP6Hpo6hNP+OhXjAfl1uWOJFU8=

I even tried some of the online tools for generating these checksums (https://hash.online-convert.com/sha1-generator) and results were the same. I could not get the exact one that was given in example. Is there any step that I'm missing here that was not described in the documentation?

Could you please give example of tool/command you use to generate it or at least some hints of what could go wrong in my case.

Thanks in advance.

Hello,

I am aware that using the following command I am able to set the application as a DO.
-> adb shell dpm set-device-owner "com.afwsamples.testdpc/.DeviceAdminReceiver"

There is anyway to revert it, i.e. remove the DO from the device with an ADB command?
After setting the DO I can't remove the active admin from the app.
For now I'm doing a factory reset everytime I need to remove the DO, and it takes a long time.

Thanks!

I am developing a PrintService which is just a background service with no activities.

I would like to add restrictions to this printservice eg. print only in mono, always print in duplex. etc.
The issue is when testing restrictions with TestDpc app, my print service is not shown in the list.

If I add a dummy activity with action main then it works fine and shows restrictions also.

Is this as per design? Can background only apps have restrictions? or is this just a issue of TestDPC app?

bugreport-NPF10C-2016-11-04-21-01-33.zip

Dear developer.

I found a bug like below error logs, please check it.
11-04 21:00:55.953 7743 7743 E AndroidRuntime: Process: com.afwsamples.testdpc, PID: 7743
11-04 21:00:55.953 7743 7743 E AndroidRuntime: java.lang.NullPointerException: Attempt to invoke virtual method 'void android.widget.ImageView.setImageDrawable(android.graphics.drawable.Drawable)' on a null object reference
11-04 21:00:55.953 7743 7743 E AndroidRuntime: at com.afwsamples.testdpc.common.AppInfoArrayAdapter.getView(AppInfoArrayAdapter.java:67)

[Reproduce]

1. Install any application from Google play store(ex, timesheet)
2. Enable app widget what I installed
3. Uninstall the app
4. Try to insert the "Remove app widgets in a work profile app" menu
5. Fatal exception.

I attached bugreport inlcude the fatal exception log.

Thank you.

Hello,

How can I test device owner provisioning on a device without NFC?

According to https://source.android.com/devices/tech/admin/provision.html it should be supported:

Device Owner Provisioning with Activation Code
Select Add Work Account from the setup wizard. This triggers a lookup of the EMM from Android servers.

The device installs the EMM app and starts provisioning flow. As an extra option, Android device administration supports the option of using email address with a six-digit activation code to bootstrap the process as part of setup wizard.

I have changed dependency from Studio 3.0.0 to 2.3.3 but now I am getting the error "Gradle DSL Method not found : 'api()' ".

Hi

I am using Test Dpc to test my code for getting app restrictions. I think I have set it up properly.
The Test Dpc app can read my default app restrictions, however when I try to set new ones, I cannot read them within the app. The app restrictions bundle is always empty.

Do I need to do anything else to get this working. I noticed that the has no restrictions provider? Do I have to register a restrictions provider is my app. If so do you know how this is done?

Any help will be appreciated.

on Android L, profile owner and device owner must be same component.
but why this strategy changed on Android M?

"Kiosk Mode" is very nice feature especially how it can be implemented in Android 6, but there is one thing that is nor very nice. Entering lock task mode makes status bar icons invisible (including battery status and wireless status).

"Kiosk Mode" is normally used on company owned devices, often industrial Android base devices from different vendors (Honeywell, Zebra, ...), where user is allowed to use single application or only restricted set of applications. User often work off their desks (e.g. warehouse...). Since user productivity depends of health of device, it is essential to have those icons back since users has to know when there is a problem with wireless, and especially what is the status of battery so they can schedule battery recharge or replace. Those devices are not like user consumer mobile devices where you can plug in charger and use it even when device is on the charger (making calls etc.).

1. What is the reason behind decision to hide all status bar icons in "lock task" mode?
2. Is there a way to set status bar icons visible in "lock task" mode?

We've had a new name for a little while now, can't hurt to update it here! 👍

edit: master...jasonbayton:patch-1

I have installed test dpc app, It created profile successfully on my nexus 5 . When I am going inside user restrictions and enabling disallow debugging features, still I am able to debug an app which is inside the profile.
Means, I am not able to stop debugging using this user restriction. If It's not the write way to test, please suggest the way.

As of July 2017, this project doesn't build with Android Studio 2.3.3.

Gradle 'android-testdpc' project refresh failed
Error:This Gradle plugin requires Studio 3.0 minimum

If we need to change the update channel for AS, this should be mentioned in the README.md.

1. Does this sample show how a third party can install APKs and uninstall apps, maybe using the PackageInstaller ?
   If so, how does it work?
2. Can this work as a normal app, that can be published on the Play Store? If so, how do I, as a user, grant this sample the needed permission via the UI of the OS ? Granting via the "device admin apps" doesn't seem to do anything. It keeps saying "this app is not an admin", even though it is.
3. If it's not for normal use, what is it for? In which cases can people use this?

Hi:
just found a issue with testDPC Apps management.
Step to reproduce:

1. Install Blackberry Hub+ Services from Google Play Store
2. go into testDPC and click on "Enable system apps" under "Apps management" and select "Blackberry Hub+ Services".
3. click on "Manage app restrictions". (this is where the problem pop up).

at step 3, i could not locate Blackberry Hub+ Services. such that i could not proceed to "Load Manifest Restrictions".

Any idea on what is going on here?

Thanks for your guys assistant.

I am looking for Device Owner provision without NFC bump.

I see from documentation that there are only 2 ways to get into the Device Owner mode.

1. NFC bump
2. Google Cloud

NFC bump is pretty much straight forward, would like to know more about Google Cloud Provision process, where no where it mentioned clearly in the documentation. If some one could give us the steps to start with that would really help us to get into the our product.
@ming030890 If you have some inputs on it appreciate your help.

I want to test work profile function.

Android version: 5.1
Mobile phone: Huawei Mate 7

After setup managed profile, to run Test DPC(baged). It shows "This app is not an admin" . why ? thanks!

For the 'reset password' policy, testdpc shows below strings as options for the method.

<string name="require_password_entry">Require strongest available authentication type on next unlock</string>
<string name="require_password_on_boot">Require password to start user</string>

But, I think that these strings are not matched with the definition of DevicePolicyManager
https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#RESET_PASSWORD_REQUIRE_ENTRY
https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT

1. "require_password_entry" is not related to 'strongest available auth type'
2. "require_password_on_boot" option should be changed to "require_NO_password_on_boot"

Fail to add account after create profile, it will appear "Authenticatorexception: bind failure".

i am able to Test device owner provisioning on device with adb dpm set-device_owner command, but and i know that in actual practice after the testing is done, the device will be provisioned with a programmer device passing NFC message.
what if the device does not support NFC.

Hi, just found another issue with the this testdpc app. Here is what happen:
If i sideload the testdpc via Android Studio, the apk itself have no problem on installation for any OS.

But the problem comes in when i launch the app. If i clicked set up and then set up to configure the afw.
For Ubuntu, after i clicked the set up and wait for the prompt for Add Account event. It never prompt.
For Win10 or MacOS, it worked as it expect to do.

Here i attached a bugreport zip file.
bugreport.zip

Hope you could take a look at it. Thanks.

After setting app into kiosk mode, USB manager is not able to open file descriptor using openAccessory() method its returning null in simple mode everything is working fine and App is able to send and receive messages using AOA protocol.

During the setup I get this message

And the emulator encryption does not seem to be working. Is there a workaround?

According to O API description (as below), DO device can add managed profile now, so what's the purpose of this managed profile?
Is this designed for COPE (Corporate Owned Personal Enabled) mode?
But the profile data is always monitored by DO, right?

https://developer.android.com/reference/android/os/UserManager.html

DISALLOW_ADD_MANAGED_PROFILE
added in API level 26

String DISALLOW_ADD_MANAGED_PROFILE

Specifies if a user is disallowed from adding managed profiles.

The default value for an unmanaged user is false. For users with a device owner set, the default is true.

This restriction has no effect on managed profiles.

Key for user restrictions.

Type: Boolean

Looking at https://developers.google.com/android/work/prov-devices#Key_provisioning_differences_across_android_releases it seems that NFC provisioning is the only available way to provision a DPC app as device owner without using Google accounts.

Are any, some, or all external USB NFC-readers supported for the provisioning process? (All our devices have a USB host/on-the-go port.)

I'd tried posting this on the Google for Work community forum, but haven't had a response in 3 weeks; I probably put the post in the wrong forum. Original post is here: https://connect.googleforwork.com/thread/16160

As a profile owner, I would like to have the policy permissions passed to the DeviceAdminReceiver update silently in the profile as new policies are added. We've found that these permissions are not updated when the DPC in the managed profile is. Our specific use case shows calling setKeyguardDisabledFeatures causing an exception. To update the permissions I have to prompt for Device Admin via ACTION_ADD_DEVICE_ADMIN within the profile. Is there some other method I can use to update the policies associated with the DPC without user interaction? We haven't tried in Device Owner yet, but I suspect it'd have the same issue.

I was able to recreate this in the android-testdpc client from https://github.com/googlesamples/android-testdpc.
05-09 14:12:09.433 24303-24303/com.afwsamples.testdpc E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.afwsamples.testdpc, PID: 24303
java.lang.SecurityException: Admin
ComponentInfo{com.afwsamples.testdpc/com.afwsamples.testdpc.DeviceAdminReceiver} did
not specify uses-policy for: disable-keyguard-features
at android.os.Parcel.readException(Parcel.java:1599)
at android.os.Parcel.readException(Parcel.java:1552)
at android.app.admin.IDevicePolicyManager$Stub
$Proxy.setKeyguardDisabledFeatures(IDevicePolicyManager.java:3258)
at android.app.admin.DevicePolicyManager.
setKeyguardDisabledFeatures(DevicePolicyManager.java:2543)
at com.afwsamples.testdpc.policy.keyguard.
LockScreenPolicyFragment.updateKeyguardFeatures
(LockScreenPolicyFragment.java:203)
at com.afwsamples.testdpc.policy.keyguard.
LockScreenPolicyFragment.onPreferenceChange(LockScreenPolicyFragment.java:155)
at android.preference.Preference.callChangeListener(Preference.java:939)
at android.preference.TwoStatePreference.onClick(TwoStatePreference.java:65)
at android.preference.Preference.performClick(Preference.java:994)
at android.preference.PreferenceScreen.onItemClick(PreferenceScreen.java:214)
at android.widget.AdapterView.performItemClick(AdapterView.java:310)
at android.widget.AbsListView.performItemClick(AbsListView.java:1145)
at android.widget.AbsListView$PerformClick.run(AbsListView.java:3042)
at android.widget.AbsListView$3.run(AbsListView.java:3879)
at android.os.Handler.handleCallback(Handler.java:739)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5417)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)

Steps to Recreate:

1. Download and ensure that you're able to successfully build the android-testdpc project.
2. Edit res/xml/device_admin_receiver.xml and remove the element disable-keyguard-features
3. Compile, run and inflate the managed profile (I used a Nexus 6 running M)
4. Edit res/xml/device_admin_receiver.xml and add the element disable-keyguard-features
5. Compile and run the updated APK, ensure you open the DPC testdcp app
6. Navigate to the Lock screen restrictions preference, toggle Disable trust agents, observe an exception (and in the event of the testdpc, a crash)

(SMS-28130)
*edit, Markdown ate the xml element in the recreation steps.

Open app

What's the easiest way to install the "Test DPC" app on an Android 6.0 tablet, so that it thinks it's a "Device Owner".

I tried installing the app from from Google Play.

It just showed greyed-out options for the Lock Task Mode settings, where I need to add my app to test that it can use this functionality successfully.

I therefore think that I may need to "provision" the Test DPC app after a factory reset. (If it works, I write a DPC app for our company.)

Most of the methods are either not available for Android 6.0 or involve writing code to call Google's APIs.

This is for the purpose of testing the Lock Task Mode feature on one device. I do want to create Enterprise ID's etc. at this stage.

What is the simplest way of installing Test DPC so that it thinks that it is the "device owner"?

Is the silent install feature supposed to work in lollypop devices?

If yes, the silent install feature is not working in 5.0 devices. Please get back ASAP.

Thanks.

I have made a trivial app which calls startLockTask() and stopLockTask() in response to a couple of buttons.

I've added this app to Test DPC's "Lock task" list.

startLockTask() displays a "pinned" toast, and removes two soft buttons, leaving just "back".

Pressing "back" results in an "App is pinned: Unpinning isn't allowed on this device." toast.

This is all fine and expected.

If I "long-press" "back" the same toast is displayed, but the "home" and "recent" soft-buttons re-appear and I can escape the trivial app.

Is this "long-press" behaviour just an escape-mechanism for "Test DPC" or is this how startTaskLock() works in production (which would make it unsuitable for my use-case).