In Cortado's administration portal, you will find a variety of policies that can help you control the use of apps. For fully managed devices in particular, there are a number of options available to you, which we would like to present to you in this article.
Aim
In this How-To, we will show you how to configure policies for Android devices to control the use of apps and thus increase device security.
Implementation
- In the Cortado administration portal, select Administration→ Policies.
- Add a new policy by clicking on the plus icon.
- Then select Android and as the setup method Fully managed device, Work profile or Work profile on company-owned device (example in illus.).
- Under Apps, you will find the options that are explained in more detail below. The image shows the default policy settings for fully managed devices.
Note! Only some of the policies described below are available on devices with a work profile or work profile on company-owned devices.
Allow use of Cortado app (separate article)
Allow changes in device settings or in the launcher
Allow apps to display over other apps (separate article)
Behavior on app permission queries
Deny list apps (separate article)
Allow list apps (separate article)
Allow installation of apps
You can use this policy to control the installation of apps. As the business Play Store only contains apps that you have assigned to users yourself under Administration→ Apps, it is not necessary to remove the tick from the checkbox. The policy would only affect non-mandatory apps there anyway. These can be installed in the business Play Store (left image) by the users themselves (right image). So if you make optional apps available to your users, the checkbox must not be unchecked. Otherwise the installation will fail.
It is therefore not necessary to prevent the installation of apps with the help of this policy. Use the app management instead.
Note! To prevent the installation of apps from unknown sources, use the corresponding policy under Device security.
Allow uninstallation of apps
If you want to prevent apps from being uninstalled by users, remove the tick from this checkbox and then assign the policy to the users/groups/devices. Uninstalling an app (left image) is then no longer possible (right image). Please note that it is not possible for users to permanently delete mandatory apps even without this policy, as they will always be pushed back to the devices if they have been uninstalled by users.
Allow the use of Chrome
The Google Chrome app is one of the standard apps (left image) that are automatically available on Android devices. If you would like to prohibit the use of Chrome, remove the tick from the Allow use of Chrome checkbox and then assign the policy to the users/groups/devices. The app will then be hidden on the devices (right image). In the Cortado app, under Policies, users can see that the Use of Google Chrome is disallowed (arrow in the middle image).
Allow changes in device settings or in the launcher
You can use a policy to prevent the memory contents or cache of an app from being deleted. To do this, remove the tick from the Allow modifications in device settings or launcher checkbox and then assign the policy to the users/groups/devices.
These options are then no longer available in the app info. You can find the app info for an app in the device settings under Apps (example in the image on the left) or in the launcher by tapping and holding (example in the image on the right).
Under App info→ Storage & cache (arrow in left illus.) it is no longer possible to clear storage content and clear cache (middle and right illus.).
Behavior on app permission queries
When using a new app for the first time, users are often asked questions about app permissions. For example, they are asked whether the app is allowed to send notifications or whether access to the camera is permitted (left image). App permissions can be found in the device settings under Apps→ App info (arrow in right illus.).
You can use the Behavior on app permission requests policy to define a default response for future requests. You can find out more about how to configure app permissions in our help article Set app permissions for Android apps.
The following options are available:
- Prompt: If you keep the default setting, users will receive the app permission requests and can agree/disagree to use them (top, left-hand image). The selection can be changed at any time in the app permissions (left and right image).
- Auto deny: Select this setting if app authorization requests should be automatically denied (left image). Users will then no longer see the requests. No authorizations are automatically allowed. However, users can subsequently grant app permissions in the settings under Apps→ App info→ App permissions (right illus.).
- Auto grant: Select this setting if you want app authorization requests to be allowed automatically (left image). Users will then no longer see the requests. The automatically approved app permissions can then no longer be changed by users.
Note! You can also control the app permissions of an app under Administration→ Apps. You can find out how to do this in our help article Set app permissions for Android apps.