Security
The Security settings provide device, app, data, and backup and restore settings for an Android device.
Device security settings
The following table describes the security settings that you can configure on an Android
device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Enforce device encryption | The device must be encrypted. Note:
|
Android 3.0+, SAFE 2.0+, Motorola, or Zebra |
| Enforce SD card encryption | The SD card on the device is encrypted. | SAFE 2.0+ |
| Disable KeyGuard features | The KeyGuard functions are disabled if the device screen is locked. When the screen is locked on the device, you can still disable the camera, all widgets, and all the features. Note:
For Android 5.1 devices, an issue with the Camera policy occurs when you
restart the device. An
Unfortunately System UI has stopped message is displayed on
the device screen when you upgrade the device to Android 5.1 with the Camera policy enabled. Do not
set this value until this issue is fixed by Google. |
Android 4.2+ |
| Allow Safe mode boot | The user can use the device in Safe mode. | SAFE 4.0+ |
| Allow settings changes | The user can update the settings on the device. | SAFE 2.0+ |
| Allow OTA upgrade | The device allows Over the Air (OTA) updates on the device. The OTA updates are delivered
through wifi to the device. If you disable this setting in the policy, the following actions
occur:
Note: The OTA upgrade policy is not supported on the following devices:
|
SAFE 3.0+ |
| Visible passwords | The user can view the password as they type the password in an app. You can enable this setting in the policy or the user can enable this setting on the device. |
Android 2.2 to 5.1.x |
| Enable device attestation | The health of the device is checked for every 24 hours. | Android App 5.55+ |
App security settings
The following table describes the application settings that you can configure on an Android
device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Allow installation of apps | The device allows apps to be installed on the device. | SAFE 2.0+ |
| Allow installation of non-Google Play applications | The device allows installation of apps from the sources outside of Google Play such as
third-party app stores or sideloading of APK files. Note: Make sure that the Unknown
sources device setting is enabled on the device.
|
Android 4.1 to 7.x |
| Enforce app verification before install | The device enforces app verification before the app is installed on the device. You can enable this setting in the policy or the user can enable this setting on the device. |
Android 4.2 to 4.4.x |
| Allow uninstallation of apps | The user can uninstall apps from the device. | SAFE 2.2+ |
| Allow system apps to be stopped | The user can force apps to quit on the device. Disabling this setting in the policy prevents the user from forcing apps to quit. |
SAFE 4.0+ |
| Allow notifications | The device can receive notifications from an app on the device. | SAFE 3.0+ |
| Allow widgets | Enable this setting to allow the device to use widgets for supported apps. Important: On some Samsung devices, disabling this setting not only disables widget functions
but also limits access to apps that depend on widgets, such as Outlook and Google
Maps.
|
SAFE 3.0+ |
Data security settings
The following table describes the data settings that you can configure on an Android
device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Allow clipboard | The user can copy and paste content from an app on the device to a clipboard. | SAFE 2.0+ |
| Allow clipboard sharing between apps | The user can copy and paste content from an app on the device to a clipboard and share that
content with other apps on the device. If you disable this setting in the policy, content cannot be shared between apps. Each app uses a separate clipboard. |
SAFE 4.0+ |
| Allow screen capture | The device allows screen captures from the device. | SAFE 2.0+ |
| Allow share list | The device allows apps to share data with other apps on the device. If you disable this setting in the policy, the Share through list setting is not available on the device. |
SAFE 4.0+ |
| Allow Content Capture for AI Purposes | Disabling this setting prevents the user's screen from being captured for artificial
intelligence purposes. The policy is applicable to personal profiles on DO devices and not on PO devices. The policy is also applicable to work profiles on WPCO and PO devices. The default value isYes. |
Android 10+ (PO and DO) |
| Allow Content Capture for AI Purposes on Personal Profile | Disabling this setting prevents artificial intelligence from capturing the user's screen on
the personal profile on a WPCO device. The policy is applicable to personal profiles on WPCO devices and is not applicable to PO and DO devices. The default value isYes. |
Android 11+ (WPCO) |
Backup and restore settings
The following table describes the backup and restore settings that you can configure on an
Android device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Allow backup to Google | The user can back up device settings and app data for Google services. You can enable this setting in the policy or the user can enable this setting on the device. |
Android 2.2+ |
| Automatic restore | The device can restore data from a previous backup by reinstalling the app. The Google setting to restore data from a backup must also be enabled. | Android 2.2+ |
| Allow factory reset | The device can be reset back to default factory settings. | SAFE 2.0+ |
| Allow firmware recovery | The user can choose an OS version for the device. The user can recover the device firmware in either recovery mode or download mode. However, the user must use the Android MDM App 5.25+ to flash ROMs onto the device. |
SAFE 5.0+ |