Device Management MDM

Android Management sample policies

As you probably already know, the possibilities of the Android Devices Management policies configuration are endless. Below you will find a repository of the most common configurations our users use to configure for their projects.

Kiosk Custom Launcher #

Replaces the home screen with a launcher that locks down the device to the apps installed via the applications setting. Apps appear on a single page in alphabetical order.

  • Kiosk Custom Launcher Enabled = true
  • Kiosk Customization (optional): there are many options available that you can use to customize Custom Kiosk mode behaviour.

We always recommend to enable “Network Escape Hatch” (networkEscapeHatchEnabled: true) since the it prompts the user to temporarily connect to a network in order to refresh the device policy if a network connection can’t be made at boot time.

				
					{
  "config": {
    "applications": [...],
    "networkEscapeHatchEnabled": true,
    "kioskCustomization": {
      "deviceSettings": "SETTINGS_ACCESS_ALLOWED"
    }
  }
}
				
			

Single app kiosk mode #

The app is automatically installed in kiosk mode: it’s set as the preferred home intent and whitelisted for lock task mode. Device setup won’t complete until the app is installed. After installation, users won’t be able to remove the app. You can only set this “Install Type” for one app per policy. When this is present in the policy, status bar will be automatically disabled.

  • App Configuration:
    • Install type: KIOSK
  • Policy configuration (optional)

Persistent Preferred Activities:

  • Receiver Activity: name of your receiver activity i.e.:com.applivery.kiosk.demo001/.AppliveryDeviceAdminReceiver
  • Categories: i.e.
    android.intent.category.LAUNCHER
    android.intent.category.HOME
    android.intent.category.DEFAULT
  • Actions: i.e.: android.intent.action.MAIN

We always recommend to enable “Network Escape Hatch” (networkEscapeHatchEnabled: true) since the it prompts the user to temporarily connect to a network in order to refresh the device policy if a network connection can’t be made at boot time.

				
					{
  "config":{
     "applications":[
      {
        "packageName":"com.applivery.kiosk.demo001",
        "installType":"KIOSK",
        "defaultPermissionPolicy":"GRANT",
        "permissionGrants":[
         {
           "permission":"android.permission.BIND_DEVICE_ADMIN",
           "policy":"GRANT"
         }
        ]
      }
     ],
     "persistentPreferredActivities":[
      {
        "receiverActivity":"com.applivery.kiosk.demo001/.AppliveryDeviceAdminReceiver",
        "actions":[
         "android.intent.action.MAIN"
        ],
        "categories":[
         "android.intent.category.LAUNCHER",
         "android.intent.category.HOME",
         "android.intent.category.DEFAULT"
        ]
      }
     ],
     "networkEscapeHatchEnabled":true
  }
}
				
			

Web app kiosk mode #

You can also use Google Chrome in kiosk mode to display a specific URL as a single app, achieving the desired behavior on your dedicated device.

To set up this configuration, follow the steps outlined in the “Single App Kiosk Mode” section above, which involves configuring both the Persistent Preferred Activities setting and the ‘Network Escape Hatch’.

  • Web app configuration:
    • Install type: KIOSK
  • Google Chrome configuration:
    • Install type: FORCE_INSTALLED
    • Managed configuration:

      URL allow list:["allowed URL"]

      URL block list:["*"]

* Multiple web apps are allowed, separated by commas, i.e: ["allowed URL1", "allowed URL2"]

				
					{
  "applications": [
    {
      "packageName": "com.google.enterprise.webapp.xbf6a96eb033caa10",
      "installType": "KIOSK",
      "defaultPermissionPolicy": "GRANT"
    },
    {
      "packageName": "com.android.chrome",
      "installType": "FORCE_INSTALLED",
      "defaultPermissionPolicy": "GRANT",
      "managedConfiguration": {
        "URLAllowlist": "["applivery.com/docs/"]",
        "URLBlocklist": "["*"]"
      }
    }
  ],
  "persistentPreferredActivities": [
    {
      "receiverActivity": "com.android.chrome/com.google.android.apps.chrome.Main",
      "actions": [
        "android.intent.action.MAIN"
      ],
      "categories": [
        "android.intent.category.HOME",
        "android.intent.category.DEFAULT"
      ]
    }
  ],
  "networkEscapeHatchEnabled": true,
  "kioskCustomization": {
    "systemNavigation": "NAVIGATION_DISABLED"
  }
}
				
			

Allow install from Unknown Sources #

Sometimes you will need to allow your users to install Apps (.apk or .aab files) from 3rd parties or from your Private App Store in Applivery MAM. This is normally block by default in all policies so you will need to customize the following policy properties to make it possible:

  • Install Unknown Sources Allowed = true
  • Advanced Security Overwrites
    • Untrusted Apps Policy = ALLOW_INSTALL_DEVICE_WIDE
				
					{
  "config": {
    "applications": [...],
    "installUnknownSourcesAllowed": true,
    "advancedSecurityOverrides": {
      "untrustedAppsPolicy": "ALLOW_INSTALL_DEVICE_WIDE"
    }
  }
}
				
			

Network configuration #

Sometimes you will need to remotely deploy network configuration, including WiFi and  others. This is something that can be done by using the “Open Network Configuration” property, that supports deploying multiple configurations at the same time using the ONC standard.

The most common properties are:

  • GUID: unique identifier for this network.
  • Name: friendly network name
  • Type: type of network. Allowed values are: VPN, WiFi, Tether, Ethernet, Cellular
  • Security: Security type. Allowed values are: WEP-PSK, WEP-8021X, WPA-PSK, WPA-EAP
  • AutoConnect: Indicating that the network should be connected to automatically when possible true or false
				
					{
  "NetworkConfigurations": [{
    "GUID": "a",
    "Name": "Example A",
    "Type": "WiFi",
    "WiFi": {
      "SSID": "Example A",
      "Security": "None",
      "AutoConnect": true
    }
  }, {
    "GUID": "b",
    "Name": "Example B",
    "Type": "WiFi",
    "WiFi": {
      "SSID": "Example B",
      "Security": "WEP-PSK",
      "Passphrase": "1234567890"
    }
  }, {
    "GUID": "c",
    "Name": "Example C",
    "Type": "WiFi",
    "WiFi": {
      "SSID": "Example C",
      "Security": "WPA-PSK",
      "Passphrase": "baseball"
    }
  }]
}
				
			
You can read more about Open Network Configuration spec here.