SOTI Pulse Logo

How to avoid a user from installing Play Store apps?

M
Maverick75

Hi everyone,

We have 2 Gmail account on Android devices.

First one is the automaticly created when Work Managed profile is installed to the device during the enrollment process.

The other Gmail account is for Contacts and WhatsApp backup purposes.

From the first one (automatic), users can only install the managed Apps we deploy for them using MobiControl.

From the other one (manual), users can install every App they wanted to, but this is something we must cut off right away.

Is it possible and how we can avoid the user to install any additional App apart from the managed ones on their devices?

Thank you very much in advance.

a year ago
Android
ANSWERS
ZC
Zafer Cigdem
a year ago

Hello,

You can block adding an extra account on your devices so this way they can use/see only 1 account which is randomly generated Google @android-for-work.. e-mail address. Below is the steps:

You may check Profile -> Feature Control -> Security Tab. The feature name may be depending on the SOTI MobiControl Server version, but it may be something like:

Disable Google Account Creation (on old versions) or (on new version) or similar. You may try to enable/disable one of these settings and deploy this profile to your test device first, and then you can check out whether it lets you create any extra Gmail account on your test device.

But if you want to keep both Gmail accounts on the devices, and block users to install any app from Playstore, then you may use Application Run Control. You can review here, Raymond already mentioned earlier:
SOTI Discussion Forum

I hope it helps. Thank you

Zafer

M
Maverick75
a year ago

Hi Zafer,

I'll look into that link so I can learn some ways to block users to install any app from Playstore.

Thank you

RS
Rafael Schäfer
a year ago

In that case the Whitelist Zafer ist pointing to, would be required but be aware that if you provide an app with managed app config via MDM, the user could install it from private playstore as well without managed config then (as the bundleID is the same).

3 Questions:

  1. Backup of Whatsapp is uploading to google drive, so do you ever tested if a local installation of google drive where the user logs in could be enough instead of having the second google account on the device in general?
  2. What happens if the second Google account is entered in Whatsapp only for the backup (not added as a general account)?
  3. Are the contacts somehow individual? If not, you could provide them via a vcf file and script instead.
M
Maverick75
a year ago

Hi Rafael,

About your questions:

  1. Backup of Whatsapp is uploading to google drive, so do you ever tested if a local installation of google drive where the user logs in could be enough instead of having the second google account on the device in general?

Till now, we did it in the way we were told in the past: first, add second Google account to the device, then use it from WhatsApp.

What you suggesting as an option that's something we're gonna try tomorrow.

  1. What happens if the second Google account is entered in Whatsapp only for the backup (not added as a general account)?

As far as I remember, when the second Google account is added to Whatsapp, then is also automaticly added  to the device accounts, as a general account.

  1. Are the contacts somehow individual? If not, you could provide them via a vcf file and script instead.

That would be good for an initial setup of the device. As most of the users add a lot of contacts during the usage of the device, we need to make sure their contacts is backed up or synced outside the device, in a way they could be easily be recovered if needed, in the same or different device.

Is there a way we can do backup/sync of the contacts int the device to MobiControl server?

Thanx in advance.

RS
Rafael Schäfer
a year ago

That's what i feared a bit of but ok, then i think whitelist is the only option to get it working but it will be an ongoing task for you then because you have to add every new app you want to provide to this list.

M
Maverick75
a year ago

Hi Rafael,

One additional question, Should I add the native Android Apps to the Whitelist also or just the deployed ones?

Thanx in advance. 

RS
Rafael Schäfer
a year ago

I think if you want them being updated as well, you should add them as well.

Otherwise i think it's not needed.

We added them even without that whitelisting because we saw them sometimes stuck in the playstore if not provided and because of that blocking other apps being updated.

T
TLMOD@SOTI
a year ago

Hello,

Thanks for posting on SOTI pulse. Thanks Zafer and Rafael for responding to the post, your expertise and willingness to help are greatly appreciated!

Has your query been resolved? If not, or if you have any additional concerns, please don't hesitate to reach out. We are dedicated to providing assistance and support.

Kind Regards,

Similar Discussions