- Kaspersky Secure Mobility Management help
- What's new
- Working in Kaspersky Security Center Web Console
- About Kaspersky Secure Mobility Management
- Getting started
- Solution architecture
- Deployment scenarios
- Deploying a mobile device management solution in Kaspersky Security Center Web Console
- Deploying Kaspersky Security Center Linux and Kaspersky Security Center Web Console
- Deploying mobile management plug-ins
- Configuring Administration Server settings for connecting mobile devices
- Scenario: Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Web Console
- Adding installation packages to Administration Server repository
- Adding a license key to the Administration Server repository
- Installing Network Agent Linux
- Configuring Kaspersky Security Center Linux Web Server settings
- Deploying an iOS device management system
- About iOS device operating modes
- About device management profiles
- Deploying Kaspersky Security for iOS
- Deploying a management system using the iOS MDM protocol
- Deploying iOS MDM Server
- Configuring an iOS MDM Server installation package
- Installing iOS MDM Server using a remote installation task
- Local installation of iOS MDM Server on a device via an installation package
- Updating iOS MDM Server using a remote installation task or locally
- Deleting iOS MDM Server using a remote uninstallation task
- Viewing the list of installed iOS MDM Servers and configuring their settings
- Configuring an iOS MDM Server certificate
- Configuring a reserve iOS MDM Server certificate
- Receiving or renewing an APNs certificate
- Installing an APNs certificate on iOS MDM Server
- Configuring access to Apple Push Notification service
- iOS MDM Server events
- Obtaining iOS MDM Server diagnostic data
- Deploying iOS MDM Server
- Deploying an Android device management system
- About Android device operating modes
- Using Firebase Cloud Messaging
- Deploying Kaspersky Endpoint Security for Android
- Permissions for Kaspersky Endpoint Security for Android
- Starting and stopping Kaspersky Endpoint Security for Android
- Activating Kaspersky Endpoint Security for Android
- Updating Kaspersky Endpoint Security for Android
- Removing Kaspersky Endpoint Security for Android
- Managing mobile devices in Kaspersky Security Center Web Console
- Creating administration groups
- Configuring policies
- Creating a policy
- Modifying a policy
- Copying a policy
- Moving a policy to another administration group
- Viewing the list of policies
- Viewing the policy distribution results
- Managing revisions to policies
- Restricting permissions to configure policies
- Configuring role-based access control
- Configuring policy profiles
- Deleting a policy
- Connecting mobile devices to Kaspersky Security Center Web Console
- Configuring synchronization settings
- Managing certificates of mobile devices
- Configuration and management
- Control
- Protection
- Configuring anti-malware protection on Android devices
- Protecting Android devices on the internet
- Protection of data on a stolen or lost device
- Configuring the device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting hacked devices
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Restricting SD card usage (only Samsung)
- Management of mobile devices
- Managing Android devices
- Managing iOS MDM devices
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing a configuration profile from a device
- Configuring managed apps
- Installing an app on a mobile device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Configuring kiosk mode for iOS MDM devices
- Management of mobile device settings
- Configuring connection to a Wi-Fi network
- Configuring email
- Configuring protection levels in Kaspersky Security Center
- Managing app configurations
- Managing app permissions
- Creating a report on installed mobile apps
- Installing root certificates on Android devices
- Configuring notifications for Kaspersky Endpoint Security for Android
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Configuring the Access Point Name (APN)
- Corporate container
- Adding an LDAP account
- Adding a contacts account
- Adding a calendar account
- Configuring a calendar subscription
- Configuring SSO
- Managing Web Clips
- Setting a wallpaper
- Adding fonts
- Working with commands for mobile devices
- Managing the app by using third-party EMM systems (Android only)
- Participating in Kaspersky Security Network
- Samsung Knox
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-malware database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app on corporate devices
- Installing root certificates on the device
- Installing and using mail and VPN certificates on the device
- Enabling accessibility on Android 13 or later
- Updating the app
- Removing the app
- Applications with a briefcase icon
- Knox app
- Using the Kaspersky Security for iOS app
- Application licensing
- Comparison of solution features by management tool
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Basic control
- Basic protection
- Certificate Signing Request
- Compliance Control
- Corporate container
- Corporate device
- Device administrator
- Device management profile
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License
- License term
- Malware
- Manifest file
- Network Agent
- Personal device
- Phishing
- Policy
- POP3
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virtual Administration Server
- Information about third-party code
- Trademark notices
Managing app permissions
These settings apply to corporate devices and devices with a corporate container.
App permission management settings let you configure rules for granting runtime permissions to installed apps.
To add app permissions:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select Android and go to the App configuration section.
- On the App permission management card, click Settings.
The App permission management window opens.
- Enable the settings using the App permission management toggle switch.
- Click Add.
The Add app with permission granting rules window opens.
- In the Method for adding configuration section, select how to add a configuration with permission granting rules:
- App package uploaded by administrator
When adding a configuration by uploading an app package, you need to select an APK file saved on your computer.
After that, you can view a list of runtime permissions and select an action to be performed for each permission.
- Kaspersky Security Center installation package
When adding a configuration using an installation package added to Kaspersky Security Center, you need to select the app from the list of mobile app packages.
After that, you can view a list of runtime permissions and select the action to be performed for each permission.
- Manual configuration
When adding a configuration manually, you must click the Add rule button to select a permission and a corresponding action from the drop-down lists.
- App package uploaded by administrator
- In the App data section, specify the following settings:
- App name
Name of the app for which permissions are to be configured.
When importing a configuration from an APK file or an installation package, the value is inserted automatically.
- Package name
Name of the package for which permissions are to be configured.
How to get the package name of an app
To get the name of an app package:
- Open Google Play.
- Find the app and open its page.
The app's URL ends with its package name (for example, https://play.google.com/store/apps/details?id=com.android.chrome).
To get the name of an app package that has been added to Kaspersky Security Center:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Mobile → Apps.
- Click Android apps.
In the list of apps that opens, app identifiers are displayed in the Package name column.
When importing a configuration from an APK file or an installation package, the value is inserted automatically.
- Comment
An optional comment.
- App name
- Click the Add rule button to add and configure a new rule. You can add several permissions.
Select one of the following permissions.
- Permission for call handover
- Location permissions
- Permission to use saved geographic locations
- Permission for activity recognition
- Permission for answerphone voice mails
- Permission to answer phone calls
- Permissions for Bluetooth
- Permissions to access body sensors data
- Permission for phone calls
- Permissions for camera
- Permission to access account list
- Permissions to access nearby devices via Wi-Fi
- Permission to send notifications
- Permission to manage outgoing calls
- Permission to read calendar data
- Permission to read call log
- Permission to read contact list
- Permissions to read external storage
- Permission to read device's phone numbers
- Permission to read phone state
- Permissions to monitor SMS and MMS incoming messages
- Permission to receive WAP push messages
- Permission to record audio
- Permission to send SMS
- Permission to use SIP telephony
- Permission to access devices that use UWB
- Permission to write data to calendar
- Permission to write and read data of call log
- Permission to write contacts
- Permission to write data to external storage
To configure granting rules for app runtime permissions, you need to select one of the following actions for each permission:
- Allow users to configure permissions
When a permission is requested, the user decides whether to grant the specified permission to the app.
This option is selected by default.
- Grant permissions automatically
The app is granted the permission without user interaction.
On devices with a corporate container running Android 12 or later, the following permissions can't be granted automatically but can be denied automatically. If you select this option, the app will prompt the user for these permissions:
- Location permissions
- Permissions for camera
- Permissions to record audio
- Permission for activity recognition
- Permissions to access body sensor data
- Deny permissions automatically
The app is denied the permission without user interaction.
You can save only one granting rule for each app permission.
- Click Add.
The configuration appears in the Apps with configured permission granting rules list.
You can modify or delete configurations in the list using the Edit and Delete buttons at the top of the list.
- Click OK.
- Click Save to save the changes you have made.
The configuration with permission granting rules is applied. Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
Permission granting rules configured for specific apps have precedence over the general policy for granting permissions. For example, if you first select the Deny permissions automatically option in the Corporate container on devices section, and then select the Grant permissions automatically option for a specific app in the App permission management section, the permission for this app will be granted automatically.