Restricting Android features on devices
Expand all | Collapse all
These settings apply to corporate devices.
You can restrict Android operating system features on corporate devices. For example, you can restrict factory reset, changing credentials, use of Google Play and Google Chrome, file transfer over USB, changing location settings, and management of system updates. You can also restrict operating system features on personal devices and devices with a corporate container.
To restrict Android features:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select Android and go to the Restrictions section.
- On the Device feature restrictions card, click Settings.
The Device feature restrictions window opens.
- Enable the settings using the Device feature restrictions toggle switch.
- Enable device feature restrictions using toggle switches on the corresponding tabs and select the required restrictions.
- Click OK.
- Click Save to save the changes you have made.
Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
Restrict device features
On the General tab, you can enable or disable the following features.
- Features in the Data loss protection section:
- Prohibit reset to factory settings
Selecting or clearing this check box specifies whether the device user is allowed to perform a factory reset from device settings.
This check box is cleared by default.
- Prohibit screen capture
Selecting or clearing this check box specifies whether the device user is allowed to take screenshots and record and share the device screen. It also specifies whether the contents of the device screen are allowed to be captured for artificial intelligence purposes.
This check box is cleared by default.
- Prohibit safe boot
Selecting or clearing this check box specifies whether the device user is allowed to boot the device in safe mode.
The restriction is supported on devices with Android 6 or later.
This check box is cleared by default.
- Features in the Calls and SMS section:
- Prohibit outgoing phone calls
Selecting or clearing this check box specifies whether the device user is allowed to make outgoing phone calls on this device.
This check box is cleared by default.
- Prohibit sending and receiving SMS messages
Selecting or clearing this check box specifies whether the device user is allowed to send and receive SMS messages on this device.
This check box is cleared by default.
- Features in the Location services section:
- Prohibit use of location
Prevents turning location services on and off.
If the check box is selected, the device user cannot turn location services on or off. Search in Anti-Theft mode becomes unavailable.
If the check box is cleared, the device user can turn location services on or off.
This check box is cleared by default.
Various combinations of values for Prohibit use of location and Prohibit modifying location settings produce different results for the location services feature and configuration.
Prohibit use of location
|
Prohibit modifying location settings
|
Feature restriction result
|
Enabled
|
Enabled
|
Location services are disabled and cannot be enabled by the device user.
|
Enabled
|
Disabled
|
Location services are disabled and can be enabled by the device user.
Disabling the Prohibit modifying location settings restriction makes it possible for the user to disable location services on the device, which may make some features unavailable.
|
Disabled
|
Enabled
|
Location services are enabled and cannot be disabled by the device user.
|
Disabled
|
Disabled
|
Location services are enabled and can be disabled by the device user.
Disabling the Prohibit modifying location settings restriction makes it possible for the user to disable location services on the device, which may make some features unavailable.
|
- Prohibit sharing location
If this option is enabled, the user cannot share the device location via apps that provide a location-sharing feature.
By default, the option is disabled.
- Prohibit modifying location settings
Prevents changing location settings.
If the check box is selected, the device user cannot change location settings or disable location services.
If the check box is cleared, the device user can change location settings.
The restriction is supported on devices with Android 9 or later.
This check box is cleared by default.
Various combinations of values for Prohibit use of location and Prohibit modifying location settings produce different results for the location services feature and configuration.
Prohibit use of location
|
Prohibit modifying location settings
|
Feature restriction result
|
Enabled
|
Enabled
|
Location services are disabled and cannot be enabled by the device user.
|
Enabled
|
Disabled
|
Location services are disabled and can be enabled by the device user.
Disabling the Prohibit modifying location settings restriction makes it possible for the user to disable location services on the device, which may make some features unavailable.
|
Disabled
|
Enabled
|
Location services are enabled and cannot be disabled by the device user.
|
Disabled
|
Disabled
|
Location services are enabled and can be disabled by the device user.
Disabling the Prohibit modifying location settings restriction makes it possible for the user to disable location services on the device, which may make some features unavailable.
|
- Features in the Keyguard section:
- Prohibit keyguard features
Selecting or clearing the check box specifies whether a user's device can be unlocked with a swipe.
This setting has no effect if a password, PIN code, or pattern is currently set as an unlock method on the device.
This check box is cleared by default.
- Prohibit disabling keyguard notifications
Selecting or clearing the check box specifies whether notifications are prohibited when the device screen is locked.
This check box is cleared by default.
- Prohibit using keyguard camera
Selecting or clearing the check box specifies whether the device user is prohibited to use the camera when the device is locked.
This check box is cleared by default.
- Prohibit using keyguard trust agents
Selecting or clearing this check box specifies whether trusted apps are prohibited when the device screen is locked. Trusted apps are apps that allow the device user to unlock the device without a password, PIN code, or fingerprint.
This check box is cleared by default.
- Features in the Users and accounts section:
- Prohibit adding Google accounts
Selecting or clearing the check box specifies whether the device user is allowed to add and remove Google accounts.
This check box is cleared by default.
- Prohibit adding users
Selecting or clearing the check box specifies whether the device user is allowed to add new users.
This check box is selected by default. If a corporate device was connected to Kaspersky Security Center via a QR code, the restriction is enabled and can't be disabled.
The restriction can be disabled only on devices that meet the following requirements:
- The corporate device was connected to Kaspersky Security Center via the
adb.exe installation package. - The device must support multiple users.
- Prohibit switching user
If this option is enabled, the user cannot switch the current user of the device.
By default, the option is disabled.
- Prohibit removing users
Selecting or clearing the check box specifies whether the device user is allowed to remove users.
This check box is selected by default. If a corporate device was connected to Kaspersky Security Center via a QR code, the restriction can't be disabled.
The restriction can be disabled only on devices that meet the following requirements:
- The corporate device was connected to Kaspersky Security Center via the
adb.exe installation package. - The device must support multiple users.
- Prohibit changing credentials
Selecting or clearing this check box specifies whether the device user is allowed to change user credentials in the operating system.
This check box is cleared by default.
Restrict app features
On the Apps tab, you can enable or disable the following features.
- Features in the General section:
- Prohibit installation of apps
Selecting or clearing the check box specifies whether the device user is allowed to install apps on the device.
This check box is cleared by default.
- Prohibit installation of apps from unknown sources
Selecting or clearing the check box specifies whether the device user is allowed to install apps from unknown sources.
This check box is cleared by default.
- Prohibit modification of apps in Settings
Prevents modifying apps in Settings.
If the check box is selected, the device user is not allowed to perform the following actions:
- Uninstall apps
- Disable apps
- Clear app caches
- Clear app data
- Force stop apps
- Clear app defaults
If the check box is cleared, the device user is allowed to modify apps in Settings.
This check box is cleared by default.
- Prohibit disabling app verification
Selecting or clearing the check box specifies whether the device user is allowed to disable app verification.
This check box is cleared by default.
- Prohibit uninstallation of apps
Selecting or clearing the check box specifies whether a device user is allowed to uninstall apps from this device.
This check box is cleared by default.
- Features in the Google apps section:
- Prohibit Google Play
Selecting or clearing the check box specifies whether the device user is allowed to use Google Play.
This check box is cleared by default.
- Prohibit Google Chrome
Prevents use of Google Chrome.
If the check box is selected, the device user cannot start Google Chrome or configure it in system settings.
If the check box is cleared, the device user is allowed to use Google Chrome on the device.
The check box is cleared by default.
- Prohibit Google Assistant
Selecting or clearing the check box specifies whether the device user is allowed to use Google Assistant on the device.
This check box is cleared by default.
- Features in the Camera section:
- Prohibit use of camera
Selecting or clearing the check box specifies whether the device user is allowed to use all cameras on the device.
If the check box is selected, the solution usually blocks the camera from being opened. However, for Asus and OnePlus devices, the icon for the camera app is completely hidden when the check box is selected.
This check box is cleared by default.
- Prohibit camera toggle
Prevents the device user from toggling the camera.
If the check box is selected, the device user cannot block the camera access via the system toggle.
If the check box is cleared, the device user is allowed to use the camera toggle.
The restriction is supported on devices with Android 12 or later.
This check box is cleared by default.
On some Xiaomi and HUAWEI devices running Android 12, this restriction does not work. This issue is caused by the specific features of MIUI firmware on Xiaomi devices and EMUI firmware on HUAWEI devices.
- Granting runtime permissions for apps
This setting allows you to select an action to be performed when apps installed on corporate devices are running and request additional permissions. This does not apply to permissions granted in Settings (e.g. Access All Files) on the device.
- Allow users to configure permissions
When a permission is requested, the user decides whether to grant the specified permission to the app.
This option is selected by default.
- Grant permissions automatically
All apps installed on corporate devices are granted permissions without user interaction.
- Deny permissions automatically
All apps installed on corporate devices are denied permissions without user interaction.
Users can adjust app permissions in device settings before these permissions are denied automatically.
On Android 12 or later, the following permissions can't be granted automatically but can be denied automatically. If you select Grant permissions automatically, the app will prompt the user for these permissions:
- Location permissions
- Permissions for camera
- Permissions to record audio
- Permission for activity recognition
- Permissions to monitor SMS and MMS incoming messages
- Permissions to access body sensor data
Restrict storage features
On the Storage tab, in the General section, you can enable or disable the following features.
- Prohibit debugging features
Prevents use of debugging features.
If the check box is selected, the device user cannot use USB debugging features and developer mode.
If the check box is cleared, the device user is allowed to enable and access debugging features and developer mode.
This check box is cleared by default.
- Prohibit mounting physical external media
Selecting or clearing the check box specifies whether the device user is allowed to mount physical external media, such as SD cards and OTG adapters.
This check box is cleared by default.
- Prohibit file transfer over USB
Selecting or clearing this check box specifies whether the device user is allowed to transfer files over USB.
This check box is cleared by default.
- Prohibit backup service
Selecting or clearing the check box specifies whether the device user is allowed to enable or disable the backup service.
The restriction is supported on devices with Android 8 or later.
This check box is cleared by default.
Restrict network features
On the Network tab, you can enable or disable the following features.
- Features in the General section:
- Prohibit airplane mode
Selecting or clearing the check box specifies whether the device user is allowed to enable airplane mode on the device.
This restriction is supported on devices with Android 9 or later.
This check box is cleared by default.
- Prohibit use of Android Beam via NFC
Selecting or clearing the check box specifies whether beaming out data from apps via NFC is allowed on the device. However, the device user can enable or disable NFC.
This check box is cleared by default.
- Prohibit use of tethering
Selecting or clearing the check box specifies whether the device user is allowed to configure tethering and hotspots.
This check box is cleared by default.
- Prohibit modifying VPN settings
Prevents changing VPN settings.
If the check box is selected, the device user cannot configure a VPN in Settings and VPNs are prohibited from starting.
If the check box is cleared, the device user is allowed to modify a VPN in Settings.
This check box is cleared by default.
- Prohibit resetting network settings
Selecting or clearing the check box specifies whether the device user is allowed to reset network settings in Settings.
This restriction is supported on devices with Android 6 or later.
This check box is cleared by default.
- Features in the Wi-Fi section:
- Prohibit use of Wi-Fi
Selecting or clearing the check box specifies whether the device user is allowed to use Wi-Fi and configure it in Settings.
This check box is cleared by default.
- Prohibit enabling/disabling Wi-Fi
If this option is enabled, the user cannot enable or disable Wi-Fi on the device. Also, Wi-Fi cannot be disabled via airplane mode.
By default, the option is disabled.
- Prohibit modifying Wi-Fi settings
Selecting or clearing the check box specifies whether the device user is allowed to configure Wi-Fi access points via Settings. The restriction does not affect Wi-Fi tethering settings.
This check box is cleared by default.
- Prohibit Wi-Fi Direct
If this option is enabled, the user cannot use the Wi-Fi Direct feature on the device.
By default, the option is disabled.
- Prohibit sharing pre-configured Wi-Fi networks
If this option is enabled, the user cannot share Wi-Fi networks that are configured in the policy settings. Other Wi-Fi networks on the device are not affected.
By default, the option is disabled.
- Prohibit adding Wi-Fi networks
If this option is enabled, the user cannot manually add new Wi-Fi networks on the device.
By default, the option is disabled.
- Prohibit changing pre-configured Wi-Fi networks
Selecting or clearing the check box specifies whether the device user is allowed to change Wi-Fi configurations added by the administrator in the Wi-Fi section.
This check box is cleared by default.
- Features in the Bluetooth section:
- Prohibit use of Bluetooth
Prevents use of Bluetooth.
If the check box is selected, the device user cannot turn on and configure Bluetooth via Settings.
If the check box is cleared, the device user is allowed to use Bluetooth.
The restriction is supported on devices with Android 8 or later.
This check box is cleared by default.
- Prohibit modifying Bluetooth settings
Selecting or clearing the check box specifies whether the device user is allowed to configure Bluetooth via Settings.
This check box is cleared by default.
- Prohibit outgoing data sharing over Bluetooth
Selecting or clearing the check box specifies whether outgoing Bluetooth data sharing is allowed on the device.
The restriction is supported on devices with Android 8.0 or later.
This check box is cleared by default.
- Features in the Mobile networks section:
- Prohibit modifying mobile network settings
Selecting or clearing the check box specifies whether the device user is allowed to change mobile network settings.
This check box is cleared by default.
- Prohibit use of cellular data while roaming
Selecting or clearing the check box specifies whether the device user is allowed to use cellular data while roaming.
If the check box is selected, the device can't update anti-malware databases and synchronize with the Administration Server while roaming.
To allow anti-malware database updates while roaming, this check box must be cleared and the Allow database update while roaming check box in the Database update settings of the policy must be selected.
To allow device synchronization with the Administration Server while roaming, both this check box and the Do not synchronize while roaming check box in the Scheduled synchronization settings of the policy must be cleared.
This restriction is supported on devices with Android 7 or later.
This check box is cleared by default.
Additional restrictions
On the Additional settings tab, you can enable or disable the following features.
- Features in the Language, date, and time section:
- Prohibit changing language
Selecting or clearing the check box specifies whether the device user is allowed to change the device language.
This restriction is supported on devices with Android 9 or later.
This check box is cleared by default.
On some corporate devices (for example, Xiaomi, TECNO, and Realme) running Android 9 or later, when you select the Prohibit changing language check box, the user still can change the language, and no warning message appears.
- Prohibit changing date, time, and time zone
Selecting or clearing the check box specifies whether the device user is allowed to change date, time, and time zone in Settings.
This restriction is supported on devices with Android 9 or later.
This check box is cleared by default.
- Features in the Display section:
- Prohibit changing wallpaper
Selecting or clearing the check box specifies whether the device user is allowed to change the wallpaper on the mobile device.
This restriction is supported on devices with Android 7 or later.
This check box is cleared by default.
- Prohibit adjusting brightness
Selecting or clearing the check box specifies whether the device user is allowed to adjust the brightness on the mobile device.
This restriction is supported on devices with Android 9 or later.
This check box is cleared by default.
- Prohibit status bar
Prevents the status bar from being displayed.
If the check box is selected, the status bar is not displayed on the device. Notifications and quick settings accessible via the status bar are also blocked.
If the check box is cleared, the status bar can be displayed on the device.
The restriction is supported on devices with Android 6 or later.
This check box is cleared by default.
- Prohibit ambient display
If this option is enabled, the user cannot use the Ambient Display feature on the device.
By default, the option is disabled.
- Features in the Screen on section:
- Force screen on when plugged in to AC charger
Selecting or clearing the check box specifies whether the device screen will be on while the device is charging using an AC charger.
The restriction is supported on devices with Android 6 or later.
This check box is cleared by default.
- Force screen on when plugged in to USB charger
Selecting or clearing the check box specifies whether the device screen will be on while the device is charging using a USB charger.
The restriction is supported on devices with Android 6 or later.
This check box is cleared by default.
- Force screen on when charging wirelessly
Selecting or clearing this check box specifies whether the device screen will be on while the device is charging using a wireless charger.
The restriction is supported on devices with Android 6 or later.
This check box is cleared by default.
- Features in the Microphone section:
- Prohibit unmuting microphone
If this option is enabled, the device microphone is muted.
If this option is disabled, the user can unmute the microphone and adjust its volume.
By default, the option is disabled.
- Prohibit microphone toggle
If this option is enabled, the user cannot disable access to the microphone via the system toggle on the device. If access to the microphone on the device is disabled when this option is enabled, it is automatically re-enabled.
By default, the option is disabled.
On some Xiaomi and HUAWEI devices running Android 12, this restriction does not work. This issue is caused by the specific features of MIUI firmware on Xiaomi devices and EMUI firmware on HUAWEI devices.
- Features in the Volume section:
- Prohibit adjusting volume
Restricts volume adjustment and muting the device.
If the check box is selected, the device user can't adjust the volume and the device is muted.
If the check box is cleared, the device user can adjust the volume and the device is unmuted.
Anti-Theft can disregard this restriction to play a sound on the device. The restriction is disabled to allow the sound to play, and then it is re-enabled.
This check box is cleared by default.
Restrict system updates
Management of update settings on mobile devices is vendor-specific. On some Android devices, the restriction on manual installation of operating system updates may not work correct.
On the OS update tab, you can configure the following settings.
- In the Update mode section:
- Set system update policy
Type of system update policy.
If the check box is selected, one of the following system update policies is set:
- Install updates automatically. Installs system updates immediately without user interaction. This option is selected by default.
- Install updates during daily window. Installs system updates during a daily maintenance window without user interaction.
You also need to set the start and end of the daily maintenance window in the Start time and End time fields respectively.
- Postpone updates for 30 days. Postpones the installation of system updates for 30 days.
After the specified period, the operating system prompts the device user to install the updates. The period is reset and starts again if a new system update is available.
If the check box is cleared, a system update policy is not set.
This check box is selected by default.
Management of update settings on mobile devices is vendor-specific. On some Android devices, the restriction on manual installation of operating system updates may not work correct.
- In the Freeze periods section:
- System update freeze periods
This block lets you set one or more freeze periods of up to 90 days during which system updates will not be installed on the device. When the device is in a freeze period, it behaves as follows:
Each freeze period can be at most 90 days long, and the interval between consecutive freeze periods must be at least 60 days.
The restriction is supported on devices with Android 9 or later.
Management of update settings on mobile devices is vendor-specific. On some Android devices, the restriction on manual installation of operating system updates may not work correct.
Page top