Forum Discussion

gy's avatar
gy
Level 1.6: Donut
2 years ago
Solved

byod - How to block debugging function?

I'm developing a BYOD workplace profile, and one of the required features in the functional specification is as follows:

"2.7.2. Debugging features must be blocked. This subfeature is supported by default."

I'm trying to implement this feature, and in the REST Resource: enterprises.policies - AdvancedSecurityOverrides - DeveloperSettings, I'm configuring either DEVELOPER_SETTINGS_DISABLED or DEVELOPER_SETTINGS_ALLOWED. However, it seems that either option doesn't restrict the developer options on the device. I'm curious about the role of these options, whether they are functioning correctly, or if this feature is not implementable in a BYOD context.

Sorry if I wrote this through a translator so the context may be incorrect.

Devices
Work Profile
  • Moombas's avatar
    Moombas
    2 years ago

    I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.

    This could be also a setting maybe only being able to be set via an OEM config app (if available).

    I found this in the Samsung Knox Service Plugin (= their OEM app):

    But only for a fully managed device but maybe for COPE as well (but not BYOD).

  • Moombas's avatar
    Moombas
    Level 4.1: Jelly Bean
    2 years ago

    Not sure if you can, I just checked this in the MDM we use and there's no option for this (would expect this already be there as this could be important for security reasons).

    I see it only available for COPE devices, so I assume you are not allowed on a BYOD device to change this as the device is owned by the user.

    • gy's avatar
      gy
      Level 1.6: Donut
      2 years ago

      In COPE, if you set AdvancedSecurityOverrides - DeveloperSettings to DEVELOPER_SETTINGS_DISABLED, does it work to block access to the device's developer options?

      • Moombas's avatar
        Moombas
        Level 4.1: Jelly Bean
        2 years ago

        I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.

        This could be also a setting maybe only being able to be set via an OEM config app (if available).

        I found this in the Samsung Knox Service Plugin (= their OEM app):

        But only for a fully managed device but maybe for COPE as well (but not BYOD).