Forum Discussion

ekatz's avatar
ekatz
Level 1.5: Cupcake
2 years ago

Setting UntrustedAppsPolicy to DISALLOW_INSTALL does not prevent app installs

We have devices provisioned on an Android Enterprise policy where the AdvancedSecurityOverrides.UntrustedAppsPolicy is set to DISALLOW_INSTALL, but users are still able to download APKs via browser a...
Apps
Security
ekatz's avatar
ekatz
Level 1.5: Cupcake
2 years ago

Here is the policy snippet, as retrieved directly from Google:

I am thoroughly stumped as to why this won't work.

  • Moombas's avatar
    Moombas
    Level 4.1: Jelly Bean
    2 years ago

    I'm not a developer, so please don't blame me but in the documentation following is shown:

    {
  "untrustedAppsPolicy": enum (UntrustedAppsPolicy), 
     "googlePlayProtectVerifyApps": enum (GooglePlayProtectVerifyApps), 
     "developerSettings": enum (DeveloperSettings), 
     "commonCriteriaMode": enum (CommonCriteriaMode),
     "personalAppsThatCanReadWorkNotifications": [ string ] 
    }

    So, do you need to use that enum for the DISALLOW_INSTALL as there's no string expected but maybe a number instead. My assumption to that would be compared to 1 because of the order in the documentation.

    But as said, I'm not a developer so maybe I'm totally wrong.

    • ekatz's avatar
      ekatz
      Level 1.5: Cupcake
      2 years ago

      Hi Moombas,

       

      Thanks for the input.  Actually the android mdm policy updates use the strings as the values.  I use them all over the place in the current policy, and all of the other settings work ok.

       

      Eric