byod - How to block debugging function?

Go to solution
gy
Level 1.6: Donut

‎12-07-2023 10:22 PM - edited ‎12-07-2023 10:43 PM

I'm developing a BYOD workplace profile, and one of the required features in the functional specification is as follows:

"2.7.2. Debugging features must be blocked. This subfeature is supported by default."

I'm trying to implement this feature, and in the REST Resource: enterprises.policies - AdvancedSecurityOverrides - DeveloperSettings, I'm configuring either DEVELOPER_SETTINGS_DISABLED or DEVELOPER_SETTINGS_ALLOWED. However, it seems that either option doesn't restrict the developer options on the device. I'm curious about the role of these options, whether they are functioning correctly, or if this feature is not implementable in a BYOD context.

Sorry if I wrote this through a translator so the context may be incorrect.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Moombas
Level 4.0: Ice Cream Sandwich
In response to gy

‎12-08-2023 12:39 AM - edited ‎12-08-2023 01:05 AM

I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.

This could be also a setting maybe only being able to be set via an OEM config app (if available).

I found this in the Samsung Knox Service Plugin (= their OEM app):

Moombas_0-1702024700548.png

But only for a fully managed device but maybe for COPE as well (but not BYOD).

View solution in original post

3 REPLIES 3

Go to solution
Moombas
Level 4.0: Ice Cream Sandwich

‎12-07-2023 11:25 PM

Not sure if you can, I just checked this in the MDM we use and there's no option for this (would expect this already be there as this could be important for security reasons).

I see it only available for COPE devices, so I assume you are not allowed on a BYOD device to change this as the device is owned by the user.

Go to solution
gy
Level 1.6: Donut
In response to Moombas

‎12-08-2023 12:26 AM

In COPE, if you set AdvancedSecurityOverrides - DeveloperSettings to DEVELOPER_SETTINGS_DISABLED, does it work to block access to the device's developer options?

0 Kudos

Go to solution
Moombas
Level 4.0: Ice Cream Sandwich
In response to gy

‎12-08-2023 12:39 AM - edited ‎12-08-2023 01:05 AM

I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.

This could be also a setting maybe only being able to be set via an OEM config app (if available).

I found this in the Samsung Knox Service Plugin (= their OEM app):

Moombas_0-1702024700548.png

But only for a fully managed device but maybe for COPE as well (but not BYOD).