Application Compliance

The Application Compliance settings provide configuration options for restricted apps, allowed apps, required apps, and restricted app permissions on Android devices.

Note: To enable this policy on Android 5.0+ devices, you must enable Usage access permission on the Android device.
The following table describes the compliance settings that you can configure for apps on a device:
Policy setting Description Supported devices
System apps to be allowed Native Google apps for managed devices. It ensures that specific System Applications and components are enabled. Disabling the application is not guaranteed. To disable an application, use Configure Disabled Apps feature.
Note: OEM vendors might replace these apps with their own Android image. To allow OEM system apps, go to the Other System Apps To Be Allowed setting.
  • Google Clock App: com.google.android.deskclock
  • Google Docs: com.google.android.apps.docs.editors.docs
  • Google Drive: com.google.android.apps.docs
  • Gmail: com.google.android.gm
  • Google Plus: com.google.android.apps.plus
  • Google Keep: com.google.android.keep
  • Google Sheets: com.google.android.apps.docs.editor.sheets
  • Google Slides: com.google.android.apps.docs.editors.slides
  • Google News and Weather: com.google.android.appls.genie.geniewidget
  • Calculator: com.google.android.calculator
  • Calendar: com.google.android.calendar
  • Google Maps: com.google.android.apps.maps
  • Google Camera: com.google.android.googlecamera
  • Photos: com.google.android.apps.photos
  • Chrome Browser: com.android.chrome
 Android 5.0+ PO and DO
Other system apps to be allowed The apps that can be used on managed devices. Enter the app ID of system apps (Google or third-party) that are allowed for the devices on the policy. Android 5.0+ PO and DO
Configure required apps The app is required on the managed device. The app IDs of apps cannot be removed by the user. Android 5.0+ PO and DO
Configure disabled apps Embedded apps that cannot be hidden or deleted. These apps are disabled by listing the app IDs. The app ID is displayed on the device, but the user cannot launch the app from the device. Android 7.0+ PO and DO
Configure allowed apps The apps that are allowed on managed devices. All other user-installed apps are disabled.

Apps to be allowed: Provide comma-separated app IDs of the allowed apps. For example, com.ibm.security.verifyapp

Note:
  • This setting only applies to apps that are installed by users.
  • The following apps are not affected:
    • System apps
    • First-party apps such as Secure Mail or Browse
    • Managed apps installed from the App Catalog
    • Apps that are configured as required apps
Allows all apps from app Catalog: Administrator can control and allow all apps from the App Catalog based on the new policy setting.
Note:
  • By default, Allow all apps from app catalog option is selected.
  • The sequence of apps from the policy will be displayed first, according to the policy's order, and apps from the App Catalog will be placed at the end.
  • If Allow all apps from app catalog option is deselected and the App IDs are configured in Apps to be allowed, then only configured apps are allowed on the device.
 Android 7.0+ PO and DO
Configure Restricted Applications by App Permissions The permissions that are restricted on managed devices. Apps that use these permissions are disabled on managed devices.
  • Permission: Select the restricted permissions. Use the + icon to select multiple permissions.
  • Other Permissions: Provide the app permission strings manually. For more information on Android app permissions, see https://developer.android.com/reference/android/Manifest.permission.html.
  • App Exceptions: Provide the list of apps that are allowed on managed devices despite using restricted permissions.