One of the end users has downloaded and wants to run an Application from Google Play store on his device.
He can download the App, but receives a message popping up that device management does not allow running the App when opening it.
The device got a Restriction profile deployed, that is not specifically denying permission to run this App.
There's also no Application blacklist present etc.
When I remove the Restriction profile from the device, the App run's normal.
I can't find any setting in the Restriction Profile blocking the App.
Even configured a restriction profile allowing everything and pushed that to the device, but that still blocked the Application.
The permissions that are listed for the Application.
(there are no switches available for these permissions, cannot turn them on or off).
-full network access
-show network connections
-prevent sleep mode
-play install referrer api
-receive internet data
-read Google service configuration
Question is if I am overlooking a setting in the Restriction Profile?
Or is there an implicit deny when a Restriction Profile is deployed?
Device is corporate owned.
The App is downloaded from an added Google ID (personal) account on the device , which is allowed.
I 've configured both
-fully managed-
and
-corporate owned personally enabled-
in the Settings section for Android (all settings/devices and users/android EMM registration / Enrollment settings).
Both give the same result.
Meaning the App can run normally in both setups, only when the Restriction profile (which allows anything) , is removed.
Hi Cie,
In a test environment this was solved by allowing accounts to be added, in the restriction profile payload. As the App starts a wizard that creates an account on the device this was a required setting to make the App work.
In production this was solved after factory reset and reenrollment of the device, with restriction profile described above, allowing add/remove accounts.
here's the Restriction profile payload in xml
' <wap-provisioningdoc id=' a0b30531-1f28-485c-81c0-38e7486cbc34' name=' Restriction/V_11' allowRemoval=' True' ><characteristic uuid=' 9aa55b56-2e5f-4336-8212-1d3d9d8342ca' type=' com.airwatch.android.androidwork.restrictions' target=' 2' ><parm name=' allowCamera' value=' True' /><parm name=' SkipFirstUseHints' value=' False' /><parm name=' allowFactoryReset' value=' False' /><parm name=' allowBluetooth' value=' True' /><parm name=' allowBluetoothAndroidO' value=' True' /><parm name=' allowOutgoingBluetoothConnections' value=' True' /><parm name=' allowUSBDebugging' value=' False' /><parm name=' allowBackupService' value=' True' /><parm name=' allowWifiChanges' value=' True' /><parm name=' allowAllTethering' value=' True' /><parm name=' allowNonMarketAppInstall' value=' False' /><parm name=' allowUSBMassStorage' value=' True' /><parm name=' allowGooglePlay' value=' True' /><parm name=' allowChrome' value=' True' /><parm name=' allowScreenCapture' value=' True' /><parm name=' allowAccountChanges' value=' True' /><parm name=' allowRemoveWorkAccount' value=' False' /><parm name=' allowOutgoingPhoneCalls' value=' True' /><parm name=' allowSMS' value=' True' /><parm name=' allowCredentialsChanges' value=' True' /><parm name=' allowKeyguardFeatures' value=' True' /><parm name=' allowKeyguardCamera' value=' True' /><parm name=' allowKeyguardNotifications' value=' True' /><parm name=' allowKeyguardFingerprint' value=' True' /><parm name=' allowKeyguardTrustAgent' value=' True' /><parm name=' allowKeyguardUnredacted' value=' True' /><parm name=' allowModifyingAppsSettings' value=' True' /><parm name=' allowInstallingApps' value=' True' /><parm name=' allowUninstallingApps' value=' True' /><parm name=' allowDisableAppVerify' value=' False' /><parm name=' allowUSBFileTransfer' value=' True' /><parm name=' allowVPNChanges' value=' True' /><parm name=' allowMobileChanges' value=' True' /><parm name=' forceScreenOnPluggedAC' value=' False' /><parm name=' forceScreenOnPluggedUSB' value=' False' /><parm name=' forceScreenOnPluggedWireless' value=' False' /><parm name=' allowStatusBar' value=' True' /><parm name=' allowKeyguard' value=' True' /><parm name=' allowAddingUsers' value=' True' /><parm name=' allowRemovingUsers' value=' True' /><parm name=' allowSafeBoot' value=' True' /><parm name=' allowNFC' value=' True' /><parm name=' allowManagedWifiChanges' value=' True' /><parm name=' allowSetWallpaper' value=' True' /><parm name=' allowSetUserIcon' value=' True' /><parm name=' allowNonGoogleAccounts' value=' True' /><parm name=' whitelistPermittedAccessibilityServices' value=' False' /><parm name=' AllowSystemWindows' value=' True' /><parm name=' AllowSystemErrorDialogs' value=' False' /></characteristic><characteristic uuid=' ba6973dd-2506-4f1f-ac9f-03ef71887302' type=' com.airwatch.android.androidwork.restrictions' target=' 1' ><parm name=' SkipFirstUseHints' value=' False' /><parm name=' allowCamera' value=' True' /><parm name=' allowOutgoingBluetoothConnections' value=' True' /><parm name=' allowUSBDebugging' value=' False' /><parm name=' allowNonMarketAppInstall' value=' False' /><parm name=' allowGooglePlay' value=' True' /><parm name=' allowChrome' value=' True' /><parm name=' allowScreenCapture' value=' True' /><parm name=' allowAccountChanges' value=' True' /><parm name=' allowKeyguardFingerprint' value=' True' /><parm name=' allowKeyguardTrustAgent' value=' True' /><parm name=' allowKeyguardUnredacted' value=' True' /><parm name=' allowInstallingApps' value=' True' /><parm name=' allowUninstallingApps' value=' True' /><parm name=' allowDisableAppVerify' value=' False' /><parm name=' allowWorkPersonalPaste' value=' False' /><parm name=' allowWorkToAccessPersonal' value=' True' /><parm name=' allowPersonalToAccessWork' value=' False' /><parm name=' allowPersonalShareWithWork' value=' True' /><parm name=' allowWorkShareWithPersonal' value=' False' /><parm name=' allowWorkContactsInPhone' value=' True' /><parm name=' allowWorkWidgetsToPersonal' value=' True' /><parm name=' allowContacts' value=' True' /><parm name=' allowNFC' value=' True' /><parm name=' allowBluetoothContactSharing' value=' True' /><parm name=' allowNonGoogleAccounts' value=' True' /><parm name=' whitelistPermittedAccessibilityServices' value=' False' /></characteristic></wap-provisioningdoc>'