The Android passcode configuration enforces the use of a specific password according to the passcode settings defined by the administrator.
The administrator can configure the desired protection level by choosing from multiple password properties, e.g. length, complexity and the validity period of the passcode.
The “App compliance” configuration allows the administrator to define which applications are allowed to be run and installed on the user’s device. The applications are identified by their package name which can be looked up via the Google Play Store or by checking the “Installed Applications” tab in the device’s details.
The “App compliance” configuration allows to set two global settings which define if the configuration works with a blacklisting or whitelisting mechanism. You can also define required apps, which needs to be installed by the user to get compliant.
If you check the “Disable all” button, the configuration works with whitelisting.
This means that once the policy is applied by default every application which is not a native Android or the Relution application is prevented from being executed and seen by the user (in case of KNOX supporting devices).
Alternatively, you can only use the “Revoke internet permission for all” button which prevents applications from accessing the internet. This allows applications to be executed but without access to the internet. This can be useful in some cases but we don’t recommend to use this unless really necessary due to some apps crashing if they are not able to access the internet. Depending on the application this can have a immense impact on the user experience and satisfaction.
By adding a package name to the configuration in whitelisting mode, you can exclude specific applications which are not considered by device when enforcing your application control policy. As seen in the section below you can however add further restrictions to the specific application.
If you don’t check one or both of these settings, the configuration works as a blacklist.
You can now enter an application’s package name and explicitly set the permissions the app is granted on the device.
Once a package name was added to the configuration (in black- or whitelisting mode) the following options are displayed:
This setting prevents the execution of the specified app if it is started by the user. This feature is intented for stock Android devices only as it can be seen as a equivalent for the disable feature of Samsung KNOX devices. Background processes or system apps will not be blocked.
This setting disables the specified app. The disabled application package is not uninstalled but it can’t be seen and thus executed by the device user. In theory, if disabled application packages are uninstalled and then reinstalled, they would be enabled again. Relution however prevents this by keeping a permanent blacklist and prohibiting the installation.
This feature works only on Samsung KNOX devices.
This setting stops the application process of the associated package name if it is currently running. It however does not stop the app from being run again by the user. Running downloads and background processes are not affected by this option and will still run. This feature works for Samsung KNOX devices.
This feature revokes the internet permission of the specified app. Using this feature won’t disable or uninstall the application. When an application tries to access the removed internet permission, it won’t be granted to it and a security exception will be thrown by the Android framework. If the application is not able to handle the exception it probably crashes.
The policy will be enforced immediately if the given application is already present in the device. In case if the application is not installed, it will be enforced during the application install time. Also once the policy is applied, it will be enforced all the time (even if the application is uninstalled and reinstalled back).This feature works for Samsung KNOX devices.
If this option is set, the configuration will only be active when the device is in roaming mode.
If this option is set, the configuration will not be active if the device is in roaming mode and is connected to a wifi network.
The “Restrictions” configuration is used to allow or disallow specific features of the operating system. There are general restrictions, app restrictions and browser restrictions. For example it is possible to disable the camera on the device in the sector “general restriction”. All applications which try to access the camera will not be allowed to use it anymore if the checkbox “Disable camera” is checked.
The “Wi-Fi” configuration allows you to preconfigure the settings of a known wireless network within the Android Wifi manager. You specify the network’s name (SSID), the authentication type and the credentials. Additionally you can set a priority value to the network configuration which Android uses to decide to which network to connect to. (0: default, priority increases with value)
(available for Samsung KNOX devices version 2.1+)
This configuration allows you to distribute exchange configurations on your users devices. You can preconfigure connection, security and synchronization details.
When checking the “Automatically insert …” boxes the corresponding fields will be automatically filled with the user’s data.
Once the policy is applied on the user’s device, they will get a notification to click on which automatically configures their email account and calendar.
The “Kiosk Mode” configuration allows you to force the presentation or kiosk mode on the device. The Relution Launcher will be started on the device and you can define if only one or more apps are allowed to be used by the user.
You can define a custom wallpaper, lockscreen image, hide the navigation bar, specify an emergency phone number (KNOX 4.0+) and more.
(available on Samsung KNOX devices version 2.0+)
The “Certificate” configuration allows you to deploy your own certificates (and thus custom trusted Certificate Authorities) on the device.
In order to add custom certificates to Android native’s certificate manager a passcode must be set on the device. Relution only allows the use of the certificate configuration if a passcode configuration is already existing. You will be prompted to add a passcode configuration if it does not exist when you attempt to add a certificate configuration.
To be able to choose your custom certificate in the dropdown list, you need to add it first in the Settings > Certificate area.
Once you’ve chosen your certificate in the configuration you can press “Save” and once the policy gets applied on a device, the certificate is added to the list of trusted authorities within the Android certificate manager.