Category filter
How to Blocklist/Allowlist apps on Android devices
Organizations may require to block apps on their devices for various reasons. They may block apps to avoid access to certain apps that may decelerate productivity, prevent malicious apps for data security, and restrict unwanted content on their devices.
With Hexode UEM, the admin can either blocklist or allowlist apps on Android devices. The Blocklist feature blocks the users from accessing any apps added to the list. Whereas, Allowlist restricts the users from using any apps other than the ones allowed.
Applying policy to Blocklist apps
To block apps on a device using Hexnode’s Blocklist policy,
- Log in to your Hexnode UEM portal.
- Tap on Policies > New Policy > Android > App Management > Blocklist/Allowlist. Click on Configure.
- Choose the Blocklist button and click on +Add to add either an app or a group of apps to be blocklisted.
- Once you have selected all the apps, click Done.
- Next, associate the policy with the target devices by clicking on Policy Targets.
- Select the Devices/Device Groups/User/User Groups/Domains with which the policy is to be attached.
- Click Save.
Policy name– Assign a suitable name for the policy. This is a mandatory field.
Description– Provide a brief description of the policy.
Applying policy to Allowlist apps
To block apps using Hexnode’s Allowlist feature,
- Select Allowlist from Policies > New Policy > Android > App Management > Blocklist/Allowlist > Configure.
- Enable the option Blocklist all non-launchable apps to blocklist the non-launchable applications (for example, Google Play services, Android System WebView, etc.) explicitly.
- Click on the +Add button to add the required apps or app groups to the list. Note that the users cannot access any apps other than the ones mentioned in this list.
- Click Done after selecting the required apps.
- Next, associate the policy with the target devices by clicking on Policy Targets.
- Select the Devices/Device Groups/User/User Groups/Domains with which the policy is to be attached.
- Click Save.
- Supported by Samsung Knox devices and devices enrolled via Android Enterprise.
- If the device is enrolled in Android Enterprise in profile owner mode, only the work apps (the ones with the work badge) can be allowlisted/blocklisted.
- Kiosk mode is another lockdown mechanism where you can restrict your devices to work in purpose-specific modes. The admin can limit the users to accessing only the required apps.
- If the user associates two policies on the same device in which they blocklist an app in one and allowlist the same app in the other, the app will be blocklisted.
- For Samsung Knox devices, the user will be able to access an already installed app that is blocklisted/allowlisted. But the user will not be able to install a newly blocklisted app or update an existing one.
- Users are not allowed to install or update a blocklisted app. However, in Samsung Knox, blocklisting an already installed app will not remove an app or hide its icon, and the users are allowed to access the apps.
- Blocklisting/Allowlisting won’t hide apps on other Android devices. Instead, they will be marked as ‘non-compliant’ and the admin is notified via email if notification is enabled from Admin > Notifications. However, on a device enrolled in Android Enterprise program, the blocklisted apps get hidden from the device.
- If the user tries to install a blocklisted app, he receives a notification specifying that the app cannot be installed.
- Conversely, if the user tries to allowlist a set of apps, all the other apps not included in the list will be treated as blocklisted. A notification specifying the restriction is received if the user tries to update/install a non-allowlisted app.
In case the user chooses to include an app group, all the apps included in the group can be either blocklisted or allowlisted.
