Restriction Payload
- Martin Gudme Søndergaard
Owned by Martin Gudme Søndergaard
May 23, 2022
7 min read
Loading data...
Description
This payload can be used to restrict Android device capabilities.
Configuration
| CONFIGURATION | DESCRIPTION | DEFAULT |
|---|---|---|
| Allow Google Play Store | When false, prevent a user from installing unauthorized applications on the device. | [Checked] |
| Allow Google Accounts auto-sync | Allow or disallow google accounts to sync automatically. This policy will not block the play store from update installed apps because it doesn't rely on google account auto-sync for that. Also, the user will still be able to perform manual sync from inside some applications like Gmail. | [Checked] |
| Calls and Data | ||
| Allow cellular data | Allow or disallow mobile data connections. If disallowed, the user cannot use its data connection through the SIM. | [Checked] |
| Set emergency call only | If true, only emergency calls are allowed. All other calls are blocked. | [Not Checked] |
| Allow incoming SMS | Allow or disallow incoming Short Message Service (SMS) text messages. | [Checked] |
| Allow outgoing SMS | Allow or disallow outgoing Short Message Service (SMS) text messages. | [Checked] |
| Allow outgoing MMS | Allow or disallow outgoing Multimedia Messaging Service (MMS) messages. | [Checked] |
| Allow incoming MMS | Allow or disallow incoming Multimedia Messaging Service (MMS) messages. | [Checked] |
| Allow push roaming | Enable or disable the processing of WAP PUSH messages. Disabling prevents MMS messages from being received during device roaming. This setting is applied only when the device is in roaming mode. If set to false, the user cannot change this setting because the corresponding UI is disabled. If set to true, the corresponding UI setting is enabled, and the user can change settings. | [Checked] |
| Allow sync roaming | Enable or disable the automatic sync of applications such as email (including Gmail), contacts, calendar, and other applications that use an account. This setting is applied only when the device is in roaming mode. If set to false, the user cannot change this setting because the corresponding UI is disabled. If set to true, the corresponding UI setting is enabled, and the user can change settings. | [Checked] |
| Allow data roaming | Enable or disable cellular data usage during roaming. Disabling prevents applications from connecting to the Internet while the device is in roaming mode. This setting is applied only when the device is in roaming mode. If set to false (disable), the user cannot change this setting because the corresponding UI is disabled. If set to true, the corresponding UI setting is enabled, and the user can change settings. | [Checked] |
| Allow voice call roaming | Enable or disable voice calls during device roaming. | [Checked] |
| Allow user to set mobile data limit | When set to false, disallow the user from setting the mobile data limit. Even when the disallowed users still are able to manipulate android "Warning" message. | [Checked] |
| Allow Airplane mode | Allow or disallow Airplane Mode. If Airplane Mode is disallowed when it is already on, Airplane Mode will be turned off. | [Not Checked] |
| Media | ||
| Allow recording (video) | Enable or disable video recording without user interaction. The device camera is still available after disabling video recording so that users can take pictures and use video streaming. When video recording is disabled, any ongoing video recording is interrupted. | [Checked] |
| Allow recording (audio) | When false, audio recording is disabled. The device microphone is still available after disabling audio recording so that the user can make calls and use audio streaming. Video recording is still allowed if no audio recording is attempted. | [Checked] |
| Allow camera | When false, the camera is disabled. User or third-party applications cannot enable the camera once it is disabled. This disables the photo camera, video camera, and video telephony functionality. | [Checked] |
| Allow headphones | When false, Headphones will be disabled. Enabling headphones while they are still plugged in will not work because headphones need to be initialized by re-plugging in | [Checked] |
| Allow microphone | When a false, user, or third-party applications cannot enable the microphone once it is disabled. This only disables the microphone used for recording, not the phone application microphone. | [Checked] |
| Device settings | ||
| Allow VPN | Allow or disallow the use of the native VPN functionality. If set to false, the user cannot establish a VPN session, and the UI for using VPN through the Settings application is inaccessible. | [Checked] |
| Allow NFC | Enable or disable NFC. If set to false, NFC will be turned off and the user will not able to turn it on. S-Beam feature which depends on this policy will also be affected by this setting. | [Checked] |
| Allow Bluetooth | When false, Bluetooth access is disabled. User or third-party applications cannot enable Bluetooth access once it is disabled... When set to true, Bluetooth UI access is enabled but not Bluetooth functionality | [Checked] |
| Allow setting changes | Allow or prevent changes to the Settings application. After disabling Settings, several changes to system preferences cannot be made. | [Checked] |
| Allow Factory Reset | Enable or disable the user from performing a factory reset. | [Checked] |
| Allow USB debugging mode | When false, This function blocks any kind of device debugging through Dalvik Debug Monitor Server (DDMS) or adb. | [Checked] |
| Allow mock location | Enable or disable mocking the device's GPS location. If set to true, the device can change its actual longitude and latitude readings, and GPS applications will show the fake coordinates instead of the actual coordinates. | [Checked] |
| Allow safe mode boot | Allow or disallow Safe Mode boot. | [Checked] |
| Allow Clipboard share | Allow or disallow sharing a global clipboard between applications. If clipboard sharing is disabled, each application has an individual clipboard. | [Checked] |
| Allow wallpaper change | Allow or deny changing the device wallpaper. | [Checked] |
| Allow Screen capture | When false, this prevents the user from taking screenshots of the device screen. | [Checked] |
| Allow Screen pinning | Screen Pinning is an Android feature that allows the user to screen pin any application. A pinned application will never lose focus on any other activity until it is canceled by the user. Administrator could use this policy to block the Screen Pinning feature on the device. If it is set to false, the user will not be able to pin any application and any current pinning will be canceled. Otherwise, if it is set to true, this feature will be allowed again. | [Checked] |
| Allow lock screen views | Allow or disallow lock screen views in devices, like widgets and shortcuts. | [Checked] |
| Allow Android Beam | When false, block the use of Android Beam on the device. When Android Beam is disabled, the user is not able to send information (contacts, e-mails, Web addresses, etc.) using Android Beam. S-Beam is also disabled when Android Beam is disabled. | [Checked] |
| Allow S-voice | Allow or disallow launching the S Voice application (Samsung personal assistant). When S Voice is disabled, the user can neither set a new wake-up command nor unlock the device by using a wake-up command set prior to disallowing S Voice. In addition, once disallowed, the administrator can no longer set a new face and voice lock screen. However, the device can still be unlocked if the lock screen had already been set prior to disallow S Voice. | [Checked] |
| Allow S-Beam | When false, block the use of S Beam on the device. S Beam allows users to share content using near field communication (NFC) or Wi-Fi Direct. When S Beam is disabled, the user cannot send or receive files using S Beam | [Checked] |
| Allow set date/time | When false, this prevents the user from changing the date and time setting. | [Checked] |
| Allow Firmware update | Allow or disallow firmware update. | [Checked] |
| Allow development mode | Allow or disallow Developer Mode options in the device Settings. | [Checked] |
| Allow lock screen settings | Allow or disallow lock screen menu in the device Settings. | [Checked] |
| Storage and Encryption | ||
| Allow SD card write | Enable or disable writing to the SD card. If false, all possible writes to the SD card are blocked. | [Checked] |
| Allow SD card | Anable or disable data access to the SD card. If false, any attempt to transfer data to the SD card fails. | [Checked] |
| Allow USB host storage | When false, external storage devices are disallowed from being mounted. If enabled, a user can connect any pen drive (portable USB storage), external HD, or Secure Digital (SD) card reader, and it is mounted as a storage drive on the device. | [Checked] |
| External storage encryption | When true, this enables external Secure Digital (SD) card encryption if available. Before enabling, ensure that the device password is set to alphanumeric quality. Set an alphanumeric quality password by using the Passcode Profile under Common | [Not Checked] |
| Allow MTP | Allow or disallow MTP (media transfer protocol). Since Android only supports USB file transfer through MTP, using this will block any kind of file transfer through USB. PTP (picture transfer protocol) is a subset of MTP and will also be affected by this. | [Checked] |
| Internal storage encryption | When true, this enables full device encryption, which includes device memory and an internal Secure Digital (SD) card if available. Before enabling, ensure that the device password is set to alphanumeric quality. Set an alphanumeric quality password by using the Passcode Profile under Common | [Not Checked] |
| Allow SD card move | Allow or disallow SDCard Move options. | [Checked] |
| Wi-Fi and Tethering | ||
| Allow Bluetooth tethering | Allow or disallow the device sharing its carrier data connection with other devices through a Bluetooth connection. If set to false, access to Bluetooth tethering functionality is disabled. If it set to true, access to Bluetooth tethering is enabled. Enabling access to Bluetooth tethering does not enable Bluetooth tethering. | [Checked] |
| Allow USB tethering | Allow or disallow the device sharing its carrier data connection with other devices through a USB connection. If set to false, access to USB tethering functionality is disabled. If it set to true, access to USB tethering is enabled. Enabling access to USB tethering does not enable USB tethering. | [Checked] |
| Allow Wi-Fi tethering | Allow or disallow the device sharing its carrier data connection with other devices through a Wi-Fi connection. If set to false, access to Wi-Fi tethering functionality is disabled, and the user cannot turn it on until the administrator enables it again. If set to true, access to Wi-Fi tethering is enabled. Enabling access to Wi-Fi tethering does not enable Wi-Fi tethering. | [Checked] |
| Allow tethering | When false, block the device from sharing its carrier data with another device through USB, WiFi, and Bluetooth. | [Checked] |
| Allow Wi-Fi | When a false, user or third-party applications cannot enable Wi-Fi access once it is disabled. Wi-Fi is turned off and disabled. If set to true, the Wi-Fi UI setting is enabled for user access but Wi-Fi functionality is not enabled. Wi-Fi Direct and S-Beam features which depend on this policy will also be affected by this setting. | [Checked] |
| Allow Wi-Fi Direct | When false, any ongoing Wi-Fi Direct connection is interrupted, and the user cannot turn on Wi-Fi Direct. S-Beam feature which depends on this policy will also be affected by this setting. | [Checked] |
| Browser settings | ||
| Allow browser security settings | When false, this function overrides the browser default show security warnings setting. This setting applies to the native Android browser to force the browser to show an untrusted certificate security warning to the user when applicable. | [Checked] |
| Allow browser pop-up settings | When false, the setting overrides the default pop-up browser setting to prevent any website from popping up new browser windows when the user navigates to a website that invokes such action. The setting applies to the native Android browser. | [Checked] |
| Allow browser JavaScript settings | When false, this function overrides the browser default JavaScript setting. This setting is applied to the native Android browser to prevent the browser from running JavaScript code for a website. | [Checked] |
| Allow browser cookie settings | When false, this function overrides the default browser cookies setting. This setting is applied to the native Android browser to prevent any website from storing cookies related to the website on the device. | [Checked] |
| System Update | ||
| Allow Android System Updates | Allow or disallow android system updates | [Checked] |