Frequently Asked Questions (for Manage Engine)

Here are some common questions we get asked about managing your Android smartphone.

Tech Lockdown Team

How Do I Prevent App Uninstall?

Enforce apps on Android / Prevent deleting app on Android

Distribute an app to all devices associated with a group. This is a great way to enforce app settings, prevent app uninstall, and also automatically install an app on all devices enrolled in your MDM (and associated with your group).

Navigate to Device Mgmt > App Repository

Click Add App > Play Store App

After adding the app, click the app to customize the app settings

Click the Permissions tab, then allow all of the advanced permissions (do this only if you trust the app). At a bare minimum, you should set Allow for Block app uninstallation to prevent app uninstall from the device itself. You can remove the app using the MDM.

How Do I Block Apps?

Blacklist apps / Blocklist apps / App Blocking techniques

Blocking an app using the MDM will uninstall the app from the device if it was previously installed and prevent it from being installed in the future.

Navigate to Inventory > Apps and then click the Settings tab

For the On devices where the app is previously installed option, select Uninstall Immediately and save changes.

In the Apps tab, click Add New App to look up a specific app that isn't already installed that you want to block. If the app is already installed on the device, you should see it in the apps list.

Select the app and then click Blocklist App > Specific groups/devices.

Select your device group and click the Blocklist button to block the app for all devices within that group

How Do I Block VPNs, Proxies, or Other Apps that Configure DNS?

How to block VPNs and proxies on Android.

There are a few approaches to doing this. First, make sure that your profile restrictions > Network and Roaming has Allow users to configure VPN set to No.

Next, consider updating your profile to only allow a user to install an app that has been explicitly approved via your MDM. This will blocklist all apps by default and only allow the user to select from apps that are on your approved list. You can update your approved list by adding apps to your app repository in Inventory > Apps. Then, update your profile > restrictions > Applications and set User can install unapproved apps to Restrict.

You can also manually block each one of these kinds of apps, but this solution can be time-consuming and not comprehensive. However, it will significantly slow someone down because they won't know which apps are blocked until they try to install the app and it is automatically deleted. If you are managing a device for another person (like a child), they might assume that all VPNs/DNS apps are blocked and won't attempt to find an unblocked app.

You can also set an always-on VPN in your profile > VPN > check Always on VPN after configuring VPN settings.

Alternatively, you can configure Kiosk mode.

What are the most restrictive setups?

The recommended options are indicated in the above profile configuration section. However, here are some specific call-outs:

What is Kiosk Mode?

Kiosk mode lets you customize and limit the use of the phone to a small subset of features. For example, In Multi-App mode, the user only has access to approved apps even if unapproved apps are installed on the device previously. The apps aren't deleted, but they can't be opened.

You can also use Kiosk mode to enable Single App Mode, which lets you enforce the usage of a Kiosk app or any other app. The user can't close or switch out of the app specified in Single App Mode. This is useful when combined with a parental control kiosk app.

You can also further restrict WiFi and Network access with kiosk mode. In my opinion, the main use case for Kiosk mode is combining it with a parental control kiosk app. Otherwise, I don't think it's a viable option for most people.

How Do I Restrict/Enforce WiFi?

Restrict Wifi to only your home network. This requires that you update your MDM Profile > WiFi to include your Wifi network name in the Wi-Fi SSID field, the security type specified (usually this is WPA/WPA2) with the Wifi password entered. Then, in your profile > Restrictions > Network and Roaming, you set AWiFi:Always On and Connect to Wi-Fi if distributed via MDM:Yes.

How Do I Disable the Android Browser?

You can completely disable the ability to use internet browsers on your device. This is a great alternative to a dumb phone because you can still use apps like GPS/Maps, Spotify, etc., but you don't have to worry about plugging all the browsing loopholes.

How Do I Change Web Content Filter Settings?

Enabling the "allowlist" mode in the web content filter will restrict access to all URLs other than the ones you specify. This is also called a "default-deny" approach where you can't visit a URL unless it is specifically allowed.