App Startup Control on Android devices

To keep the user's mobile device secure, you must configure the settings for app startup on the device (see the figure below).

ksm_app_control

Restricting startup of apps from the Games category

You can impose restrictions on the user's activity on a device on which blocked apps are installed or required apps are not installed (for example, lock the device). You can impose restrictions using the Compliance Control component. To do so, in the scan rule settings, you must select the Forbidden apps are installed, Apps from forbidden categories are installed or Not all required apps are installed criterion.

Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure proper functioning of App Control on mobile devices running Android 5.0 or later. Kaspersky Endpoint Security for Android prompts the user to set the app as an Accessibility feature through the Initial Configuration Wizard. The user can skip this step or disable this service in the device settings at a later time. If this is the case, App Control does not run.

To configure the settings of app startup on the mobile device:

  1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking.
  4. In the policy Properties window, select the App Control section.
  5. In the Operation mode section, select the mode of app startup on the user's mobile device:
    • To allow the user to start all apps except those specified in the list of categories and apps as blocked apps, select the Blocked apps mode.
    • To allow the user to start only apps specified in the list of categories and apps as allowed, recommended, or required apps, select the Allowed apps mode.
  6. If you want Kaspersky Endpoint Security for Android to send data on forbidden apps to the event log without blocking them, select the Do not block forbidden apps, write to event log only check box.

    During the next synchronization of the user's mobile device with the Administration Server, Kaspersky Endpoint Security for Android writes an entry for A forbidden app has been installed in the event log. You can view the Event log on the Events tab in the Administration Server properties or in the local properties of the application.

  7. If you want Kaspersky Endpoint Security for Android to block the startup of system apps on the user's mobile device (such as Calendar, Camera, and Settings) in Allowed apps mode, select the Block system apps check box.

    Kaspersky Lab experts recommend against blocking system apps because this could lead to failures in device operation.

  8. Create a list of categories and apps to configure startup of apps.

    For details on app categories, please refer to the Appendices.

    For a list of the apps that belong to each category, please visit the Kaspersky Lab website.

  9. Click the Apply button to save the changes you have made.

Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center.

Page top