Hi DilanA/EMM Team, @DilanA :Thanks for the information.
I have assumed policy creator know the package names of the applications which need to be restricted in the device and implemented the mdm policy UI for app restriction list and able to publish the restriction list to the device successfully as the first step. Some terminology has been changed after this thread initialised. As of now If AWL is enabled we will provide role based application access. Policy creator will define application white list with set of roles along with the application. Only those roles will be able to access the application. If ABL is enabled, policy creator will define black list via the UI and those application list will not be allowed to run on any device. @EMM Team: I got several questions regarding the restriction apps using mobile agent app. 1. If we provide AWL, only those applications will show in app manager store. Other app stores, side loading and google play store needs to be blocked. This kind of behaviour can be provided only via system app(which is now developing) for COPE situation. What kind of solution are we going to provide for BYOD scenario? 2. If we provide ABL, we need to restrict the application execution and installation. Again this will be feasible with COPE scenario because of the system app. But for BYOD scenario, according to posts I have read there is no broadcasts for application launch event or application install start events. So one option would be to create a periodically running background service which search for application that are running in the foreground and blocking that app if found in restriction list. WDYT about this approach? Anyway even via this approach, It is not possible to detect which application is installing at the moment of checking. In that case how we blocking app installation. Any idea to resolve this is much appreciated. Thanks On Mon, Feb 8, 2016 at 5:36 AM, Dilan Udara Ariyaratne <[email protected]> wrote: > Hi Lakshman, > > With respect to EMM space, I think that this requirement should be handled > from device policy level. > > FYI, a device policy is a set of configurations that we set to be > published for a number of devices based on Roles and Users. > If we think about this requirement too in the same way, it is a > application level configuration that we publish for a set of devices based > on Roles and Users. > > Therefore, It seems that you can integrate this use case with the existing > device policy UI [1] as two more feature additions to the "Configure > Profile" section. > i.e. One feature for White Listed Apps and the other for Black Listed Apps. > > Thanks, > Dilan. > > > *Dilan U. Ariyaratne* > Software Engineer > WSO2 Inc. <http://wso2.com/> > Mobile: +94725197942 > lean . enterprise . middleware > > On Tue, Feb 2, 2016 at 5:47 PM, Lakshman Udayakantha <[email protected]> > wrote: > >> [adding Dakshika] >> >> On Tue, Feb 2, 2016 at 5:45 PM, Lakshman Udayakantha <[email protected]> >> wrote: >> >>> Hi All, >>> >>> @KasunD/PrabathA: Thanks for your suggestions. I will check for methods >>> to block application installations for lower api level than 23 also. >>> I have created mockup UIs to create, edit , view lists which should be >>> added to app publisher UI and attached mockup UIs to this mail. >>> @UX team: Could you do a quick review and make suggestions to make them >>> better. >>> >>> >>> Thanks >>> >>> On Tue, Feb 2, 2016 at 9:54 AM, Harshan Liyanage <[email protected]> >>> wrote: >>> >>>> Hi Inosh, >>>> >>>> There may be some cases where enterprises need to have application >>>> policies for individual users. But I think that scenario is very unlikely. >>>> If we take an organization, every user will map to one or more user-roles. >>>> There might be situations where a role has only one user (i.e like CEO, >>>> MD). But still we can achieve it via the application policies for >>>> user-roles. >>>> >>>> Thanks, >>>> >>>> Harshan Liyanage >>>> Software Engineer >>>> Mobile: *+94724423048* >>>> Email: [email protected] >>>> Blog : http://harshanliyanage.blogspot.com/ >>>> *WSO2, Inc. :** wso2.com <http://wso2.com/>* >>>> lean.enterprise.middleware. >>>> >>>> On Tue, Feb 2, 2016 at 9:37 AM, Inosh Perera <[email protected]> wrote: >>>> >>>>> Hi all, >>>>> >>>>> Role based application restriction will be provided. Administrator >>>>> will define a list of applications as a black list and a set of roles >>>>> which >>>>> is to be restricted to the application, along with the applications. >>>>> Is there any particular reason for not having application policies for >>>>> individual users? >>>>> >>>>> Regards, >>>>> Inosh >>>>> >>>>> On Mon, Feb 1, 2016 at 11:05 PM, Prabath Abeysekera <[email protected] >>>>> > wrote: >>>>> >>>>>> >>>>>> On Mon, Feb 1, 2016 at 6:14 PM, Kasun Dananjaya Delgolla < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Lakshman, >>>>>>> >>>>>>> In terms of Android you can use blocking APIs[1] in Marshmallow SDK >>>>>>> (SDK 23) to achieve this. We already use DevicePolicyManager API so you >>>>>>> can >>>>>>> straightaway add these new stuff into the same android agent API layer. >>>>>>> Also for older API levels ( < 23) earlier we used a mechanism just to >>>>>>> warn >>>>>>> the user if a blacklisted app is installed on the device since blocking >>>>>>> of >>>>>>> apps is not supported in those API levels. >>>>>>> >>>>>> >>>>>> We might need to dig slightly deep into some of the APIs around and >>>>>> see if we've already got anything to mimic what's done in >>>>>> DevicePolicyManager, which is part of Marshmallow SDK; in previous >>>>>> versions >>>>>> of Android SDK. So, please check if there's any mechanism that'd >>>>>> potentially allow us to go beyond merely warning the user when a >>>>>> blacklisted application is installed and then block the installation >>>>>> completely particularly targeting SDKs < 23. >>>>>> >>>>>> Cheers, >>>>>> Prabath >>>>>> >>>>>> >>>>>>> >>>>>>> One more thing, we can add this to the system app which I'm in the >>>>>>> process of building. Then we can enable COPE (rooted/system access >>>>>>> granted) >>>>>>> devices to blacklist/whitelist apps even though the API level is < 23. >>>>>>> >>>>>>> [1] - >>>>>>> http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> On Mon, Feb 1, 2016 at 5:50 PM, Lakshman Udayakantha < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> There is a requirement to implement application white listing and >>>>>>>> application black listing support in Enterprise Mobility Manager. >>>>>>>> Application white listing means creating a list of applications which >>>>>>>> are >>>>>>>> only allowed to run on mobile devices which are connected to EMM. >>>>>>>> Application blacklisting is the opposite meaning in which there is a >>>>>>>> list >>>>>>>> of applications which are only not allowed to run on mobile devices >>>>>>>> which >>>>>>>> connected to EMM. >>>>>>>> As a solution for this we thought to introduce a configuration to >>>>>>>> identify black listing, white listing enabled or not and exactly which >>>>>>>> listing is enabled and If each configuration enabled separately EMM >>>>>>>> will >>>>>>>> behave in following manner. >>>>>>>> >>>>>>>> If ABL enabled, >>>>>>>> >>>>>>>> Role based application restriction will be provided. Administrator >>>>>>>> will define a list of applications as a black list and a set of roles >>>>>>>> which >>>>>>>> is to be restricted to the application, along with the applications. >>>>>>>> >>>>>>>> If AWL enabled, >>>>>>>> >>>>>>>> Administrator will check specific list of applications from admin >>>>>>>> UI. Only these applications will load on app store. Other means of >>>>>>>> applications installing will be blocked. >>>>>>>> 1. Blocking side-loading. >>>>>>>> 2. Third party app store blocking except EMM app store. >>>>>>>> 3. Google Play app blocking >>>>>>>> >>>>>>>> Any suggestions and thoughts are highly appreciated. >>>>>>>> >>>>>>>> Thanks >>>>>>>> -- >>>>>>>> Lakshman Udayakantha >>>>>>>> WSO2 Inc. www.wso2.com >>>>>>>> lean.enterprise.middleware >>>>>>>> Mobile: *0714388124 <0714388124>* >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Kasun Dananjaya Delgolla >>>>>>> >>>>>>> Software Engineer >>>>>>> WSO2 Inc.; http://wso2.com >>>>>>> lean.enterprise.middleware >>>>>>> Tel: +94 11 214 5345 >>>>>>> Fax: +94 11 2145300 >>>>>>> Mob: + 94 771 771 015 >>>>>>> Blog: http://kddcodingparadise.blogspot.com >>>>>>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >>>>>>> <http://lk.linkedin.com/in/kasundananjaya>* >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Prabath Abeysekara >>>>>> Technical Lead >>>>>> WSO2 Inc. >>>>>> Email: [email protected] >>>>>> Mobile: +94774171471 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Inosh Perera >>>>> Software Engineer, WSO2 Inc. >>>>> Tel: 077813 7285, 0785293686 >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Lakshman Udayakantha >>> WSO2 Inc. www.wso2.com >>> lean.enterprise.middleware >>> Mobile: *0714388124* >>> >>> >> >> >> -- >> Lakshman Udayakantha >> WSO2 Inc. www.wso2.com >> lean.enterprise.middleware >> Mobile: *0714388124* >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Lakshman Udayakantha WSO2 Inc. www.wso2.com lean.enterprise.middleware Mobile: *0714388124*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
