Gestione app

In ~~this~~questa ~~section~~sezione ~~you~~puoi ~~can~~impostare ~~set~~le ~~policies~~policy ~~related~~relative toalla ~~apps~~disponibilità, ~~availability,~~installazione, ~~installation,~~aggiornamento ~~udpate~~e ~~and~~gestione ~~permission~~dei ~~mangament.~~permessi delle app.

Gli account Managed Google Play ~~Accounts~~vengono ~~are~~creati ~~automatically~~automaticamente ~~created~~quando ~~when~~si ~~devices~~esegue ~~are~~il ~~provisioned.~~provisioning dei dispositivi.

1. Modalità Play Store mode

~~This~~Questa ~~mode~~modalità ~~controls~~controlla ~~which~~quali ~~apps~~app ~~are~~sono ~~available~~disponibili toper ~~the~~l'utente ~~user in the~~nel Play Store ~~and~~e ~~the~~il ~~behavior~~comportamento onsul ~~the~~dispositivo ~~device~~quando ~~when~~le ~~apps~~app ~~are~~vengono ~~removed~~rimosse ~~from the~~dalla policy.

Whitelist (~~default)~~impostazione predefinita): ~~Only~~Sono ~~apps~~disponibili ~~that~~solo ~~are~~le inapp ~~the~~incluse nella policy ~~are~~e ~~available and any~~qualsiasi app ~~not~~non ininclusa ~~the~~nella policy ~~will~~verrà beautomaticamente ~~automatically~~disinstallata ~~uninstalled~~dal ~~from the device.~~dispositivo. Play Store ~~will~~mostrerà ~~only~~solo ~~shows~~le ~~available~~app ~~apps.~~disponibili.

Blacklist: ~~All~~Tutte ~~apps are available and any~~le app ~~that~~sono ~~should~~disponibili ~~not~~e bequalsiasi onapp ~~the~~di ~~device~~cui ~~should~~si bevuole ~~explicitly~~impedire ~~marked~~l'installazione assul dispositivo deve essere esplicitamente contrassegnata come ~~blocked~~bloccata innella ~~the~~policy ~~applications~~delle ~~policy.~~applicazioni. Play Store ~~will~~mostrerà ~~shows~~tutte ~~all~~le ~~apps,~~app, ~~except~~tranne ~~blocked~~quelle ~~ones.~~bloccate.

2. UntrustedPolicy appsper policyle app non attendibili

~~The~~La policy ~~for~~per ~~untrusted~~le ~~apps~~app non attendibili (~~apps~~app ~~from~~da ~~unknown~~fonti ~~sources)~~sconosciute) ~~enforced~~applicata onal ~~the~~dispositivo. ~~device.~~Questa ~~This~~opzione ~~option~~controlla ~~controls~~l'impostazione ~~the~~del sistema Android ~~system~~che ~~setting that allow if~~consente a ~~user~~un ~~can~~utente ~~install~~di ~~apps~~installare ~~from~~app ~~outside~~dall'esterno ~~the the~~del Play Store (sideloading).

~~Disallow~~Non consentire (~~default)~~impostazione predefinita): ~~Disallow~~non ~~untrusted~~consentire l'installazione di app ~~installs~~non onattendibili ~~entire~~sull'intero ~~device.~~dispositivo.

~~Personal~~Solo ~~profile~~profilo ~~only~~personale: ~~For~~per ~~devices~~i ~~with~~dispositivi ~~work~~con ~~profiles,~~profili ~~allow~~di ~~untrusted~~lavoro, consenti le installazioni di app ~~installs~~non inattendibili ~~the~~solo ~~device's~~nel ~~personal~~profilo ~~profile~~personale ~~only.~~del dispositivo.

~~Allow~~Consenti: ~~Allow~~consente ~~untrusted~~l'installazione di app ~~installs~~non onattendibili ~~entire~~sull'intero ~~device.~~dispositivo.

3. Google Play Protect

~~Whether~~Specifica se la verifica delle app di Google Play Protect app ~~verification~~è ~~is enforced.~~applicata.

~~Enforced~~Applicato (~~default)~~impostazione predefinita): ~~Force-enables~~Forza l'abilitazione della verifica delle app ~~verification.~~

~~User~~Scelta ~~choice~~dell'utente: ~~Allows~~Consenti ~~the~~all'utente ~~user~~di toscegliere ~~choose~~se ~~whether~~abilitare tola ~~enable~~verifica ~~app~~delle ~~verification.~~app.

4. DefaultPolicy permissiondi policydefault dei permessi

~~The~~La policy ~~for~~per ~~granting~~fornire i permessi a runtime ~~permission~~alle ~~requests to apps.~~app.

~~Prompt~~Chiedi (~~default)~~impostazione predefinita): ~~Prompt~~richiede ~~the~~all'utente ~~user~~di toconcedere ~~grant~~i ~~a permission.~~permessi.

~~Grant~~Concedi: ~~Automatically~~concedi ~~grant~~automaticamente aun ~~permission.~~permesso.

~~Deny~~Nega: ~~Automatically~~nega ~~deny~~automaticamente aun ~~permission.~~permesso.

5. InstallDisabilita appsinstallazione disabledapp

~~Whether~~Specifica ~~user~~se ~~installation~~l'installazione ofdi ~~apps~~app isda ~~disabled.~~parte dell'utente è disabilitata.

6. UninstallDisabilita appsdisinstallazione disabledapp

~~Whether~~Specifica ~~user~~se ~~uninstallation~~la ofdisinstallazione ~~applications~~di isapp ~~disabled.~~da parte dell'utente è disabilitata.

7. PermissionPolicy policiesdei permessi

~~Explicit~~Policy ~~permission~~di orconcessione ~~group~~o ~~grants~~diniego ordi ~~denials~~specifici ~~for~~permessi ~~all~~o ~~apps.~~gruppi ~~These~~di ~~values~~permessi ~~override~~applicate ~~the~~per tutte le app. Queste policy sovrascrivono le impostazioni di ~~Default~~Policy ~~permission~~di ~~policy~~default dei permessi ~~setting.~~.

8. ApplicationsApplicazioni

List of applications that must be included in the policy. The behavior of the list's content depends on the value set on Play Store mode.

If Play Store mode is whitelist, only apps that are in the policy are available and any app not in the policy will be automatically uninstalled from the device.

If Play Store mode is blacklist, all apps are available and any app that should not be on the device should be explicitly marked as blocked in the applications policy.

To add a new app, click on the + icon, then choose the app from Play Store and click on the Select button in the app card.

All apps that are published on the Play Store in your country are available for selection by default. To select your own private or web apps, you must upload them to the system first. For more information read the Private apps page.

Each app can be configured with its own settings, that are visually contained in a card:

8.1. Install type

The type of installation to perform for an app.

Available: The app is available to install.

Preinstalled: The app is automatically installed and can be removed by the user.

Force installed: The app is automatically installed and can't be removed by the user.

Blocked: The app is blocked and can't be installed. If the app was installed under a previous policy, it will be uninstalled.

Required for setup: The app is automatically installed and can't be removed by the user and will prevent setup from completion until installation is complete.

Kiosk: The app is automatically installed in kiosk mode: it's set as the preferred home intent and whitelisted for lock task mode. Device setup won't complete until the app is installed. After installation, users won't be able to remove the app. You can only set this install type for one app per policy. When this is present in the policy, status bar will be automatically disabled. For more information please read the dedicated Kiosk mode page.

8.2. Auto-update mode

Controls the auto-update mode for the app.

Default: The app is automatically updated with low priority to minimize the impact on the user. The app is updated when all of the following constraints are met: (1) the device is not actively used, (2) the device is connected to an unmetered network, (3) the device is charging. The device is notified about a new update within 24 hours after it is published by the developer, after which the app is updated the next time the constraints above are met.

Postponed: The app is not automatically updated for a maximum of 90 days after the app becomes out of date. 90 days after the app becomes out of date, the latest available version is installed automatically with low priority (see Default Auto-update mode). After the app is updated it is not automatically updated again until 90 days after it becomes out of date again. The user can still manually update the app from the Play Store at any time.

High priority: The app is updated as soon as possible. No constraints are applied. The device is notified immediately about a new update after it becomes available.

8.3. Minimum version code

The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a non compliance detail with non compliance reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy.

8.4. Delegated scopes

The scopes delegated to the app from Android Device Policy. You can grant other apps a selection of special Android permissions:

Certificate installation: Grants access to certificate installation and management.

Managed configurations: Grants access to managed configurations management.

Block uninstall: Grants access to blocking uninstallation.

Permissions: Grants access to permission policy and permission grant state.

Package access: Grants access to package access state.

System app: Grants access for enabling system apps.

8.5. Default permission policy

The default policy for all permissions requested by the app. If specified, this overrides the policy-level Default permission policy which applies to all apps. It does not override the Permission policies which applies to all apps.

Prompt (default): Prompt the user to grant a permission.

Grant: Automatically grant a permission.

Deny: Automatically deny a permission.

8.6. Connected work and personal app

Controls whether the app can communicate with itself across a device's work and personal profiles, subject to user consent (Android 11+).

Disallowed (default): Prevents the app from communicating cross-profile.

Allowed: Allows the app to communicate across profiles after receiving user consent.

8.7. Disabled

Whether the app is disabled. When disabled, the app data is still preserved.

8.8. Managed configuration

To configure the app's managed settings, click on the Enable managed configuration button. If a manged configuration is altredy set for the app, you can modify the configuration with the Managed configuration button, or delete it with the Remove configuration button.

Managed configuration option is available only for apps that supports this functionality.

8.9. Permission policies

Explicit permission grants or denials for the app. These values override the Default permission policy and Permission policies which apply to all apps.

8.10. Track IDs

List of the app’s closed testing track IDs that a device can access. If multiple track IDs are selected, devices receive the latest version among all accessible tracks. If no track IDs is selected, devices only have access to the app’s production track.

Track IDs option is available only for apps that have at least one track ID available for your organization. For more details on how to add your organization to a closed testing track for a specific app please read here.

9. Private key selection

Allows showing UI on a device for a user to choose a private key alias if there are no matching rules in Choose private key rules.

For devices below Android P, setting this may leave enterprise keys vulnerable.

10. Choose private key rules

Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .*) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey, without first having to call KeyChain.choosePrivateKeyAlias. When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return.

10.1. Private key alias

The alias of the private key to be used.

10.2. URL pattern

The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern.

10.3. Package names

The package names to which this rule applies. The hash of the signing certificate for each app is verified against the hash provided by Play. If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias or any overloads (but not without calling KeyChain.choosePrivateKeyAlias, even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias.

To delete an app, click on the trashbin icon, on the bottom of the app's card.