How to restrict apps from being downloaded/installed on Android devices?

Description

With mobile devices increasingly becoming a part of the corporate workforce, IT administrators are bound to ensure unwanted apps or malicious apps are not installed to ensure productivity and security respectively. In case of the latter, installing malicious apps might result in unauthorized access of corporate data present on the devices. The solution for this to prevent installation of Android apps as explained below:

Steps

Using Android Enterprise/Android for Work(AfW)

  • Configure Android Enterprise/Android for Work(AfW) as explained here.
  • Now purchase apps in the Play for Work portal as explained here.
  • Sync MDM App Repository, if need be to add the purchased apps to the repository.
  • You can now distribute these apps to devices and/or groups. You can also have these apps installed silently as explained here.
  • Only those apps purchased via Play for Work and distributed using MDM can be installed from Google Play Store, restricting device users from installing any other unwanted/malicious apps.
  • You can also customized the Play Store layout as explained here, to suit the needs of the enterprise.

Without configuring Android Enterprise/Android for Work(AfW)

  • On your MDM MSP console, click on Device Mgmt and select Profiles from the left menu.
  • Click on Create Profile and select Android from the dropdown.
  • Click on Restrictions from the policy list and then select Application from the left menu.
  • Restrict the option Users can install unapproved apps. This ensures only those apps distributed via MDM can be installed on the device restricting all other app installations.
  • Now, Save and Publish this profile. Distribute it to devices and/or groups.
  • On successful profile association, users cannot install any unauthorized apps or apps not approved by the enterprise.