- Kaspersky Secure Mobility Management help
- What's new
- Working in Kaspersky Security Center Web Console
- About Kaspersky Secure Mobility Management
- Getting started
- Solution architecture
- Deployment scenarios
- Deploying a mobile device management solution in Kaspersky Security Center Web Console
- Deploying Kaspersky Security Center Linux and Kaspersky Security Center Web Console
- Deploying mobile management plug-ins
- Configuring Administration Server settings for connecting mobile devices
- Scenario: Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Web Console
- Adding installation packages to Administration Server repository
- Adding a license key to the Administration Server repository
- Installing Network Agent Linux
- Configuring Kaspersky Security Center Linux Web Server settings
- Deploying an iOS device management system
- About iOS device operating modes
- About device management profiles
- Deploying Kaspersky Protection for iOS
- Deploying a management system using the iOS MDM protocol
- Deploying iOS MDM Server
- Configuring an iOS MDM Server installation package
- Installing iOS MDM Server using a remote installation task
- Local installation of iOS MDM Server on a device via an installation package
- Updating iOS MDM Server using a remote installation task or locally
- Deleting iOS MDM Server using a remote uninstallation task
- Viewing the list of installed iOS MDM Servers and configuring their settings
- Configuring an iOS MDM Server certificate
- Configuring a reserve iOS MDM Server certificate
- Receiving or renewing an APNs certificate
- Installing an APNs certificate on iOS MDM Server
- Configuring access to Apple Push Notification service
- iOS MDM Server events
- Obtaining iOS MDM Server diagnostic data
- Deploying iOS MDM Server
- Deploying an Android device management system
- About Android device operating modes
- Using Firebase Cloud Messaging
- Deploying Kaspersky Endpoint Security for Android
- Permissions for Kaspersky Endpoint Security for Android
- Starting and stopping Kaspersky Endpoint Security for Android
- Activating Kaspersky Endpoint Security for Android
- Updating Kaspersky Endpoint Security for Android
- Removing Kaspersky Endpoint Security for Android
- Managing mobile devices in Kaspersky Security Center Web Console
- Creating administration groups
- Configuring policies
- Creating a policy
- Modifying a policy
- Copying a policy
- Moving a policy to another administration group
- Viewing the list of policies
- Viewing the policy distribution results
- Managing revisions to policies
- Restricting permissions to configure policies
- Configuring role-based access control
- Configuring policy profiles
- Deleting a policy
- Connecting mobile devices to Kaspersky Security Center Web Console
- Configuring synchronization settings
- Managing certificates of mobile devices
- Configuration and management
- Control
- Protection
- Configuring anti-malware protection on Android devices
- Protecting Android devices on the internet
- Protection of data on a stolen or lost device
- Configuring the device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting hacked devices
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Restricting SD card usage (only Samsung)
- Management of mobile devices
- Managing Android devices
- Managing iOS MDM devices
- Signing device management profiles with a certificate
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing a configuration profile from a device
- Configuring managed apps
- Installing an app on a mobile device
- Updating an app installed on a device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Configuring kiosk mode for iOS MDM devices
- Management of mobile device settings
- Configuring connection to a Wi-Fi network
- Configuring email
- Configuring protection levels in Kaspersky Security Center
- Managing app configurations
- Managing app permissions
- Creating a report on installed mobile apps
- Installing root certificates on Android devices
- Configuring notifications for Kaspersky Endpoint Security for Android
- Selecting the download manager for Android devices
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Configuring the Access Point Name (APN)
- Corporate container
- Adding an LDAP account
- Adding a contacts account
- Adding a calendar account
- Configuring a calendar subscription
- Configuring SSO
- Managing Web Clips
- Setting a wallpaper
- Adding fonts
- Working with commands for mobile devices
- Managing the app by using third-party EMM systems (Android only)
- Participating in Kaspersky Security Network
- Samsung Knox
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-malware database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app on corporate devices
- Installing root certificates on the device
- Installing and using mail and VPN certificates on the device
- Enabling accessibility on Android 13 or later
- Updating the app
- Removing the app
- Applications with a briefcase icon
- Knox app
- Using the Kaspersky Protection for iOS app
- Application licensing
- Comparison of solution features by management tool
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Basic control
- Basic protection
- Certificate Signing Request
- Compliance Control
- Corporate container
- Corporate device
- Device administrator
- Device management profile
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License
- License term
- Malware
- Manifest file
- Network Agent
- Personal device
- Phishing
- Policy
- POP3
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virtual Administration Server
- Information about third-party code
- Trademark notices
Working in Kaspersky Security Center Web Console > Configuration and management > Control > App Control > App Control on Android devices
App Control on Android devices
The App Control component lets you manage apps on Android devices and configure use of these apps to keep the devices secure.
You can restrict user activity on a device on which forbidden apps are installed or required apps are not installed (for example, by locking the device). You can impose restrictions using the Compliance Control component. To do so, in the rule settings, you must select the Forbidden apps are installed, Apps from forbidden categories are installed, or Not all required apps are installed criterion.
Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure proper functioning of App Control. Kaspersky Endpoint Security for Android prompts the user to set the app as an Accessibility feature through the Initial Configuration Wizard. The user can skip this step or later disable this service in the device settings. If the user does this, App Control will not run.
On corporate devices, you have extended control over the device. App Control operates without notifying the device user:
- Required apps are installed automatically in the background. To install apps silently, you need to specify a link to the APK file of the required app in the policy settings.
- Forbidden apps can be deleted from the device automatically. To delete apps silently, you need to select the Remove forbidden apps automatically check box in the policy settings.
To configure app startup settings on the mobile device:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select Android and go to the Security controls section.
- On the App Control card, click Settings.
The App Control window opens.
- Enable the settings using the App Control toggle switch.
- Configure the settings on the following tabs:
- If you want to configure general rules of app management, go to the App use tab.
- In the Operating mode drop-down list, select the App Control mode:
- To allow the user to start all apps except those specified as blocked in the list of categories and apps, select Use all apps except forbidden ones. Kaspersky Endpoint Security for Android will hide icons of forbidden apps. This option is selected by default.
- To allow the user to start only apps specified in the list of categories and apps as allowed, recommended, or required apps, select Use only allowed apps. Kaspersky Endpoint Security for Android will hide icons of all apps except those specified in the list of allowed, recommended, or required apps and system apps.
- If you want Kaspersky Endpoint Security for Android to send data on forbidden apps to the event log without blocking them, select the Do not block forbidden apps, only add a record to the event log check box.
- If you want Kaspersky Endpoint Security for Android to block startup of system apps (such as Calendar, Camera, and Settings) on the user's mobile device, select the Block system apps check box. This check box is displayed in the Use only allowed apps mode.
We recommend that you do not block system apps because doing so could cause the device to malfunction.
- If you want Kaspersky Endpoint Security for Android to remove forbidden apps from the device in the background without notifying the user, select the Remove forbidden apps automatically check box. This check box is displayed in policies for managing corporate devices.
- Click Add to add apps and categories for which you want to set rules.
The Add app or category window opens.
- In the Object field, select either App or App category and do the following:
- If you selected App, select an installation package or specify the package name and the app name in the corresponding fields.
- If you selected App category, select a category and enter a description in the corresponding fields.
- Click Add.
The app or category is added to the list.
- If you want to configure exceptions from listed forbidden or allowed apps, click Exceptions, specify package names in the window that opens, and click OK.
- If you want to receive reports on installed apps, in the Report on installed apps section, select the Send data on installed apps check box. Then you can select the following check boxes:
- Send data on built-in apps to send data on system apps.
- Send data on service apps to send data on service apps that have no user interface and cannot be started manually.
If a system app or service app is configured in the App Control settings, app data is sent regardless of the state of the check boxes.
Kaspersky Endpoint Security for Android sends data to the event log each time an app is installed on a device or removed from it.
- In the Operating mode drop-down list, select the App Control mode:
- If you want to set actions to be performed for selected apps, go to the App management tab.
- In the Actions for apps table, click Add.
- In the window that opens, do the following:
- In the Action field select one of the following actions:
- Install. The user will be prompted to install the app.
- Remove. The app will be deleted from the user's device.
- Recommend installation. The user will receive a recommendation to install the app.
- Fill in the following fields:
- Package name
- App name
- Link
Links to app packages must start with http:// or https://.
- Version
This field is a string parameter specified in the format of Oracle regular expressions. For more details on regular expressions, please refer to the Oracle Technical Support website.
The Link and Version fields are not displayed if you select Remove in the Action field.
- Click Add.
- In the Action field select one of the following actions:
The configured action is added to the list.
- If you want to configure general rules of app management, go to the App use tab.
- Click OK.
- Click Save to save the changes you have made.
Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
Article ID: 274757, Last review: Apr 17, 2025