Skip to main content
G
gy4
New Member
December 8, 2023
Solved

byod - How to block debugging function?

  • December 8, 2023
  • 3 replies
  • 0 views

I'm developing a BYOD workplace profile, and one of the required features in the functional specification is as follows:

"2.7.2. Debugging features must be blocked. This subfeature is supported by default."

I'm trying to implement this feature, and in the REST Resource: enterprises.policies - AdvancedSecurityOverrides - DeveloperSettings, I'm configuring either DEVELOPER_SETTINGS_DISABLED or DEVELOPER_SETTINGS_ALLOWED. However, it seems that either option doesn't restrict the developer options on the device. I'm curious about the role of these options, whether they are functioning correctly, or if this feature is not implementable in a BYOD context.

Sorry if I wrote this through a translator so the context may be incorrect.

Best answer by Moombas

I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.

This could be also a setting maybe only being able to be set via an OEM config app (if available).

I found this in the Samsung Knox Service Plugin (= their OEM app):

But only for a fully managed device but maybe for COPE as well (but not BYOD).

3 replies

Moombas
Moombas
Level 4.4: KitKat
December 8, 2023

Not sure if you can, I just checked this in the MDM we use and there's no option for this (would expect this already be there as this could be important for security reasons).

I see it only available for COPE devices, so I assume you are not allowed on a BYOD device to change this as the device is owned by the user.

    G
    gy4Author
    New Member
    December 8, 2023

    In COPE, if you set AdvancedSecurityOverrides - DeveloperSettings to DEVELOPER_SETTINGS_DISABLED, does it work to block access to the device's developer options?

    Moombas
    MoombasAnswer
    Level 4.4: KitKat
    December 8, 2023

    I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.

    This could be also a setting maybe only being able to be set via an OEM config app (if available).

    I found this in the Samsung Knox Service Plugin (= their OEM app):

    But only for a fully managed device but maybe for COPE as well (but not BYOD).

      F
      FR642
      New Member
      October 17, 2025

      Hello, 

      I understand that you guide admin for disable developer mode for BYOD devices to OEMs, but not all manufacturers necessarily have OEMs.
      Do you have an API on MAPI solution to offer MDM to block developer mode on all devices?

      Best regards 

       

      Moombas
      Moombas
      Level 4.4: KitKat
      October 17, 2025

      On fully managed it's at least blocked by default from our MDM and only unlocked if you go to admin mode.

      Not sure about COPE but would expect same behavior as on fully managed because it's owned by the company but with a private area.

       

      For work profile i would expect this not being possible as this would (in my opinion) violate the private usage of the device as the user is the owner and because of this not being available.

        F
        FR642
        New Member
        October 17, 2025

        Hello, 

         

        It's possible to block on Fully Managed, Company Owned, and WPCOD. On WPCOD we can block this because it's company device and not user device. But for the securisation of the devices i think we need (Google and Company use BYOD) if it's possible to have an API to block develloper mode. 

          Terms & ConditionsCookie settingsAccessibility statement