Forum Discussion
byod - How to block debugging function?
I'm developing a BYOD workplace profile, and one of the required features in the functional specification is as follows:
"2.7.2. Debugging features must be blocked. This subfeature is supported by default."
I'm trying to implement this feature, and in the REST Resource: enterprises.policies - AdvancedSecurityOverrides - DeveloperSettings, I'm configuring either DEVELOPER_SETTINGS_DISABLED or DEVELOPER_SETTINGS_ALLOWED. However, it seems that either option doesn't restrict the developer options on the device. I'm curious about the role of these options, whether they are functioning correctly, or if this feature is not implementable in a BYOD context.
Sorry if I wrote this through a translator so the context may be incorrect.
I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.
This could be also a setting maybe only being able to be set via an OEM config app (if available).
I found this in the Samsung Knox Service Plugin (= their OEM app):
But only for a fully managed device but maybe for COPE as well (but not BYOD).
6 Replies
Hello,
It's possible to block on Fully Managed, Company Owned, and WPCOD. On WPCOD we can block this because it's company device and not user device. But for the securisation of the devices i think we need (Google and Company use BYOD) if it's possible to have an API to block develloper mode.
Hello,
I understand that you guide admin for disable developer mode for BYOD devices to OEMs, but not all manufacturers necessarily have OEMs.
Do you have an API on MAPI solution to offer MDM to block developer mode on all devices?Best regards
On fully managed it's at least blocked by default from our MDM and only unlocked if you go to admin mode.
Not sure about COPE but would expect same behavior as on fully managed because it's owned by the company but with a private area.
For work profile i would expect this not being possible as this would (in my opinion) violate the private usage of the device as the user is the owner and because of this not being available.
Not sure if you can, I just checked this in the MDM we use and there's no option for this (would expect this already be there as this could be important for security reasons).
I see it only available for COPE devices, so I assume you are not allowed on a BYOD device to change this as the device is owned by the user.
In COPE, if you set AdvancedSecurityOverrides - DeveloperSettings to DEVELOPER_SETTINGS_DISABLED, does it work to block access to the device's developer options?
I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.
This could be also a setting maybe only being able to be set via an OEM config app (if available).
I found this in the Samsung Knox Service Plugin (= their OEM app):
But only for a fully managed device but maybe for COPE as well (but not BYOD).
