Device financing at scale (10,000+ devices): compliant “restricted mode” on delinquency using Android Enterprise (Device Owner)

Hi everyone,

I’m building an Android Enterprise device management solution and I want to keep everything fully compliant (Android Enterprise + Google Play policies).

Use case: a company provides company-owned devices to customers under a leasing / device financing contract. We need to manage this at scale (10,000+ devices) across multiple customers/tenants. If a customer becomes delinquent, the company needs a temporary restricted mode (e.g., kiosk/limited access) until the account is back in good standing — with clear user notice, grace period, and contractual consent.

What we want to control at scale: enrollment, policy assignment, app allow/deny lists, kiosk/lock task mode, updates, compliance reporting, and remote actions aligned with Android Enterprise best practices.

Questions:

• Is this type of “restricted mode for delinquency” considered acceptable in the Android Enterprise ecosystem when devices are Company-Owned (Device Owner) and the policy is transparent/contractual?
• For 10,000+ devices, what is the recommended architecture: Android Management API (AMAPI) policies only, or a custom DPC (and why)?
• For distribution, is the safest path a managed Google Play private app per enterprise/tenant, or another approved approach for large-scale deployments?
• Any best practices to avoid being flagged by Play Protect / Play policy reviews for legitimate enterprise enforcement features (kiosk, app restrictions, device restrictions), especially at this scale?

I’m not looking to bypass security or do anything hidden; the goal is a compliant enterprise solution.

Thanks for any guidance or official documentation links.