byod - How to block debugging function?

gy
Level 1.6: Donut

I'm developing a BYOD workplace profile, and one of the required features in the functional specification is as follows:

"2.7.2. Debugging features must be blocked. This subfeature is supported by default."

I'm trying to implement this feature, and in the REST Resource: enterprises.policies - AdvancedSecurityOverrides - DeveloperSettings, I'm configuring either DEVELOPER_SETTINGS_DISABLED or DEVELOPER_SETTINGS_ALLOWED. However, it seems that either option doesn't restrict the developer options on the device. I'm curious about the role of these options, whether they are functioning correctly, or if this feature is not implementable in a BYOD context.

Sorry if I wrote this through a translator so the context may be incorrect.

1 ACCEPTED SOLUTION

Moombas
Level 4.1: Jelly Bean

I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.

This could be also a setting maybe only being able to be set via an OEM config app (if available).

I found this in the Samsung Knox Service Plugin (= their OEM app):

Moombas_0-1702024700548.png

But only for a fully managed device but maybe for COPE as well (but not BYOD).

View solution in original post

3 REPLIES 3

Moombas
Level 4.1: Jelly Bean

Not sure if you can, I just checked this in the MDM we use and there's no option for this (would expect this already be there as this could be important for security reasons).

I see it only available for COPE devices, so I assume you are not allowed on a BYOD device to change this as the device is owned by the user.

gy
Level 1.6: Donut

In COPE, if you set AdvancedSecurityOverrides - DeveloperSettings to DEVELOPER_SETTINGS_DISABLED, does it work to block access to the device's developer options?

Moombas
Level 4.1: Jelly Bean

I have no knowledge on the coding part but also checked in our MDM (I was sure i saw it there) but figured out it was only USB debugging but not developer options.

This could be also a setting maybe only being able to be set via an OEM config app (if available).

I found this in the Samsung Knox Service Plugin (= their OEM app):

Moombas_0-1702024700548.png

But only for a fully managed device but maybe for COPE as well (but not BYOD).