This page contains a summary of the new features and any bug fixes included in each Android Management API and Android Device Policy release.
July 12, 2018
- Merged the status and device details pages in Android Device Policy into a single page.
- Improved setup UI consistency with Android setup wizard.
- Added PermissionGrants at the policy level. You can now control
runtime permissions at four levels:
- Global, across all apps: set defaultPermissionPolicy at the policy level.
- Per permission, across all apps: set permissionGrant at the policy level.
- Per app, across all permissions: set defaultPermissionPolicy within ApplicationPolicy.
- Per app, per permission: set permissionGrant within ApplicationPolicy.
- When factory resetting a device, the new WipeDataFlag allows
WIPE_EXTERNAL_STORAGE: wipe the device's external storage (e.g. SD cards).
PRESERVE_RESET_PROTECTION_DATA: preserve the factory reset protection data on the device. This flag ensures that only an authorized user can recover a device if, for instance, the device is lost. Note: Only enable this feature if you've set
- Fixed issue with Android Device Policy exiting lock task mode when updating in the foreground.
May 25, 2018
- Instead of hiding disabled apps from the launcher, Android 7.0+ devices
now display icons for disabled apps in gray:
policiesto support the following certificate management capabilities:
- Individual apps can now be disabled in ApplicationPolicy (set
true), independent of compliance rules.
- It's now possible to disable system apps.
- Added application reports to
devices. For each managed app installed on a device, the report returns the app's package name, version, install source, and other detailed information. To enable, set
truein the device's policy.
enterprisesto include terms and conditions. An enterprise's terms and conditions are displayed on devices during provisioning.
- Updated provisioning flow to disable access to settings, except when access is required to complete setup (e.g. creating a passcode).
April 3, 2018
- Updated the design of Android Device Policy and the device provisioning flow to improve overall user experience.
- Added support for Direct Boot, allowing you to remotely wipe Android 7.0+ devices that haven't been unlocked since they were last rebooted.
- Added a location mode setting to the
policiesresource, allowing you to configure the location accuracy mode on a managed device.
- Added an error response field to the
- Provisioning performance has been improved.
- Compliance reports are now generated immediately after a device is provisioned. To configure an enterprise to receive compliance reports, see Receive non-compliance detail notifications.
- Lock Screen Settings crashes on Android 8.0+ LG devices (e.g. LG V30) managed by Android Device Policy.
February 14, 2018
- Updated the validation text for the "code" field, which is displayed if a user chooses to manually enter a QR code to enroll a device.
- You can now set a policy to trigger force-installed apps to auto-update if
they don't meet a specified minimum app version. In
- Specify a
- Updated the Devices resource with new fields containing information that may be useful to IT admins, such as the device's carrier name (see NetworkInfo for more details), whether the device is encrypted, and whether Verify Apps is enabled (see DeviceSettings for more details).
December 12, 2017
- Android Device Policy now supports a basic kiosk launcher , which can be enabled via policy. The launcher locks down a device to a set of predefined apps and blocks user access to device settings. The specified apps appear on a single page in alphabetical order. To report a bug or request a feature, tap the feedback icon on the launcher.
- Updated device setup with new retry logic. If a device is rebooted during setup, the provisioning process now continues where it left off.
- The following new policies are now available. See the
reference for full details:
- Updated Android Device Policy's target SDK to Android 8.0 Oreo.
- It's now possible to skip the network picker display if a connection can't
be made at boot. To enable the network picker on boot, use the