This page summarizes all changes (new features, bux fixes, updates) to the Android Management API and Android Device Policy each month.
Join the Android Management API mailing list to receive monthly updates and service advisories directly to your inbox.
Android Management API
IframeFeatureoptions allow you to specify which Managed Google Play iframe features to enable/disable in your console.
Android Device Policy
- [Oct 16] Minor bug fixes and performance optimization.
September 04, 2019
policiesresource is now capable of distributing closed app releases (closed app tracks), allowing organizations to test pre-release versions of apps. For details, see Distribute apps for closed testing.
policies, which can be used to:
- disallow all non-system accessibility services on a device, or
- only allow specified apps access to these services.
August 6, 2019
- The Android Management API now evaluates the security of a device and
reports findings in device reports
securityPosturereturns the security posture status of a device (
POTENTIALLY_COMPROMISED), as evaluated by SafetyNet and other checks, along with details of any identified security risks for you to share with customers through your management console.
To enable this feature for a device, ensure its policy has least one field from
July 02, 2019
- To distinguish that an app is launched from
setupActions, the activity that's first launched as part of the app now contains the boolean intent extra
true). This extra allows you to customize your app based on whether it's launched from
launchAppor by a user.
May 31, 2019
- Minor bug fixes and performance optimization.
May 7, 2019
complianceRules, which has been deprecated. See the deprecation notice above for more information.
- Added new APIs to create and edit web apps. For more details, see Support web apps.
Android Device Policy: The app’s icon is no longer visible on devices. Users can still view the policy page previously launched by the icon:
- Fully managed devices: Settings > Google > Device Policy
- Devices with work profiles: Settings > Google > Work > Device Policy
- All devices: Google Play Store app > Android Device Policy
April 16, 2019
- Android Device Policy is now available in South Korea.
March 21, 2019
February 12, 2019
- Android Device Policy: Added improved non-compliance messaging to help users return their devices to a compliant state or inform them when it isn’t possible.
- Android Device Policy: After an enrollment token is registered, a
new setup experience guides users through the steps required by their policy
to complete their device or work profile configuration.
- Added new field to
REQUIRED_FOR_SETUP: If true, the app must be installed before the device or work profile setup completes. Note: If the app isn't installed for any reason (e.g. incompatibility, geo-availability, poor network connection), setup won't complete.
SetupAction, you can specify an app to launch during setup, allowing a user to further configure their device. See Launch an app during setup for more details.
- For enterprises with status reports enabled, new device reports are now issued immediately following any failed attempt to unlock a device or work profile.
wifiConfigsLockdownEnabledhas been deprecated. WiFi networks specified is policy are now non-modifiable by default. To make them modifiable, set
December 10, 2018
- Added support for work profile devices to the sign-in URL provisioning method. Work profile device owners can now sign in with their corporate credentials to complete provisioning.
Added support for dark mode in Android Device Policy. Dark mode is a display theme available in Android 9 Pie, which can be enabled in Settings > Display > Advanced > Device theme > Dark.
November 2, 2018
- A new enrollment method is available for fully managed devices. The method uses a sign-in URL to prompt users to enter their credentials, allowing you to assign a policy and provision users' devices based on their identity.
- Added support for the managed configurations iframe,
a UI you can add to your console for IT admins to set and save managed
configurations. The iframe returns a unique
mcmIdfor each saved configuration, which you can add to
passwordPoliciessets the password requirements for the specified scope (device or work profile).
PasswordPolicyScopeisn't specified, the default scope is
SCOPE_PROFILEfor work profile devices, and
SCOPE_DEVICEfor fully managed or dedicated devices.
PasswordPolicyScopeis unspecified (default), or
PasswordPolicyScopeis set to the same scope as
September 20, 2018
- Fixed issue that made kiosk devices incorrectly appear out of compliance following provisioning, for a subset of policy configurations
August 28, 2018
Updates to support work profile and fully managed device provisioning and management:
- New provisioning methods are available for work profiles:
- Added new fields to
oneTimeOnly: If true, the enrollment token will expire after it's first used.
userAccountIdentifier: Identifies a specific managed Google Play Account.
- If not specified: The API silently creates a new account each time a device is enrolled with the token.
- If specified: The API uses the specified account each time a device is enrolled with the token. You can specify the same account across multiple tokens. See Specify a user for more information.
- Devices with work profiles:
managementModeis set to
- Dedicated devices and fully managed devices:
managementModeis set to
- Devices with work profiles:
Updates to the
policies resource to improve app management
- Added new field
WHITELIST(default): Only apps added to policy are available in the work profile or on the managed device. Any app not in policy is unavailable, and uninstalled if previously installed.
BLACKLIST: Apps added to policy are unavailable. All other apps listed in Google Play are available.
BLOCKEDas an InstallType option, which makes an app unavailable to install. If the app is already installed, it will be uninstalled.
- You can use installType
BLACKLISTto prevent a managed device or work profile from installing specific apps.
- You can use installType
- Updated Android Device Policy settings to match device settings.
July 12, 2018
- Merged the status and device details pages in Android Device Policy into a single page.
- Improved setup UI consistency with Android setup wizard.
- Added PermissionGrants at the policy level. You can now control
runtime permissions at four levels:
- Global, across all apps: set defaultPermissionPolicy at the policy level.
- Per permission, across all apps: set permissionGrant at the policy level.
- Per app, across all permissions: set defaultPermissionPolicy within ApplicationPolicy.
- Per app, per permission: set permissionGrant within ApplicationPolicy.
- When factory resetting a device, the new WipeDataFlag allows
WIPE_EXTERNAL_STORAGE: wipe the device's external storage (e.g. SD cards).
PRESERVE_RESET_PROTECTION_DATA: preserve the factory reset protection data on the device. This flag ensures that only an authorized user can recover a device if, for instance, the device is lost. Note: Only enable this feature if you've set
- Fixed issue with Android Device Policy exiting lock task mode when updating in the foreground.
May 25, 2018
- Instead of hiding disabled apps from the launcher, Android 7.0+ devices
now display icons for disabled apps in gray:
policiesto support the following certificate management capabilities:
- Individual apps can now be disabled in ApplicationPolicy (set
true), independent of compliance rules.
- It's now possible to disable system apps.
- Added application reports to
devices. For each managed app installed on a device, the report returns the app's package name, version, install source, and other detailed information. To enable, set
truein the device's policy.
enterprisesto include terms and conditions. An enterprise's terms and conditions are displayed on devices during provisioning.
- Updated provisioning flow to disable access to settings, except when access is required to complete setup (e.g. creating a passcode).
April 3, 2018
- Updated the design of Android Device Policy and the device provisioning flow to improve overall user experience.
- Added support for Direct Boot, allowing you to remotely wipe Android 7.0+ devices that haven't been unlocked since they were last rebooted.
- Added a location mode setting to the
policiesresource, allowing you to configure the location accuracy mode on a managed device.
- Added an error response field to the
- Provisioning performance has been improved.
- Compliance reports are now generated immediately after a device is provisioned. To configure an enterprise to receive compliance reports, see Receive non-compliance detail notifications.
- Lock Screen Settings crashes on Android 8.0+ LG devices (e.g. LG V30) managed by Android Device Policy.
February 14, 2018
- Updated the validation text for the "code" field, which is displayed if a user chooses to manually enter a QR code to enroll a device.
- You can now set a policy to trigger force-installed apps to auto-update if
they don't meet a specified minimum app version. In
- Specify a
- Updated the Devices resource with new fields containing information that may be useful to IT admins, such as the device's carrier name (see NetworkInfo for more details), whether the device is encrypted, and whether Verify Apps is enabled (see DeviceSettings for more details).
December 12, 2017
- Android Device Policy now supports a basic kiosk launcher , which can be enabled via policy. The launcher locks down a device to a set of predefined apps and blocks user access to device settings. The specified apps appear on a single page in alphabetical order. To report a bug or request a feature, tap the feedback icon on the launcher.
- Updated device setup with new retry logic. If a device is rebooted during setup, the provisioning process now continues where it left off.
- The following new policies are now available. See the
reference for full details:
- Updated Android Device Policy's target SDK to Android 8.0 Oreo.
- It's now possible to skip the network picker display if a connection can't
be made at boot. To enable the network picker on boot, use the