Product Documentation

Configuring App Monitoring for Android Apps

Dec 21, 2015

Android app monitoring in Device Manager provides a secure application-browsing environment on Android devices. You can define blacklisted or whitelisted applications and take action on applications, such as preventing the applications from opening or, in real time, selectively allowing applications to run.

You can define blacklisted or whitelisted applications in an XML file that you package and push to Android devices. Sample XML files are available for reference under <installation directory>/XenMobile Device Manager/samples/appmon/. For example, the default Android app monitoring policy XML file is located at: <installation directory>/XenMobile Device Manager/samples/appmon/appControlPolicyConfiguration.xml. The configuration tags that you can include in the XML file are as follows:

  • <whitelist> and <blacklist>. These tags define applications to be blocked or allowed by package name. Some sample native application package names are as follows:
    • Camera. com.android.camera
    • Browser. com.android.browser
    • Email. com.android.email or com.htc.android.mail
  • <appblockmessage>. This tag allows customized message to appear as part of the block screen to a user and when a blacklisted or non-whitelisted application opens.
  • <appcontrolpolicylogo>. This tag allows you to add a custom image to your app block display message when a user is prevented from installing an app. When this element is set to true, the custom logo appears. You must name the custom image appControlPolicyLogo.png and upload the file to Device Manager and then deploy the image file to the device on which you want to display the image.
  • <enforceblacklist> and <enforcewhitelist>. These tags enforce applications through <blacklist> or <whitelist> tags. In case both these tags are set to true, applications defined in a whitelist XML file take precedence, and the blacklisted applications are ignored.
  • <prevent_uninstall>. This tag allows you to block a user from uninstalling the Citrix Mobile Connect app from their device. When set to true, a user cannot uninstall the app from their device.
    Note: If you set this option to true, you will not be able to uninstall any other apps from the device.
  • <password>. This tag allows a device to access blacklisted or non-whitelisted applications by using an administrator-defined passcode. There are no restrictions on the length or type of characters in the passcode. You can choose to not include this tag as part of the XML file. As a result, the user cannot enter the passcode in a text box. Instead, block screen appears with a custom company logo file (optional), customized text that you define by using the <appblockmessage> tag, and a button that users tap to close the block screen.
  • <dorestart>. This tag defines if the application control service should be running or not running on the device. If set to false, the service does not run on the device.

Multiple Configuration Files

You can define​ multiple Android app monitoring policy files. For ​example, you can create a blacklist or a whitelist policy for different groups in your organization, such as a policy for your engineering group, a separate policy for your finance group, sales group, and so on. In order to create multiple app list configuration files, you need to retain the string appControlPolicyConfiguration in the file name. You can, however, modify the other part of the file name to help indicate the purpose of the file. For example:

  • appControlPolicyConfigurationOff.xml. An app monitoring policy in which certain apps cannot to run on the device, such as the camera.
  • appControlPolicyConfigurationDisable.xml. An app monitoring policyin which certain apps are blacklisted and cannot be installed on the phone.
  • appControlPolicyConfigurationEnable.xml. An app monitoring policy in which certain apps are whitelisted and can run on the device.