Skip Navigation

Restricting apps using BlackBerry enterprise services

Simple steps to block specific apps on company managed devices

  1. BlackBerry Docs
  2. Restricting apps using BlackBerry services

BlackBerry offers several options in BlackBerry UEM to restrict specific apps from being installed on mobile devices within your organization. For more information about different UEM activation types, see device activation in the UEM documentation. You can click on any of the options below for details and instructions to restrict apps across different products and activation types.

Devices with this activation type can access only approved apps in the Work Play Store. Users can only install apps that you approve. You can use the following steps to add a specific app to the app list. Apps that are not on the app list cannot be installed on the device. 

This activation creates a work and personal profile on the device. You can use different methods to restrict specified apps in each profile:

  • The work profile has access only to approved apps in the Work Play Store. Users can only install apps that you approve.
  • The personal profile will not have access to specific apps if the app is restricted in an IT policy. Restricting apps for a personal profile is only available for Android 11 and later devices.  

With this activation type, the work profile has access only to approved apps in the Work Play Store, and users can only install apps that you approve.

A personal profile has no method to prevent users from installing certain apps on the personal side because the device is not fully managed. However, you can use CylancePROTECT Mobile for UEM to warn users of the threats that a specific app places on their devices.

With this activation type, there is no way to prevent users from installing specific apps because the device is not fully managed. You can, however, install, manage, and remove BlackBerry Dynamics apps on user devices. You can also use CylancePROTECT Mobile for UEM to warn users of the threats that a specific app places on their devices.

To restrict apps, you must create a compliance profile and add the apps to the restricted app list in the profile. For supervised iOS devices, if a user tries to install a restricted app, the app is hidden. If a restricted app is already installed, it is hidden from the user without any notification.

To restrict apps, you must create a compliance profile and add the apps to the restricted app list in the profile. For supervised iOS devices, if a user tries to install a restricted app, the app is hidden. If a restricted app is already installed, it is hidden from the user without any notification.

Add a public app to the app list

1. In the management console, click Apps, then click the apps icon.

 

2. Click Google Play.

Select Google Play

 

3. Complete the fields and include the web address for the Google Play app. Click Add. For more information on these fields, see Add an Android app to the app list.

 

 

BlackBerry UEM work profile

Add a public app to the app list

1. In the management console, click Apps, then click the apps icon.

 

2. Click Google Play.

 

3. Complete the fields and include the web address for the Google Play app. Click Add. For more information on these fields, see Add an Android app to the app list.

 

 

BlackBerry UEM personal profile 

Create an IT policy for Android 11 devices

On Android 11 and later devices, you must restrict apps in an IT policy.

1. In the management console, click Policies and profiles > IT policies > +.

 

2. Enter a name and description for your IT policy and click the Android tab.

 

3. In the Personal profile (all Android devices) section, in the Allowed personal apps from Google Play drop-down list, select Block specified apps. Click + beside Personal apps and enter the package IDs for the apps that you want to block in the personal space. 

 

4. After you create an IT policy, you must assign it to users. For more information, see Assign a profile or IT policy to a user account in the BlackBerry UEM documentation.

 

 

BlackBerry UEM work profile 

Add a public app to the app list

1. In the management console, click Apps, then click the apps icon.

 

2. Click Google Play.

 

3. Complete the fields and include the web address for the Google Play app. Click Add. For more information, see Add an Android app to the app list.

 

 

BlackBerry UEM personal profile

You can use CylancePROTECT Mobile for UEM to prevent users from accessing work resources on BlackBerry Dynamics apps while a device is out of compliance. For more information, see Malware scanning behavior by activation type. Depending on the products and licenses that your organization owns, you may need to purchase CylancePROTECT Mobile for UEM. For more information, see the enterprise licensing guide.

Enable malware detection for Android devices

1. If you own the entitlement for CylancePROTECT Mobile in UEM, you can enable it in the management console. Go to Settings > Services and click Enable in the CylancePROTECT row.

2. In the management console, click Policies and profiles > Protection > BlackBerry Protect > +

 

3. Enter a name and description for the CylancePROTECT Mobile profile, then click the Android tab. 

 

4. In the Malicious app package detection section, select Scan new and exisiting app packages from device for safety check, then select Always block apps in restricted app list.

 

5. In the Sideloaded app detection section, select Enable sideloaded app detection and click Save.

 

 

Add an app to the restricted app list

1. In the management console, click Settings > CylancePROTECT > Restricted apps > Restricted apps > +.

 

2. Select how you would like to add the app to the restricted app list.

 

3. Do one of the following:

  • If you selected Select an app file, click Browse and select the .apk file for the app, and click Upload.
  • If you selected Manually enter the app's hash info, complete the fields and click Save.

 

 

Create a compliance profile

1. In the management console, click Policies and profiles > Compliance > +.

 

2. Add a name and description and click the Android tab.

 

3. In the Malware detected section, select Malicious app package detected and confiure the actions to take when a malicious app package is detected.

 

4. Click Save.

5. After you create a compliance profile, you must assign it to users. For more information, see Assign a profile or IT policy to a user account in the BlackBerry UEM documentation.

 

 

BlackBerry UEM Android user privacy 

You can use CylancePROTECT Mobile for UEM to prevent users from accessing work resources on BlackBerry Dynamics apps while a device is out of compliance. For more information, see Malware scanning behavior by activation type. Depending on the products and licenses that your organization owns, you may need to purchase CylancePROTECT Mobile for UEM. For more information, see the enterprise licensing guide.

Enable malware detection for Android devices

1. If you own the entitlement for CylancePROTECT Mobile in UEM, you can enable it In the management console. Go to Settings > Services and click Enable in the CylancePROTECT row.

2. In the management console, click Policies and profiles > Protection > BlackBerry Protect > +

 

3. Enter a name and description for the CylancePROTECT Mobile profile, then click the Android tab. 

 

4. In the Malicious app package detection section, enable Scan new and exisiting app packages from device for safety check, then enable Always block apps in restricted app list.

 

5. In the Sideloaded app detection section, enable Enable sideloaded app detection and click Save.

 

 

Add an app to the restricted app list

1. In the management console, click Settings > CylancePROTECT > Restricted apps > Restricted apps > +.

 

2. Select how you would like to add the app to the restricted app list.

 

3. Do one of the following:

  • If you selected Select an app file, Click Browse, select the .apk file for the app, and click Upload.
  • If you selected Manually enter the app's hash info, complete the fields, and click Save.

 

 

Create a compliance profile

1. In the management console, click Policies and profiles > Compliance > +.

 

2. Add a name and description and click the Android tab.

 

3. In the Malware detected section, select Malicious app package detected and confiure the actions to take when a malicious app package is detected.

 

4. Click Save.

5. After you create a compliance profile, you must assign it to users. For more information, see Assign a profile or IT policy to a user account in the BlackBerry UEM documentation.

Add an app to the restricted app list

1. In the management console, click Apps > Restricted Apps > +

 

2. Click App Store.

 

3. Type the app name in the search bar and click Add.

 

 

Create a compliance profile

1. On the management console, click Policies and profiles > Compliance > +.

 

2. Complete the Name, Description, Email sent when violation is detected, Enforcement interval, and Device notification sent when violation is detected fields. For more information on these fields, see Create a compliance profile.

 

3. In the iOS tab, select Restricted app is installed, then click + > Select an app from the restricted app list. For supervised iOS devices versions 9.3.2 and later, you can click Select a built-in app.

 

4. Do one of the following:

  • Select apps from the app list
  • Specify the app package ID

 

5. Do one of the following:

  • If you selected Select apps from the app list, select the app from the restricted app list then click Add.
  • If you selected Specify the app package ID, enter the package ID in the text field.

 

6. Complete the Restricted app is installed fields then click Save.

 

7. After you create a compliance profile, you must assign it to users. For more information, see Assign a profile or IT policy to a user account in the BlackBerry UEM documentation.

Add an app to the restricted app list

1. In the management console, click Apps > Restricted Apps > +

 

2. Click App Store.

 

3. Type the app name in the search bar and click Add.

 

 

Create a compliance profile

1. On the management console, click Policies and profiles > Compliance > +.

 

2. Complete the Name, Description, Email sent when violation is detected, Enforcement interval, and Device notification sent when violation is detected fields. For more information on these fields, see Create a compliance profile.

 

3. In the iOS tab, select Restricted app is installed, then click + > Select an app from the restricted app list. For supervised iOS devices versions 9.3.2 and later, you can click Select a built-in app.

 

4. Do one of the following:

  • Select apps from the app list
  • Specify the app package ID

 

5. Do one of the following:

  • If you selected Select apps from the app list, select the app from the restricted app list then click Add.
  • If you selected Specify the app package ID, enter the package ID in the text field.

 

6. Complete the Restricted app is installed fields then click Save.

 

7. After you create a compliance profile, you must assign it to users. For more information, see Assign a profile or IT policy to a user account in the BlackBerry UEM documentation.