Skip to content
Customer Portal
  • There are no suggestions because the search field is empty.

Feature Control

Feature Control lets administrators manage device-level functionalities such as USB access, factory reset, camera usage, and more. It is especially useful for ensuring compliance, maintaining device integrity, and preventing unauthorized modifications by end users. This guide explains how to configure Feature Control in the Springmatic platform for Android Enterprise device profiles.

Key Benefits

  • Prevent Unauthorized Changes – Block modifications to critical system settings.
  • Enhance Security – Restrict risky features such as USB Debugging.
  • Enforce Corporate Policies – Apply standardized configurations across managed devices.
  • Reduce IT Support Incidents – Minimize misconfigurations and related troubleshooting.

Step 1 - Access the Feature Control Menu

  1. Log in to your Springdel console.
  2. Navigate to the Profiles section from the left-hand menu.
  3. Click the “Create New Profile +” button and select Android Enterprise as the device type.
  4. In the profile sidebar, click Feature Control and toggle the Feature Control Enabled switch to On.

Step 2 - Configure Specific Features

  1. Maximum Time to Lock:
    Specifies the maximum time (in seconds) before the device screen automatically locks. Setting this ensures devices are secured after a period of inactivity.

  2. Screen Capture Disabled:
    Controls whether users can take screenshots or record the screen.
    • Enabled: Prevents screenshots and screen recordings.
    • Disabled: Allows normal capture behavior.

  3. Keyguard Disabled Features:
    • Determines which lock screen elements are disabled (e.g., notifications, camera shortcuts).
    • Helps restrict access to features on a locked device.

  4. Default Permission Policy:
    Defines how app permissions are automatically handled.
    • Prompt: User decides each time an app requests permission.
    • Grant: Automatically approves permissions.
    • Deny: Automatically denies permissions.

  5. Block Add User:
    • Prevents users from adding secondary user profiles on the device.
    • Useful in corporate-managed deployments to prevent data separation or misuse.

  6. Adjust Volume Disabled:
    • Blocks manual volume adjustment through buttons or system settings.
    • Often used for kiosk or always-on display scenarios.

  7. Factory Reset Disabled:
    • Disables the option to factory reset the device from settings.
    • Prevents users from wiping MDM management or enrolled configurations.

  8. Mount Physical Media Disabled:
    • Restricts use of physical storage devices such as SD cards or USB drives.
    • Prevents unauthorized data transfer or storage.

  9. Modify Accounts Disabled:
    • Prevents users from adding, changing, or removing accounts on the device.
    • Helps maintain managed account configurations.

  10. Keyguard Disabled:
    • Completely disables the lock screen.
    • Use cautiously — typically only for kiosk or dedicated-display devices.

  11. Bluetooth Disabled:
    Controls overall Bluetooth functionality.
    • Enabled: Bluetooth works normally.
    • Disabled: Bluetooth hardware is turned off.

  12. Bluetooth Config Disabled:
    • Prevents users from changing Bluetooth settings (on/off, pairing).
    • Bluetooth remains available, but users cannot modify configurations.

  13. Bluetooth Contact Sharing Disabled:
    • Stops contact information from being shared via Bluetooth.
    • Useful to prevent personal data leakage over paired devices.

  14. Cell Broadcasts Config Disabled:
    • Disables configuration of cell broadcast messages (e.g., emergency alerts).
    • Keep enabled unless required by local compliance.

  15. Credentials Config Disabled:
    • Restricts user ability to install or remove security certificates.
    • Ensures only admin-approved certificates are trusted.

  16. Mobile Networks Config Disabled:
    • Prevents changes to SIM, APN, or mobile network settings.
    • Useful to lock connectivity to enterprise-defined network parameters.

  17. Tethering Config Disabled:
    • Disables all tethering options (Wi-Fi hotspot, USB tethering, Bluetooth sharing).
    • Prevents users from sharing mobile data.

  18. VPN Config Disabled:
    • Prevents users from adding or modifying VPN configurations.
    • Ensures only managed VPN connections are used.

  19. Wi-Fi Config Disabled:
    • Prevents manual Wi-Fi changes.
    • Admins can still push Wi-Fi configurations remotely through profiles.

  20. Create Windows Disabled:
    • Restricts the ability to open multiple app windows or split-screen views.
    • Used to maintain focus in single-app or kiosk scenarios.

  21. Network Reset Disabled:
    • Prevents the user from performing a network reset from system settings.
    • Ensures MDM connectivity and Wi-Fi configurations remain intact.

  22. Outgoing Beam Disabled:
    • Blocks the Android Beam (NFC) feature for file sharing.
    • Reduces the risk of peer-to-peer data transfer.

  23. Outgoing Calls Disabled:
    • Prevents placing outbound calls from the device.
    • Ideal for kiosk or limited-function devices.

  24. Remove User Disabled:
    • Prevents deletion of user profiles from the device.
    • Helps maintain enrollment and assigned work profiles.

  25. Share Location Disabled:
    • Prevents users from sharing their live location with apps or contacts.
    • Enhances privacy and data protection.

  26. SMS Disabled
    • Blocks SMS functionality entirely.
    • Useful for kiosk or data-only devices.

  27. Stay on Plugged Modes:
    Controls whether the screen remains active when charging.
    • Unspecified: Default Android behavior.
    • Enabled: Keeps display on while plugged in.
    • Disabled: Allows normal screen timeout.

  28. Set User Icon Disabled:
    • Prevents users from changing their account profile picture.
    • Ensures consistent managed identity on shared or corporate devices.

  29. Set Wallpaper Disabled:
    • Blocks the ability to change the device wallpaper.
    • Used for branding consistency or kiosk mode setups.

  30. FRP Admin Emails:
    • Defines administrator email addresses authorized for Factory Reset Protection (FRP) recovery.
    • Important for reclaiming devices after unauthorized resets.

  31. Data Roaming Disabled:
    Manages roaming data usage on mobile networks.
    • Allow User to Configure: User decides manually.
    • Disabled: Blocks all roaming data access.
    • Enabled: Keeps roaming on at all times.

  32. Location Mode:
    Controls the device’s GPS and location service behavior.
    • User Choice: User may toggle location.
    • Enforced: Always keeps GPS active.
    • Disabled: Completely turns off location.

  33. Network Escape Hatch Enabled:
    • Allows devices temporarily locked out of network access to reconnect for recovery or updates.
    • Use sparingly for emergency maintenance.

  34. Fun Disabled:
    • Removes access to entertainment features (e.g., games, non-business apps).
    • Ensures productivity-only usage on work devices.

  35. Permitted Accessibility Services:
    • Specifies which accessibility apps are permitted (e.g., TalkBack).
    • Admins can whitelist package names for approved services.

  36. Skip First Use Hints Enabled:
    • Skips Android’s initial user hints/tutorials on first boot or setup.
    • Streamlines deployment for managed devices.

  37. Private Key Selection Enabled:
    • Allows users to manually choose private keys for apps or connections.
    • Keep disabled unless explicitly needed for enterprise certificates.

  38. Auto Date and Time Zone:
    Sets how devices manage date and time synchronization.
    • Unspecified: Default system behavior.
    • User Choice: User may change manually.
    • Enforced: Always syncs with network-provided time.

  39. Camera Access:
    Controls access to front and rear cameras.
    • User Choice: User controls camera.
    • Disabled: Completely disables camera.
    • Enforced: Keeps camera enabled at all times.

  40. Microphone Access:
    Controls access to the device microphone.
    • User Choice: User decides.
    • Disabled: Blocks microphone access entirely.
    • Enforced: Always allows microphone use.

  41. USB Data Access:
    Defines how USB connections behave.
    • Allow USB Data Transfer: Full data access enabled.
    • Disallow USB File Transfer: Blocks file transfers but allows charging.
    • Disallow USB Data Transfer: Fully disables USB data usage.

  42. Configure Wi-Fi:
    Controls Wi-Fi configuration access.
    • Allow Configure Wi-Fi: User can modify Wi-Fi settings.
    • Disallow Add Wi-Fi Config: Prevents adding new Wi-Fi networks.
    • Disallow Configuring Wi-Fi: Locks all Wi-Fi settings.

  43. Wi-Fi Direct Settings:
    Controls peer-to-peer Wi-Fi (Wi-Fi Direct).
    • Allow Wi-Fi Direct: Enables file transfers between nearby devices.
    • Disallow Wi-Fi Direct: Prevents unauthorized device connections.

  44. Tethering Settings:
    Controls mobile hotspot and tethering options.
    • Allow All Tethering: Enables all tethering types — Wi-Fi, USB, and Bluetooth.
    • Disallow Wi-Fi Tethering: Blocks hotspot sharing but still allows USB or Bluetooth tethering.
    • Disallow All Tethering: Disables all tethering options completely, preventing the device from sharing its connection in any form.

Step 3 - Associate the Profile

  1. Once your profile is configured with the desired feature control, associate the profile with the target fleet.
  2. Once associated, the feature control will be deployed on all devices in that fleet according to the profile settings.

Best Practices & Tips

  • Enforce Essential Restrictions: Always disable high-risk options such as Factory Reset, USB Data Transfer, and Unknown Source installations to prevent users from bypassing MDM controls or transferring unauthorized data.
  • Stabilize Connectivity: Lock Wi-Fi and Network Reset configurations to maintain uninterrupted MDM communication, especially for kiosk or remote devices that rely on consistent connectivity.
  • Protect Device Privacy & Data: Disable Screen Capture and limit Camera or Microphone access on devices handling sensitive or confidential information.
  • Enable Location & Time Enforcement: Enforce Location Mode and Auto Date/Time Zone settings to ensure accurate tracking, compliance reporting, and consistent device behavior across fleets.