Skip to content
Customer Portal
  • There are no suggestions because the search field is empty.

Security Management

The Security Management section in Springdel Android Enterprise profiles allows administrators to configure comprehensive security controls for corporate devices. These settings cover encryption enforcement, Play Store management, reporting, and advanced device restrictions — ensuring every managed device complies with enterprise security standards.

Key Benefits

  • Enhanced Device Protection – Enforces encryption, password policies, and Play Protect to safeguard sensitive data.
  • Granular Control – Administrators can define permissions, block untrusted apps, and restrict developer settings.
  • Improved Visibility – Status reporting and usage logs provide IT teams with detailed device insights.
  • Flexible Restrictions – Options to disable camera, screen capture, and specific account types strengthen corporate security posture.

Step 1 - Access the Security Menu

  1. Log in to your Springdel console.
  2. Navigate to the Profiles section from the left-hand menu.
  3. Click the “Create New Profile +” button and select Android Enterprise as the device type.
  4. In the profile sidebar, click Security and toggle the Security Management Enabled switch to On.

Step 2 - Configure Security Features

Once Security Management Enabled is toggled on, additional configuration options appear:

  • Account Types With Management Disabled – Blocks specific account types (e.g., personal Gmail) from being added to the device.
  • Minimum API Level – Sets the minimum supported Android API version. Devices below this version cannot be enrolled.
  • Encryption Policy – Determines whether device storage must be encrypted. Options include enforcing encryption or leaving it unspecified.
  • Play Store Mode – Defines how the Google Play Store behaves on managed devices (e.g., unrestricted, work apps only).

1. Status Reporting Settings 

This section defines how devices report operational and compliance data back to the console. It helps administrators monitor hardware, software, and system configurations.

  • Application Reports Enabled – Tracks and reports installed applications.
  • Device Settings Enabled – Reports device-level configuration and settings.
  • Software Info Enabled – Captures OS and firmware version details.
  • Memory Info Enabled – Provides memory usage statistics.
  • Display Info Enabled – Reports display characteristics.
  • Power Management Events Enabled – Tracks power-related activities (e.g., reboots, shutdowns).
  • Hardware Status Enabled – Collects device hardware health and status data.
  • System Properties Enabled – Reports system-level properties and configurations.
  • Include Removed Apps – Keeps a log of uninstalled apps for auditing.
  • Common Criteria Mode Enabled – Applies stricter compliance settings for devices requiring high-assurance certification.
  • Permission Grants – Allows administrators to explicitly grant or deny app permissions.
  • Password Policies – Defines password requirements for work or fully managed devices.
  • Choose Private Key Rules – Rules for determining apps' access to private keys.
  • Policy Enforcement Rules – Rules that define the behavior when a particular policy can not be applied on device.

2. Advanced Security Settings:

These controls define the device’s security posture, covering app validation, Play Protect, and developer settings.

  • Untrusted Apps Policy – Controls whether apps not verified by Google Play are allowed.
  • Google Play Protect Verify Apps – Ensures Play Protect scans and verifies apps for security.
  • Developer Settings – Restricts or allows developer options on the device.
  • Common Criteria Mode – Enforces additional security standards required by certain organizations.
  • Personal Apps That Can Read Work Notifications – Restricts which personal apps may access work notifications.

3. Personal Usage Policies

This section governs how personal profiles and applications behave on managed devices to maintain enterprise data security.

  • Camera Disabled – Prevents the use of the device’s camera, useful in secure environments where photography is restricted.
    Screen Capture Disabled – Blocks screen capture and screen recording functions to protect sensitive information.
  • Account Types With Management Disabled – Defines which account types (e.g., personal Gmail) are restricted from being added in personal profiles.
  • Max Days With Work Off – Specifies the maximum number of consecutive days the work profile can remain disabled. For example, setting this to “3” ensures that after three days, the work profile must be re-enabled.
  • Personal Play Store Mode – Determines how the Google Play Store functions in the personal profile. Options include unrestricted access, work-apps-only, or unspecified.

4. Cross Profile Policies

These settings control how information flows between the Work Profile and the Personal Profile on an Android Enterprise device. They help ensure corporate data remains isolated while still allowing certain controlled interactions.

  • Show Work Contacts in Personal Profile – Determines whether contacts stored in the work profile can be visible in the personal profile (e.g., for calls or messaging).
  • Cross Profile Copy Paste – Controls whether users can copy text or data from apps in one profile and paste it into apps in the other profile.
  • Cross Profile Data Sharing – Defines whether apps can share files, images, or other data across the work and personal profiles.
  • Work Profile Widgets Default – Sets whether widgets from work profile apps can be placed on the device’s main (personal) home screen.

5. Usage Log

The Usage Log settings allow administrators to monitor device activity by enabling detailed logs. These logs help IT teams with compliance, troubleshooting, and auditing.

  • Enabled Log Types – Defines which types of logs are captured (e.g., application usage, system events, or security-related activities). This can be tailored to organizational needs for auditing and compliance.
  • Upload on Cellular Allowed – Determines whether log files can be uploaded when the device is connected to mobile data. If disabled, logs are only uploaded over Wi-Fi to reduce data costs.

Step 3 - Associate the Profile

  1. Once your profile is configured with the desired security features, associate the profile with the target fleet.
  2. Once associated, the security features will be deployed on all devices in that fleet according to the security settings.

Best Practices & Tips

  • Set a Safe Threshold: Use a conservative period (e.g., 30 days) to avoid accidental wipes during repairs or extended travel.
  • Communicate Policies to Users: Inform device users about the wipe policy to prevent unexpected resets.
  • Monitor Device Status Regularly: Keep track of devices approaching the offline limit to take preventive action.
  • Combine with Other Features: Use in conjunction with Geofencing or Location History to verify device status before initiating a wipe.