Advanced Security Overrides
Introduction
For devices enrolled in Android Enterprise, the “Advanced Security Overrides” configuration provides deep control capabilities. Administrators can determine whether the installation of APK files from third-party sources is permitted, whether Google Play Protect verification is enforced, and whether developer mode is available for testing purposes.
Configuration Options
Allow Installation from Unknown Sources
This setting controls whether apps can be installed from sources outside the Google Play Store (side-loading). Three options are available:
- Disallow on entire device: The installation of untrusted apps is prohibited across the entire device.
- Allow in personal profile only: Side-loading is permitted exclusively within the user’s private profile.
- Allow on entire device: The installation of untrusted apps is permitted across the entire device.
Enforce Google Play Verification
Determines whether security scanning by Google Play Protect is mandatory to identify malicious software.
- Yes: Verification is enforced system-wide and cannot be disabled by the user.
- User Choice: The end user decides whether the verification should be active.
Device Encryption Policy
Defines the security level for data encryption on the physical storage.
| Option | Description |
|---|---|
| No encryption required | No encryption of user data is enforced. |
| Encryption required, no password at boot | Data is encrypted, but no password is required during the boot process. |
| Encryption required, password at boot | Encryption is active and requires a password to be entered during the startup process. |
Allow Developer Settings
This defines whether Developer Mode can be unlocked on the device. This is primarily relevant for debugging purposes or app testing. For standard production use, this option should remain disabled for security reasons.
Common Criteria Mode
Common Criteria Mode is used to comply with international security standards for information technology.
How it works: Enabling this mode strengthens specific security components. This particularly affects the AES-GCM encryption of Bluetooth Long Term Keys and the hardened storage of Wi-Fi configurations.
Warning: Common Criteria Mode enforces an extremely strict security model. This is typically only required for IT infrastructures in national security systems or highly sensitive organizations. The use of standard apps or everyday device functions may be affected. Only activate this mode if explicitly required.