Android Enterprise Permission Management

Satish Shetty Updated by Satish Shetty

For all the Android Enterprise deployed apps, app run time permissions are managed through MDM.

Device Wide Permission Policy

By default in the device, We auto-grant all the requested permissions in all the deployed apps. The MDM administrator can change the permission enforcement logic device wide using the below select list box.

  • PERMISSION_POLICY_PROMPT - Let end users control the permission
  • PERMISSION_POLICY_AUTO_GRANT - Automatically grant all the requested app permissions
  • PERMISSION_POLICY_AUTO_DENY - Automatically deny all the requested app permissions


All required permissions are granted automatically to all the apps that are getting installed.

Deny All App permissions

App permissions are denied automatically to all the apps that are getting installed

Individual App Permission Control

The MDM Administrator can also control the individual runtime permissions in an app. See below image illustrations. For example, The MDM Administrator can deny "Device wide" permissions but then allow only permissions for a single app.

Allowing Camera Permission only for Google Lens.


Camera allowed only for Google Lens.

Disallowing Camera only for Google Lens

Camera denied only for Google Lens.

How did we do?

How to enable Android app permissions?