Sophos Mobile - How to block apps for Android Enterprise enrolled devices



With an MDM solution, being able to stop users from accessing certain apps is something many administrators wish to do. This guide will run through how you can block certain apps from being accessible on devices you wish to distribute to your users. 


  • To understand how you can use Sophos mobile to block apps on Android devices
  • To understand how you can form a list of applications within an App Group to add a level of app control to devices.


Creating the app group

 Before you can block apps within the Android enterprise device policy, you need to specify which apps you want to block. This is where App Groups can be used to create a list of apps for actions within Sophos mobile.


  1. In the mobile dashboard head to the Android section under “App groups” and click the “Create” button to create a new App Group. 



  1. Once you have created your App Group, click the “Add app” button. You have two options for adding apps:
  • A.Use the “App list” which is a list of apps that have already been installed on your managed devices. If you select an app from here, the required information for the app will automatically be populated.


  •  Use the “Custom” option to add the app information manually. To get this information head to the Google Play store webpage and search for the app you wish to add. Once you have found the app, grab the identifier from the URL. For example the identifier for Google Chrome is: 

Once you have the identifier, simply grab the app name and the entire URL of the Google Play Store link and enter these in the correct fields.




  1. After you have added all apps that you were looking to block, save the App Group then head to the Android Policies section within your mobile dashboard.


  1. Within the Android Policies section, open the Policy you wish to add the blocked App Group to. Please note that the Policy must be an Android enterprise device policy.


  1. After you have opened your Policy, click “Add configuration” and select “App Control”. Now select the App Group that you wish to block then select “Apply”.



  1. Lastly, save the Policy. Any devices that are already managed under this Policy will update on their next sync and the apps specified will be blocked. Any new devices that are enrolled under this Policy will also have the app blocked.


- The apps will now be blocked from opening.

Cleaned up the formatting
[edited by: Yashraj at 12:20 PM (GMT -8) on 27 Jan 2022]