Back to top

Manage app permissions on Wear OS devices

Last updated September 6th, 2023

Set permissions for the third-party apps on a device to provide or restrict access to the device and user data. You can grant or deny runtime permissions for apps or set a prompt for device users to confirm runtime app permissions.

  1. On the Knox Manage console, go to Profile.

  2. Create a new profile or click the name of an existing profile to edit it.

  3. In the profile’s details, click Modify Policy. The Set Policy page opens.

  4. Click Wear OS > Application to open the Application policy group.

  5. In the App Permission field, select:

    • Grant - to provide access to app permissions.
    • Deny - to restrict app permissions.
    • Prompt - to allow the device users to grant or deny app permissions.

    App permissions menu

  6. For the App Permission Exception Policy List policy, click Add and select an app to set its permissions. The App permission setting dialog opens with all permissions set to Grant, by default.

    App permissions exception policy list field

  7. As needed, select Grant, Deny, or Prompt for each permission and click Save.

    App permissions exception policy list field

  8. Click Save & Assign to save the changes to the profile and push it to the devices.

Set delegation scope for third-party apps

You can specify the delegation scope for third-party apps to allow them access and use of device API and policy control.

As an example, consider using the delegation scope settings to allow access to a device’s interface, including information such as IMEI and Serial Number of a smartwatch:

  1. On the Knox Manage console, navigate to Profile > Modify Profile > Wear OS > Application. The Application policies page displays.

  2. In the App Delegation Scope Management field, select Apply.

  3. In the Package Name field, click Select and select the required app in the Select Application dialog.

  4. In the Delegation Scope field, select Certificate installation and management.

    When requesting device identification, declare READ_PHONE_STATE authority and call Build.getSerial() or TelephonyManager.getImei() API by target package.

  5. Repeat steps 3 and 4 to add the required apps.

  6. Click Save.

Is this page helpful?