Back to top

Restrict device users from deleting the VPN profile

Last updated November 30th, 2023

Categories:

Environment

  • Android Enterprise
  • Knox API level 11 and higher
  • EMMs
  • Third-party VPN app development

Overview

You might encounter an issue where a device user is able to delete the VPN profile from their device. There are a few methods to restrict

Restrict device users from deleting the VPN profile

For IT admins, if your EMM has implemented the setAlwaysOnVpnPackage() method, the VPN profile can be restricted. Please consult your EMM’s documentation for vendor-specific steps on how to configure this method.

For developers of third-party VPN apps, implementing the allowUserChangeProfiles() method can restrict users from removing the VPN profile.

The following is a sample implementation:

EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
VpnPolicy vpnPolicy = edm.getVpnPolicy();
try {
    boolean result = vpnPolicy.allowUserChangeProfiles(false);
    if (result) {
        // Policy was applied successfully and
        // user changes on profiles are blocked
    } else {
        // Some error occured and the policy was not applied properly
    }
} catch (SecurityException e) {
    Log.w("VPNPolicy","Exception: "+e);
}
Back to KBAs

Is this page helpful?