What does "Security policy prevents installation of this application" mean?

You might see this message in these scenarios:

Device user installs an app blocked by corporate policy

An enterprise can use an MDM system to define the apps that employees are or are not allowed to install on mobile devices. This is for security purposes, to prevent unauthorized apps from potentially interfering with devices and apps used to manage private company assets.

If you see this message, this means there is an app blocking policy applied on your device. Only an enterprise IT admin with access to the MDM system can modify the policy. You should consult with the IT admin to determine if the app you want to install can be allowed, by either adding it to an app allow list or removing it from an app block list.

How IT admins unblock an app depends on the MDM system and whether the Knox Service Plugin is being used.

MDM developer re-installs an MDM app

MDM developers might also see the message if you do the following:

  1. Install an MDM app onto a device, for example, using Android Studio ADB.
  2. Create a work profile.
  3. Change the MDM app code and install it on the device again.

The Android Multiple User Framework attempts to install the MDM app into all user spaces, including the work profile. For security reasons, you cannot use ADB to install apps into the work profile.

You must remove the work profile before you can re-install your MDM app. To do this, disable the Device Administrator from Settings > Security > Device Administrators. If you need to re-install your MDM app regularly, for debugging purposes, you should programmatically do this as an active admin by calling:

ComponentName devAdminReceiver = new ComponentName(getBaseContext(), TestAdmin.class); 
// Context and class name of your device admin 
DevicePolicyManager dpm = (DevicePolicyManager)getBaseContext().getSystemService(Context.DEVICE_POLICY_SERVICE);