What does "Security policy prevents installation of this application" mean?

You can see an error message, "Security policy prevents installation of this application" when you perform the following steps:

  1. Install an MDM app onto a device (using Android Studio ADB)
  2. Create a Knox container
  3. Change MDM app code and install it on the device again

The Android Multiple User Framework will attempt to install the MDM app into all user spaces, including the Knox container. For security reasons, you cannot use ADB to install apps into the Knox container.

You must remove the Knox container before you can re-install your MDM app. To do this, disable the Device Administrator from Settings > Security > Device Administrators. If you need to re-install your MDM app regularly, for debugging purposes, you should programmatically do this as an active admin by calling:

ComponentName devAdminReceiver = new ComponentName(getBaseContext(), TestAdmin.class); // Context and class name of your device admin DevicePolicyManager dpm = (DevicePolicyManager)getBaseContext().getSystemService(Context.DEVICE_POLICY_SERVICE); dpm.removeActiveAdmin(devAdminReceiver);