Ability blacklist and whitelist applications on the Android platform. Let's take a look at how it works:
Prevents you from using the applications defined in the policy. For Android operation systems before Lollipop, when a blacklisted application is clicked a screen is displayed to prevent you from using the app. For the Lollipop Android operating systems and after, the blacklisted apps will be hidden. Blacklisting can be used on both BYOD and COPE devices.
Allows you to only install the applications defined in the policy. This feature requires another application, i.e., WSO2 IoT Server System app, that is signed by the device firmware owner. Therefore, generally, it will be available for COPE devices but if you are able to get the WSO2 IoT Server system application signed via a firmware signing key, then you are able to use it for BYOD devices too.
In addition to the above, you are able to enable application restrictions via the restrictions policy. The restrictions policy has two settings to restrict application installation and uninstallation. For this, the WSO2 IoT Server application needs to have device owner privileges or the device needs to have the WSO2 IoT Server System app installed.