Locking down android tablets

Just browsing

Locking down android tablets

My school is currently closed and we have loaned out a batch of Lenovo Android tablets, that I felt confident were sufficiently locked down to prevent the children installing their own apps on them.

I was, of course, proven wrong within a week. I have a small number of devices that have had games installed by the pupils. The first step will be the relevant staff following up with families, regarding signed agreements etc.

However, I am curious about what I have got wrong, so that I can learn from it. The devices were enrolled in Meraki using EMM. At first boot, in the email address box we entered something like 'eem@meraki' or similar. Then they have had the settings attached applied. During my testing, the end users couldn't download apps using the Play Store. I'm thinking that either:

* They have removed some of the settings / management profiles (I think less likely as they are listed in Meraki as being installed.

* They have downloaded .apk files from a website

(Only settings I didn't screenshot was the wallpaper.)


What have I done wrong? What have I missed?



Kind of a big deal
Kind of a big deal

Do the tablets by chance allow adding a personal account (I see modify account is enabled)?  If you add a personal account, does that allow you to access the play store and install apps under that account?


ADB is disabled, so they should not be able to install a downloaded APK.

Yes, they do allow additional accounts to be added. Initially I blocked this, but it meant that the pupils could not sign into the Google Classroom app, as it relies on system accounts.


I suspect that is what is happening.


Is there a way to only allow accounts from our domain to sign in?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.