Disable the camera
Block camera hardware while policy is active so managed users and other apps cannot capture images.
SP-MDM · SELF-HOSTED
On enrolled Android devices, SecurePhone MDM enforces hardware, lock-screen, system-app, and connectivity posture across the phone. It supports Android 6.0+ across manufacturers, with the strongest controls available when the DPC is provisioned as Device Owner.
cameraHardware capture
offmicrophoneSystem audio input
offlocationGPS + geofencing
offbluetoothBLE scan + pairing
offscreen-lockAndroid credential
requiredDevice policy handles the controls an encrypted messenger cannot enforce by itself. Availability varies by Android management tier and manufacturer, so deployments are validated against the actual device fleet.
Block camera hardware while policy is active so managed users and other apps cannot capture images.
Remove the operating-system microphone surface for shared, loaner, kiosk, or high-risk field devices.
Block location services system-wide so app requests fail and passive geofencing stops operating.
Close BLE scanning and pairing where trackers, beacons, or unauthorized accessories are part of the threat model.
Require an Android credential and lock behavior appropriate for unattended offices, vehicles, and field work.
On supported Device Owner deployments, disable managed Google packages and use signed APK delivery without depending on Play Store.
Assign required, allowed, and blocked applications by policy, with signed APK delivery available for supported deployment paths.
Control camera, microphone, location, storage, network, and other permissions where the Android management tier exposes them.
Require an approved VPN configuration and prevent ordinary users from weakening the managed network path on supported devices.
Connect a new or reset organization-owned phone to the correct customer, policy cohort, and licensed services during setup.
Review enrollment, policy synchronization, application state, remote actions, and device lifecycle events from the management surface.
Give properly enrolled Device Owner phones a dedicated last-resort control for an immediate whole-device factory reset.
Explore productThe management tier is established during enrollment, then policy and app state are maintained centrally throughout the device lifecycle.
Use compatible stock Android hardware or optional GrapheneOS where the threat model calls for it.
Provision the management app during setup so Android grants organization-owned device authority.
Select endpoint posture, required applications, update behavior, and user restrictions centrally.
Sync changes, review device health, and react to loss, role changes, or replacement from the management surface.
Android reserves the strongest controls for organization-owned enrollment. Device Admin or unmanaged installs cannot guarantee the same system-wide behavior.
Reseller demoSome Device Owner provisioning paths require a new or factory-reset phone.
OEM and Android-version differences can affect individual restrictions.
GrapheneOS is limited to supported Pixel hardware; stock Android remains supported more broadly.
A disabled sensor improves posture but does not replace physical handling procedures.
Map required Android controls to compatible hardware, enrollment, and operational ownership, then deploy SecurePhone MDM alone or with the complete SecurePhone stack.
Configure yours