product icon

Managing Android system applications with blocklists and allowlists

With GoTo Resolve MDM, administrators may control the availability of system applications on their Android devices. Depending on the manufacturer, the pre-installed system applications may vary between Android devices.

This article shows how administrators may define application availability with enrollment settings. It also instructs how to use GoTo Resolve MDM configuration profiles to restrict the use of specific system applications with blocklists (previously known as blacklists) and allowlists (previously known as whitelists).


  • Work profile or Device owner mode is enabled for target Android devices.
  • Allowlisting requires GoTo Resolve MDM Client version 2.4.0 or above.
  • Blocklisting requires GoTo Resolve MDM Client version 2.6.5 or above.

System applications in enrollment settings

When administrators are adding devices to GoTo Resolve MDM, they can define, if the system applications are allowed for their Android devices or not. To set the enrollment settings go to Enrollment > Android Enterprise.

Android Enterprise system application settings
The layout of the screen may look different in the product.

By choosing "Keep system applications", all system applications are allowed for enrolled devices. If the option is unchecked, system applications are unavailable on the devices. Some system applications are required to make the device run and are available on the device despite the setting.

Blocklisting and allowlisting system applications

If there is a need to block or allow just a few system applications on the devices, the administrator may create a blocklist or an allowlist of these applications. The administrator may allow all system applications during the device enrollment and then create a blocklist to restrict the use of some applications. Another way is to make system applications unavailable at the enrollment and then grant some with an allowlist.

To allowlist or blocklist the applications, go to Management > Configuration profiles and press Add on top of the page to create the configuration profile.

Choose the platform Android and from the next step, select Restrictions.

Android configuration profile wizard in Miradore.
The layout of the screen may look different in the product.

From the tab Application control, you may create either an allowlist or a blocklist about the system applications.

Android allowlist and blocklist configuration in Miradore.
The layout of the screen may look different in the product.

Type the application package name into the text field and press Add. Add applications one by one, and you can see already listed applications on top of the text field.

For the specific device, you may find its application package names from the Applications tab of the Device page. Package names are also visible as "Application identifiers" on the Application list page in GoTo Resolve MDM.

When all the needed applications are listed, go to the next step and follow the instructions of the wizard to finalize the configuration profile.

Important information

There are several different ways to deploy configuration profiles. You may, for example, go to Management > Device list, choose the applicable devices, and select Deploy configuration profile under the Deploy dropdown button. More ways to deploy the configuration profile you may find here.

By configuring managed Google Play Enterprise for your organization, you can have better control over the available applications on the devices. For more information, please see the articles How to configure managed Google Play Enterprise and Restricting the use of personal Google accounts on Android devices.

Article last updated: 8 February, 2023