Skip to main content
Cisco Meraki Documentation

Controlling Android System Apps


When enrolling Android devices into Systems Manager through Android Enterprise (formerly Android for Work), Meraki Dashboard administrators have the ability to limit which default system apps (e.g. Gmail, SMS app, phone dialer, etc.) are installed. 

This is done through the 'System Apps' payload found in Systems Manager > Manage > Settings.

Note: For information on configuring Android Enterprise in Systems Manager, see our deployment guide

System App Behavior

Installing a profile with this payload changes behavior based on the device's enrollment method:

  • In Device Owner mode, this controls which applications are accessible upon initial bootup of the device, as Device Owner enrollments require a factory reset.
  • In Work Profile mode, this controls which applications are provisioned as a 'badged' work application in the device's containerized work profile.


By default, all apps will be disabled when enrolling in Device Owner mode, including the default SMS and phone dialing apps. The applications that are installed by default or treated as 'system apps' will vary by device manufacturer - for example, Samsung devices use different dialer, camera, and SMS apps from Google Nexus or Pixel devices. In the first screenshot below, the default Google SMS Messenger app is shown as disabled upon enrollment into Device Owner mode.

Work profile enrollments by default will only provision badged 'work' versions for Systems Manager, the managed Play Store, and a few other vendor-native apps, depending on the device. Access to these apps can be further customized with the System Apps payload, as you may not want multiple apps duplicated for your end users.

Critical apps may be missing due to system app behavior. It may be necessary to add critical apps to the "System Apps" payload for device functionality. For example, Google GBoard keyboard may require bundleID be added. To determine if critical applications or functionality is being blocked due to system app behavior, push an empty "block list" system apps payload (described below).

Screenshot_20170726-154806.png        image.png


Using the System Apps Payload

If listed in the Play Store, an application's package name will be listed in the URL when searching the app on a web browser. Package names can also be found online, or via a package reader app downloaded to the device, which may be useful in the case where the OEM has loaded proprietary apps such as for camera or mail functions.

The payload can be configured as an allow list, which will enable the specified apps, and block all other system apps, or a block list, which selectively blocks specific apps and allows all others. The application selector presents some commonly used default applications, but apps that are not listed can be added by typing in the application id (e.g. 'com.example.myapp'). 

An empty block list payload is a valid configuration. For example, if you want to enable all default system apps in Device Owner mode without enumerating all the identifiers, scope an empty block list to 'block nothing' essentially 'allowing all' default apps. Access to Play Store apps will still be limited to what is configured in the Systems Manager Apps page.

In Work Profile mode, reducing the number of duplicated apps helps avoid cluttering your users' devices and taking up unnecessary storage space. Either block list or allow list can be used, but note that a badged copy of Play Store and Systems Manager will always be created.

Screenshot 2024-04-10 at 10.38.10 AM.png

  • Was this article helpful?