I am working with WSO2's EMM (Enterprise Mobility Management) which is an open source MDM (Mobile Device Management) and MAM (Mobile App Management) solution. Specifically to implement a BYOD (Bring Your Own Device) program. I am unhappy with a few features.
One main feature I want to implement myself is strict control over which apps can be installed by the user.
1) By not allowing installation of apps from 'Unknown Sources'. That is to not allow the user to check the 'Allow Installation of Apps From Unknown Sources' option or at least to be able to flag it if they do.
2) Black-Listing only specific apps that can be downloaded from the Play Store.
3) Even better would be the ability to White-List apps that can be downloaded form the Play Store
4) And in a perfect world I would like the ability to mix both an Enterprise App Store and the above restrictions to Play Store app downloads. (The benefit to that would be the ability to push corporate software to users, and still allow a safe and user friendly experience through the Play Store.)
Android's Device Administration API does not explicitly allow for these controls. Yet paid enterprise MDM solutions such as AirWatch boast these features. Any help would be much appreciated.
Most of the time support of such features are patchy. As example Samsung SAFE provides more API (which will allow to do what you want) and Motorolla had some additional enterprise API.
So, you can't implemented it on generic Android, but rather you can implement it on some devices.
Second approach is compliance. May be you can't prevent installation or remove apps, but you can detect them and do some actions associated with it (revoke credentials, turn off enterprise email and so on).
Usually, MDM solutions have some mix of these two things.