IT 관리자는 권한 부여를 관리하거나 프로비저닝 중에 센서 관련 권한 부여 관리를 선택 해제할 수 있습니다. 관리자가 권한 관리를 선택하면 설정 마법사에서 사용자에게 명시적 메시지를 표시합니다. 관리자가 선택 해제를 선택하면 앱을 처음 사용할 때 사용자에게 앱 내 권한을 수락하거나 거부하라는 메시지가 표시됩니다. 관리자는 항상 권한을 거부할 수 있습니다.
회사 소유가 아니라 개인 기기인 직장 프로필 기기에서 기기 전체 비밀번호 설정을 위한 setPasswordQuality() 및 getPasswordQuality()가 지원 중단되었습니다. DPC는 대신 setRequiredPasswordComplexity()를 사용해야 합니다.
setOrganizationColor()와 getOrganizationColor()가 Android 12에서 완전히 지원 중단됩니다.
android.app.action.PROVISION_MANAGED_DEVICE는 Android 12에서 더 이상 작동하지 않습니다.
DPC는 ACTION_GET_PROVISIONING_MODE와 ACTION_ADMIN_POLICY_COMPLIANCE 인텐트 작업의 인텐트 필터로 활동을 구현해야 합니다. ACTION_PROVISION_MANAGED_DEVICE를 사용하여 프로비저닝을 시작하면 프로비저닝이 실패합니다. Android 11 이하를 계속 지원하려면 EMM에서 PROVISION_MANAGED_DEVICE 상수를 계속 지원해야 합니다.
Android 12 이상을 타겟팅하는 모든 직장 프로필 기기의 센서 관련 권한 부여를 위한 setPermissionPolicy()와 setPermissionGrantState()가 지원 중단됩니다. 지원 중단으로 인해 다음과 같은 변경사항이 발생합니다.
Android 11에서 Android 12로 업그레이드하는 기기에서는 기존 권한 부여가 유지되지만 새 권한 부여는 불가능합니다.
권한 거부 기능이 유지됩니다.
관리자 부여 권한을 사용하는 애플리케이션을 개발하고 배포한다면 권장되는 권한 요청 방법을 따르도록 해야 합니다.
권장되는 권한 요청 방법을 따르는 애플리케이션은 예상대로 계속 작동합니다. 사용자에게 권한을 부여하라는 메시지가 표시됩니다. 앱은 모든 결과를 처리할 수 있어야 합니다.
가이드라인을 따르지 않으면서 관리자 부여 권한을 사용하고 권한으로 보호된 리소스에 명시적으로 액세스하는 애플리케이션은 비정상 종료될 수 있습니다.
이 페이지에 나와 있는 콘텐츠와 코드 샘플에는 콘텐츠 라이선스에서 설명하는 라이선스가 적용됩니다. 자바 및 OpenJDK는 Oracle 및 Oracle 계열사의 상표 또는 등록 상표입니다.
최종 업데이트: 2025-08-21(UTC)
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["필요한 정보가 없음","missingTheInformationINeed","thumb-down"],["너무 복잡함/단계 수가 너무 많음","tooComplicatedTooManySteps","thumb-down"],["오래됨","outOfDate","thumb-down"],["번역 문제","translationIssue","thumb-down"],["샘플/코드 문제","samplesCodeIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-08-21(UTC)"],[],[],null,["This page provides an overview of the new enterprise APIs, features, and\nbehavior changes introduced in Android 12 (API level 31).\n\nWork profile\n\nThe following new features are available in Android 12 for work\nprofiles.\n\nSecurity and privacy enhancements for work profile\n\nThe following features are available in Android 12 for personal\ndevices with a work profile:\n\n- The [password\n complexity](/reference/android/app/admin/DevicePolicyManager#setRequiredPasswordComplexity(int)) feature sets device-wide password requirements in the form of predefined complexity buckets (High, Medium, Low, and None). If required, strict password requirements can instead be placed on the [work profile security\n challenge](/work/dpc/security#work_profile_security_challenge).\n- Work profile security challenge onboarding has been streamlined. Setup now takes into account whether device passcode meets admin requirements, and makes it easy for the user to choose whether to increase the strength of their device passcode or to use the work profile security challenge.\n- [An enrollment-specific\n ID](/reference/android/app/admin/DevicePolicyManager#setOrganizationId(java.lang.String)) provides a unique ID that identifies the work profile enrollment in a particular organization, and will remain stable across factory resets. Access to other hardware identifiers of the device (IMEI, MEID, serial number) are removed for personal devices with a work profile in Android 12.\n- [Company-owned devices](#company-owned), with and without work profiles, can adopt the features listed in the preceding list items, but are not required to adopt them in Android 12.\n- You can [set](/reference/android/app/admin/DevicePolicyManager#setNetworkLoggingEnabled(android.content.ComponentName,%20boolean)) and [retrieve](/reference/android/app/admin/DevicePolicyManager#retrieveNetworkLogs(android.content.ComponentName,%20long)) work profile network logging. You can [delegate](/reference/android/app/admin/DevicePolicyManager#DELEGATION_NETWORK_LOGGING) network logging on the work profile to another work application. You can't use network logging to monitor traffic in the personal profile.\n- Users have additional privacy controls for work profile apps. Users can grant the following permissions to work profile apps unless denied by their IT administrator. For each app in the work profile, the user can allow or deny the following permissions:\n - Location\n - Camera\n - Microphone\n - Body sensor\n - Physical activity\n\nCompany-owned devices\n\nThe following new features are available for company-owned devices. The term\n*company-owned device* refers to both [fully managed\ndevices](https://developers.google.com/android/work/requirements/fully-managed-device)\nand [work profile devices that are\ncompany-owned](/reference/android/app/admin/DevicePolicyManager#isOrganizationOwnedDeviceWithManagedProfile()).\n\n- An IT administrator can [disable\n USB](/reference/android/app/admin/DevicePolicyManager#setUsbDataSignalingEnabled(boolean)),\n except for charging functions, on company-owned devices. This feature includes\n the capability to [check if this feature is\n supported](/reference/android/app/admin/DevicePolicyManager#canUsbDataSignalingBeDisabled())\n on the device and to [check if it is currently\n enabled](/reference/android/app/admin/DevicePolicyManager#isUsbDataSignalingEnabled()).\n\n- Company-owned devices with a work profile can [limit the input methods used in\n the personal\n profile](/reference/android/app/admin/DevicePolicyManager#setPermittedInputMethods(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E))\n to allow only system input methods.\n\n- In Android 12 you can create a delegation scope. Enable and collect security\n log events by calling\n [`setDelegatedScopes()`](/reference/android/app/admin/DevicePolicyManager#setDelegatedScopes(android.content.ComponentName,%20java.lang.String,%20java.util.List%3Cjava.lang.String%3E))\n and passing\n [`DELEGATION_SECURITY_LOGGING`](/reference/android/app/admin/DevicePolicyManager#DELEGATION_SECURITY_LOGGING).\n Security logging helps organizations gather usage data from devices that can be parsed and programmatically evaluated for malicious or risky behavior. Delegate apps can [enable security\n logging](/reference/android/app/admin/DevicePolicyManager#setSecurityLoggingEnabled(android.content.ComponentName,%20boolean)),\n [verify that logging is\n enabled](/reference/android/app/admin/DevicePolicyManager#isSecurityLoggingEnabled(android.content.ComponentName)),\n and [retrieve the security\n logs](/reference/android/app/admin/DevicePolicyManager#retrieveSecurityLogs(android.content.ComponentName)).\n\nOther\n\nThe following section describes changes in enterprise APIs that are not specific\nto work profiles or company-owned devices.\n\nUnmanaged device certificate management\n\nDevices without management are now able to take advantage of Android's on-device\nkey generation to manage certificates:\n\n- The user can grant permission to a certificate management app to manage their credentials (not including CA certificates).\n- The certificate management app can use Android's on-device key generation.\n- The certificate management app can declare a list of apps and URIs where the credentials can be used for authentication.\n\nNew APIs provide new functionality:\n\n- Check if the existing device-wide password is [compliant against explicit\n device password\n requirements](/reference/android/app/admin/DevicePolicyManager#isActivePasswordSufficientForDeviceRequirement()).\n- Check whether a certificate and private key are [installed under a given\n alias](/reference/android/app/admin/DevicePolicyManager#hasKeyPair(java.lang.String)).\n\nPrivacy and transparency enhancements for fully-managed devices\n\nIT administrators can manage permission grants or choose to opt out of managing\nsensor-related permission grants during provisioning. If the administrator\nchooses to manage permissions, users see an explicit message during the setup\nwizard. If the administrator chooses to opt out, users are prompted to accept or\ndeny permissions in-app when the app is first used. Administrators can always\ndeny permissions.\n\nNetwork configuration\n\nA [device policy controller](/work/dpc/build-dpc) (DPC) can get the list of a\ndevice's configured networks without requiring the location permission by using\na new API [getCallerConfiguredNetworks](/reference/android/net/wifi/WifiManager#getCallerConfiguredNetworks())\nrather than using the existing API\n[getConfiguredNetworks](/reference/android/net/wifi/WifiManager#getConfiguredNetworks())\n(which requires location permission). The list of networks returned is limited\nto work networks.\n\nA DPC on fully-managed devices can ensure only admin-provided networks are\nconfigured on the device, also without requiring the location permission.\n\nAdministrators can use the keys generated in secure hardware for Wi-Fi\nauthentication by\n[granting](/reference/android/app/admin/DevicePolicyManager#grantKeyPairToWifiAuth(java.lang.String))\na KeyChain key to the Wi-Fi subsystem for authentication and\n[configuring](/reference/android/net/wifi/WifiEnterpriseConfig#getClientKeyPairAlias())\nan enterprise Wi-Fi network with that key.\n\nConnected apps auto-granting\n\nTo allow a better user experience, a few preloaded applications have\nauto-granted the\n[configuration to share personal and work data](https://support.google.com/work/android/answer/10064639).\n\nOn Android 11+:\n\n- depending on the device OEM, preloaded assist apps or preloaded default IMEs\n- Google app, if it's preloaded.\n- Gboard app, if it's preloaded and the out-of-box default IME app.\n\nOn Android 12+:\n\n- Android Auto app, if it's preloaded.\n\nThe full list of application depends on the device OEM.\n| **Note:** IT admins cannot revoke these auto-granted configurations.\n\nDeprecations\n\nAndroid 12 includes the following notable API deprecations:\n\n- `setPasswordQuality()` and `getPasswordQuality()` are deprecated for setting device-wide passcode on work profile devices that are personal devices rather than company-owned. DPCs should use `setRequiredPasswordComplexity()` instead.\n- `setOrganizationColor()` and `getOrganizationColor()` are fully deprecated in Android 12.\n- `android.app.action.PROVISION_MANAGED_DEVICE` no longer works on Android 12. DPCs must implement activities with intent filters for the `ACTION_GET_PROVISIONING_MODE` and `ACTION_ADMIN_POLICY_COMPLIANCE` intent actions. Using `ACTION_PROVISION_MANAGED_DEVICE` to start provisioning causes the provisioning to fail. To continue to support Android 11 and lower, EMMs should continue to support the `PROVISION_MANAGED_DEVICE` constant.\n- `setPermissionPolicy()` and `setPermissionGrantState()` are deprecated for granting sensor-related permissions for all work profile devices targeting Android 12 and higher. The deprecations cause the following changes:\n - On devices upgrading from Android 11 to Android 12, existing permission grants remain, but new permission grants are not possible.\n - Ability to deny permissions remains.\n - If you develop and distribute applications relying on admin-granted permissions, you must ensure these follow the recommended way of requesting permissions.\n - Applications that follow the recommended way of requesting permissions continue to work as expected. Users are prompted to grant the permission; the app must be able to handle any outcome.\n - Applications that rely on admin-granted permissions and explicitly access permission-protected resources, without following the guidelines, may crash.\n\nLearn more\n\nTo learn about other changes that might affect your app, read the Android 12\nbehavior changes pages (for [apps targeting Android 12](/about/versions/12/behavior-changes-12)\nand [for all apps](/about/versions/12/behavior-changes-all))."]]