Play Protect blocked my DPC, why?

Google Play Protect now enforces an allowlist of approved Device Policy Controllers (DPCs) during provisioning. If your DPC isn’t on the list, Play Protect can flag it as “Harmful app blocked” even when it’s legitimate.

Before you appeal:

• Align to the Play Protect unwanted software and warning dev guidance: be transparent, avoid silent installs, and justify sensitive permissions (SMS, notifications, accessibility, overlays).
• Make sure your use case fits Google’s permissible usage for enterprise management. If you don’t need a sensitive permission, remove it while you apply.

Then submit an appeal using Google’s DPC allowlist form (linked from the Play Protect warning/help article). Explain the business use case, the permissions you request, and how users are informed.

What to expect after submitting an appeal:

• Appeals are reviewed by a Google team, and responses typically take anywhere from a few days to several weeks. There is no published SLA.
• During the review period, devices encountering the block may still show a “continue” option depending on how the DPC is distributed. This allows provisioning to proceed in some cases, but this behaviour is not guaranteed.
• If the appeal is rejected, review the feedback, address any flagged issues (common: unexplained use of accessibility or overlay permissions), and resubmit.
• Communicate to users and admins that the warning is about allowlisting, not malware detection. This helps reduce support ticket volume while waiting for resolution.

Read more in the full article: The DPC allowlist.