Can Google Play Protect remove apps from managed devices without admin approval?

Yes, in certain circumstances.

Google Play Protect runs on all GMS-certified Android devices, including those under enterprise management. If Play Protect identifies an app as potentially harmful, it can:

• Display a warning to the user recommending removal
• Automatically disable or remove the app in severe cases

This applies regardless of how the app was installed - including apps pushed by the EMM or sideloaded as part of an enterprise workflow. On managed devices, this can disrupt critical business applications if Play Protect flags them incorrectly.

What can administrators do?

• Verify app compliance - ensure internally distributed apps follow Google's mobile unwanted software policy. Apps that request unnecessary sensitive permissions or exhibit behaviours Google considers deceptive are more likely to be flagged
• Use managed Google Play - apps distributed through managed Google Play are less likely to trigger Play Protect warnings than sideloaded APKs
• Report false positives - if a legitimate enterprise app is flagged, submit an appeal through the Play Protect warning developer guidance

Play Protect's cloud scanning of sideloaded apps on managed devices was removed in September 2024, but on-device detection continues. See the related FAQ: Has Play Protect changed how it handles sideloaded apps on managed devices?.