Managing Android Runtime for Chrome (ARC) on ChromeOS devicesSolved

ARC is the compatibility layer that lets Chromebooks run Android apps in a secure, sandboxed environment.

It is a containerized runtime that shares the same Linux kernel as ChromeOS. So, Android apps run pretty much natively.

From an IT standpoint, ARC is great for expanding app support but can raise data control and policy management questions, especially when mixing web and Android environments.

Most of the control over ARC happens through Google Admin Console policies. For example, whether users can access the Play Store, install apps, or share data between Android and Chrome layers.

We’re using Hexnode UEM for ChromeOS management, and I noticed a few ARC-related advanced restrictions in the policy section.

Can someone confirm what these ARC settings actually control? There are options like Android Web App sharing, Backup and Restore, and Ghost Window, but I’m not sure how they impact device behavior.

Hi @mike_johnson, great question!

Hexnode UEM includes a set of advanced restrictions that give admins more granular control over how ARC behaves on managed ChromeOS devices. These restrictions help balance functionality and compliance when Android apps are in use.

Here’s a quick rundown of what each setting does:

• Android Web App sharing: Controls whether Android apps can share content (like files or text) with supported web apps.
• Backup and Restore: Determines if Android app data and settings can be backed up to or restored from the user’s Google account.
• Certificate availability for ARC apps: Allows certificates to be shared between ChromeOS and Android apps for secure authentication.
• Google location services: Enables or disables location access for Android apps via Google’s location APIs.
• Unaffiliated users can use ARC apps: Lets unaffiliated users install and use Android apps from the Play Store.
• Run Android apps on unaffiliated devices: Controls whether Android apps can run on unaffiliated ChromeOS devices.
• Ghost Window: Displays placeholders for Android apps that are still loading after a restart, helping users restore their workspace easily.

These settings are particularly useful for enterprise and educational environments. For example, disabling Backup and Restore and Unaffiliated access helps maintain data isolation, while enabling Certificate availability ensures smoother app authentication in managed setups.

Thanks, Ben!

The breakdown really helps. I didn’t realize ARC had that level of fine-grained control when managed through Hexnode. We are definitely going to implement those restrictions in our next policy rollout.