Introduction
The Android Proxy Policy allows IT administrators to configure network proxy settings on managed Android devices. However, according to Google’s API documentation, the recommendedGlobalProxy field is defined as a recommended global HTTP proxy, not an enforced one. This means that although the proxy can be applied at the device level, some apps may choose not to use it, and Google advises configuring proxies per network through Open Network Configuration for reliable enforcement. Despite this limitation, a global proxy can still be useful for organizations that need device traffic to route through a specific proxy server for security, monitoring, or compliance purposes.
This article explains the purpose and limitations of the Android Proxy Policy, its typical use cases, and how to apply it using Swif’s MDM platform.
What This Policy Does
The Android Proxy Policy enables you to configure:
Global Proxy Host (hostname or IP)
Global Proxy Port
Excluded Hosts (hostname/IP exclusions using prefix
.)PAC URI (Proxy Auto-Config file)
This policy supports Android 5+ devices and works for both BYOD and company-owned configurations.
Policy Settings Explained
1. Recommended Global Proxy — Host
Enter the hostname or IP address of your proxy server.
Example:
proxy.company.com
2. Recommended Global Proxy — Port
Specify the port number the device should use when routing traffic through the proxy.
Valid Range: 1 — 65535
Example:
8080
3. Recommended Global Proxy — Excluded Hosts
Specify hosts that should not use the proxy.
Use a leading dot (.) to exclude hostnames or IP patterns.
Examples:
.google.com
.localdomain
192.168.1.0/24
4. Recommended Global Proxy — PAC URI
Provide the URL of the Proxy Auto-Config file.
PAC files allow dynamic proxy logic such as load balancing, failover, or destination-based routing.
Example:
https://proxy.company.com/proxy.pac
Important: Validate PAC File Before Deployment
Some Android versions have a known vulnerability where large or malformed PAC files can cause system instability or device crashes.
Reference:
CVE-2016-6723 — Crashing Android Devices with Large PAC Files
https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/
Before assigning the policy to production devices:
✔ Ensure your PAC file is well-formed, valid JavaScript
✔ Ensure the file size is reasonable (under 200KB recommended)
✔ Test the PAC file on a sample device using the Android Proxy Policy
You can validate by applying the policy to a test device and observing:
Browser connectivity
App network behavior
Device stability
If the device becomes unresponsive, the PAC file likely requires optimization.
How Devices Apply the Policy
Once the Android Proxy Policy is assigned:
Swif.ai agent retrieves the new configuration
Android OS updates the system-wide proxy settings
All apps that honor the global proxy setting will route traffic accordingly
Excluded hosts dynamically bypass proxy
If PAC is configured, it takes precedence over manual host/port settings
Testing the Configuration
After deploying to a test device:
Visit any website in Chrome
Verify traffic is routed through the proxy
Check proxy logs for the device IP
Confirm excluded hosts bypass the proxy
Validate PAC script behavior and performance
Best Practices
Use HTTPS for PAC URIs to prevent tampering
Keep PAC files optimized and under 200KB
Test changes before widespread rollout
Include fallback logic in PAC file (e.g., direct connection)
Use Excluded Hosts only when necessary
Maintain high availability for proxy servers
Need Help?
For detailed instructions or troubleshooting, contact Swif support or visit our Help Center.