Capability to prevent the user from running a specific application defined by admin in the admin interface.
A log should be sent to the server when the user tries to start the application.
Implement a tool that can block or password specified application,
add usb, wifi and/or bluetooth connection
this way it could be a usefull way for enterprise customer who used devices for business purpose to setup a closed environment
It could also be usefull to extend this feature to protect the access to adressbook/contacts list from third apps installed on the device.
it will be the first things that malware will look at.
a mechanism like the tamper protection in the endpoint solution
Samsung SAFE offers this feature
For generic Android, an app blocker is required to support this
for example you could look to that application : https://play.google.com/store/apps/details?id=com.morrison.applocklite