I was wondering how my fellow admins handle this dangerous allowance if someone is a full admin. Some context is that you create a package and we scope by username however there is the option to change the default to "All mobile devices" instead of the default "Specific Mobile" devices. How are you guys handling this change control on this? I have heard of people using "Sites" to make sure that apps live in sites but this still doesn't prevent someone from 'mistakenly" scoping to all mobile devices.
I just had an internal discussion with my team and various infra guys, and one of them said let's inspect via the chrome inspection option for the scoping page, and what do you know they said something I never even thought of. With a simple Chrome plugin, we have what appears to be a way to "block" or hide the "GUI" for "All Mobile Devices". We are testing right now and obviously, this would need to be run on my admins in the system.
We got this working with a Chrome plug in as mentioned, checking with our team if we can post so that it helps the broader community. But in essence, creating a Chrome extension that hides the ID from being seen on that screen is how we are doing this.