We will soon have to provide a phone to a person who is obviously not familiar with IT stuff at all, and not capable of learning anything about information security, etc. (and probably not capable of learning anything really) They must have ability to communicate with us and there will be no one near them to "repair" the device in case something gets really broken.
I thought that it will be a good idea to provide them with a couple of necessary applications on the device and then block installation of any other new apps (both from Google Play and from anywhere else). However, the standard auto-update process of Google Play should be working (at least because otherwise messaging/VoIP apps will soon become obsolete and stop working, and for security reasons, too)
So the question is — what are the possible solutions to prevent the user from installing non white-listed applications?
Also, we think that the person will not try too hard to circumvent the restrictions. So, maybe even a simple solution (just hide all unwanted icons, including Google Play, from the launcher / app list) will do, but this is risky, and I am not sure that is possible with all kinds of stock UI. So it's interesting to know if there are any better solutions.
Update
Solutions which do not rely on the fact that the user doesn't know (their only) PIN/password are preferable, because a working screen lock can be useful to reduce damage caused by device loss/stealing.