About the Mobile App Control Policy
You can define a policy that restricts the sites from which users can download apps for their mobile devices. This reduces the likelihood of users downloading apps from sites that may contain vulnerabilities or downloading fake copies of well-known apps.
The default action when no policy is configured is to ALLOW app downloads from all app stores. You can define a list of app stores from which users are not allowed to download apps. They can browse the app stores in the list, but they are blocked from downloading apps from the app stores.
Configure a policy explicitly listing the BLOCKED app stores; the default action when no policy is configured is to ALLOW app downloads from all app stores.
Recommended Policy for Mobile App Control
As shown in the following figure, the recommended policy is to allow known app stores, depending on your corporate policy.