Take a look at the device management capabilities in Android. Pick a good MDM system that uses the standard Android APIs if you can make that work for you. If that's not sufficient, look at what Samsung has done in extending Andrdoid MDM, but beware of lock-in, and I'm not a fan of Samsung bloatware.

I would avoid hackish MDM. While an app can do things like block the use of blacklisted apps, I would prefer to rely on auditing of devices to detect undesirable apps and then to lock the device. That you can do with normal use of standard APIs. Hackish MDM can claim all kinds of capabilities, but if the standard device management APIs don't directly support those features, the risk of undesirable side effects, features that invite complacency but are easy to circumvent, and other problems become much more likely. I have not evaluated AppLock personally, do I can't say if it's sound or not.

I have pushed the boundaries on these kinds of features myself. For example, developing a device-based packet filter that, while it doesn't require rooting the device, and does not rely on undefined behavior, it makes creative use of an API that is designed for a different purpose. So if a vendor makes claims of having capabilities that go way beyond what the Device Administration documentation says is possible, get a good explanation of how they do it.

An example of a bad hack is that I have seen a "lockdown" app that "blocks" the app switcher button by creating several instances of an app with a blank name and blank screen image. That's just challenging users to break your system (by scrolling the list of recent apps) and sneer at it. A gateway drug to more malevolent cracking.

But if you really really need behavior that meets a hard set of specs and Android just can't do it using standard MDM APIs, consider rolling your own variant of Cyanogen Mod or other aftermarket Android distribution. That way you know exactly what you are getting, and you can implement your desired features in ways that actually work.