I've been told that there is a way to create an apk that can be installed on an android device and allow a remote server to install and launch a new apk remotely without any user input.
This would be done on a closed network of android devices, this is not intended to be a published app in the store. I've not been able to find any information on this.
Has this been done before? This would be differnt from installing an apk that checks for content updates, in my experience even with an MDM you can not push, install, and launch a new APK without a user interaction on the remote device.
You can upload the app to Google Play, as an alpha or beta version.
Then, you can enroll in the alpha or beta on the Android device.
Make sure auto-updating is on in Google Play, and within a few hours after the update is submitted, the update should be pushed to the devices in the alpha/beta program.
As mentioned in the comments a solution to remote apk install is to root your device(s) or build a custom ROM and then creating a system application with the android.permission.INSTALL_PACKAGES permission. This may be better for your use case than going through Google Play because Play requires the device to have a Google account signed in and auto-updates enabled by the user.
The issue with rooting devices or creating a custom ROM is the amount of maintenance and setup for each device. You also have the risk of introducing security flaws to your devices and application.
You can also look at MDM solutions to achieve the same result:
Samsung Knox lets you upload an app to their service and "the app automatically installs on users' devices inside the Knox container".
AirWatch lets you "Deploy public, internal or bulk-purchased apps to devices automatically or to an enterprise app catalog for on-demand install".
Mason lets you upload your apk and push it to your devices instantly. You also get additional controls like making your app the direct boot package, locking your app in kiosk mode, or preventing the user from getting into Settings. If this sounds it would fit your use case, feel free to reach out to me: trevor # bymason.com
DISCLAIMER: I work for Mason
Related
We have an Android app that we'd like to run on thousands of identical tablets that we will own and rent to our customers. The app runs in a sort of "kiosk mode" (we use app pinning, in the parlance of this page: https://developer.android.com/work/cosu.html). We're also, at present, configuring our app as the device owner using adb shell dpm set-device-owner ....
We have two goals here:
Be able to push updates to the app out to all our devices without any user interaction on each device.
Reduce the manual configuration of each new device when we unbox it and set it up as much as possible.
Can we use Google Play Store to push app updates out? I had in mind that we'd use the Alpha or Beta release for this and never actually publish the app for others to install. Using Google Play Store of course requires a Google Account to be added to the device, and once we do that, I fear our options for using a device owner app are limited, not to mention the fact that adding that Google Account may not be able to be scripted using adb or similar. We'd like to avoid manually adding the Google Account if possible.
Unfortunately the Google Play sandbox is still very consumer app oriented. However, the Play EMM API and Managed Google Play have some capabilities around distributing apps: https://developers.google.com/android/work/distribute
Their EMM documentation covers provisioning as well via either a device-driven flow (using nfc) or a user driven flow (using a google account): https://developers.google.com/android/work/prov-devices
Alternatively you could look at 3rd party MDM solutions or use a platform built for enterprise mobile deployment like Mason: http://bymason.com
Mason allows you to create a custom Android OS in a just a few minutes (kiosk mode app, disable camera/sms, remove apps and settings, etc). Applications can be bundled and versioned along with the operating system or deployed independently. Mason supports background app and os updates 100% controlled and configured by you.
You can order large volumes devices from Mason with your OS and apps preloaded on them as well.
Feel free to ping me directly: dylan # bymason.com
Big Disclaimer: I work for Mason
I wrote one kiosk mode device owner app. Since it was a system app, we just had it use the system ability to do silent installs, self hosted the updates and checked for updates on a regular schedule. No configuration needed. I think you're more likely to hit legal problems than anything else- are you really using high end tablets that have legal licenses to Google Play for a kiosk mode app? Or are you using the cheap tablets from China? Remember that Google Play is not a free app- there's a licensing fee and usage agreements you have to sign to have the right to distribute it. The cheap tablets tend to just illegally sideload it, or not have it.
Advantages to doing it ourselves: we had absolute control over rollout, there was no company saying when we could send updates, and no way for the user to reject/not download an update. As you scale you could have even used more intelligence, and done rolling updates to the fleet via push notification.
I'm making a Multiplayer game using Google Play Game Service for connection. I'm at the point where I need to test connection between devices and it seem like I need a different account for each device.
I tried create new Google Account, but Google force me to verify account with a phone number that had not been used to verify another account. I only have one phone number.
The question is: How developer test their apps in this situation ? Do they have multiple phone number just for verify account ? (need to afford multiple phone bills just to keep them active ?)
Some developer are using Android Emulator. Just download the emulator system image that includes the Google Play Services, under Android 4.2.2, from the SDK Manager. However, it is highly recommended to run your game on your physical test device.
Must verify that you have set up the test account that you are using to log in to the app. You don't need to have multiple account, just export an APK and sign it with the same 'certificate' that you used to set up the project in Google Play Developer Console. Then, install the signed APK on the physical test device by using the adb tool.
For more information, use this as your reference: https://developers.google.com/games/services/android/quickstart#top_of_page
This is the Android version of App for limited or restricted audience
The project
I'm going to start a brand new project for one of our customers that will be deployed to our customer's suppliers to track on-field activity. I am skilled enough on Java/Android development so this question is only about deployment.
Owned vs provided devices
Our customer will either provide a Samsung Galaxy Ace 4 device to the suppliers or will allow the supplier to use their own Android 4 smartphone without warranties from us. Our customer currently has a Google for Business organization set up, but we cannot rely on that (see partial answer).
Technical (non functional) requirements
Ability to easily distribute application and updates across enterprise users.
Application should not be visible to the public
Application must be able to send crash reports so our team can inspect and investigate
The question is
Given the above "should not be visible to the public" statement, what is the most effective and efficient way to deploy an Android app targeted only for enterprise users?
I'll post a partial answer below. I'm asking others to enrich it with other possible means, including using Alpha/beta channels for which I don't have experience about
Currently, limited-audience Android applications can be deployed like this:
Publishing on Google Play as a free app for the public
Maybe adding a limitation to our country
Advantages:
Simplemost and well documented
Auto deployes updates as soon as no new permission is enforced
Collects crash reports on Dashboard
Disadvantages:
Everyone can download the app
This has the disadvantage that some organizations may not be happy as publicly available code might in some cases help exploit vulnerabilites on remote systems (but it is almost impossible if app is well-written and obfuscated)
If country limitation is enforced, imported devices won't download
Distributing the APK direct URL
Advantages:
The app remains private (enterprise users are surely not going to redistribute the app to friends as it's no use without enterprise credentials)
Disadvantages:
No crash reports unless implementing a third-party library
No auto updates unless implemented by custom code or third party library. Implementing auto updates prevents the app from being published to Google Play in the future, even on a private channel, as Play prohibits apps that auto-update themselves via third-party channels. Or, to be precise, the auto-update feature and Play publishing require, in order to exist together, maintaining two APKs
Google Play for Enterprise
As mentioned on this link, Google Play provides a private channel for app deploying for users withing a Google for Business organization. This is the perfect approach for applications that organization's users must use
Advantages:
Same as publishing for the public (simple, auto update, crash report)
Visible only to restricted audience
Disadvantages:
Every device must come with a Google account within the organization, and it will be economically unfeasible to [request the Sysadmin to] enable Google accounts for every external supplier in our target organization
Permanently in Alpha/Beta
I haven't tested this yet, as it is also very tricky. Basically, it involves using testing mode without ever going to production. With Google Play, one can deploy artifacts into Alpha (e.g. test server environment) and Beta (a trick to point to production server environment) without ever moving the app to Google Play's Production stage.
All requires setting up special moderated Google+ groups
Potential advantages:
Same as publishing to enterprise
Disadvantages:
Only telling users to subscribe to Google+ and joining a community
From your requirements, I would suggest distributing the APK via a direct URL and integrating a service such as HockeyApp (see their Android SDK for more) to manage both the crash reports and app updates.
"Ability to easily distribute application and updates across enterprise users"
Many services allow .apk files to be uploaded directly to their service for deployment. A direct download link is then generated for that build.
Crash information is collected and updates are automatically displayed if the app implements the Android SDK provided by the service.
"Application should not be visible to the public"
Services such as HockeyApp do not publicise direct download links publicly. This link can therefore be distributed as required.
"Application must be able to send crash reports so our team can inspect and investigate"
Full stack-trace and device information is sent along with crash reports and can be viewed online by technicians.
From my experience there are a few pros and cons:
Pros:
App distribution is super easy, as simple as visiting a website.
Bug reports are comparable to those received through Google Play
Cons:
Crash report's aren't sent automatically and updates aren't automatic
By default, updates and crashes appear as system dialogs prompting users to either send the crash report/update the app or cancel. Ideally, no user interaction should be required to perform the desired actions. I am sure it is possible but have not found relevant documentation for it.
Cost. These services aren't free.
Would require the removal of the service SDK from the app if uploaded to Play Store
Suppose I have a wifi network with a walled garden that prevents users from accessing Internet unless an authentication procedure is performed via browser.
Suppose I have an application on Google Play that automates this process for inexperienced people. And suppose 95% of users are inexperienced and unwilling to perform SMS-OTP authentication on a site that is not optimized for mobile.
Scenario
A person asks a clerk how to connect to internet using Android. The clerk suggests the person to download the Android app, but the person responds he has no Internet access because he has no 3G data plan.
Possible workaround
The walled garden portal detects the device running Android by user agent and says: "Would you like to download an APK from our internal network without having to go to Google Play?". The user accepts, unlocks unknown sources and installs the app.
Question
In this scenario, if a user downloads an APK of a Google Play-available application, signed with same key, on his device, will the installed application be linked to Play and subject to updates? And I mean without using a Market linker app.
That's my old answer, don't read it, just skip to the edit portion:
Short answer is no!
I'm sure there're geeky ways around to link an app to its Google Play
variant, but your scenario of non-geeky customers I reckon the best
option is to program the network to allow Android mobile access
(checking the user agent) to play.google.com (maybe even from the
redirection website auto-launch the google play link direct to said
app).
edit:
I'm thinking a bit more on this problem and I would like to change my answer to "I don't know" (what a horrible answer). But I would like to propose a test that you can do it yourself.
The reason I'm changing the answer is because I remember now apps like Titanium and they do link the app to the Play whenever restoring a backup. Of course, Titanium needs root, but that's because it's messing with other apps, not its own.
So in light of what I discusse I'll suggest you a simple test:
build an app, anything, Hello world!
Upload this app to Google Play and make it active
Wait a few hours for Google servers to make it available
Manually flash the same build version (with exact same signing key, etc) to a device.
Reboot the device (to be sure the system will read through installed applications and do communication with Google Play)
Go to Google Play on the device and check if it shows the app
It's possible that the app have the same package name and signed with the same key, the Google Play on the device itself will recognise it as the same and link it.
Whenever I get a support request on a free version, I respond with a courtesy link to a non-DRM APK of the pro version. Do these ad-hoc APK installs somehow link to the google play market by application ID and know to get updates, or are ad hoc installs frozen in time?
Paid apps and managed in-app purchases are tied to the user's Google account, so I don't think this should work. However, if you adb install a paid app, the Market/Play application displays it as 'installed', so you might get an update notification. Assuming it allows you to actually update, if your published app is using LVL, you should get an licensing error, because the app is not linked with the user's Google account. If not, it might just work. Test it when you upgrade your app to be sure.
I think at the very least if someone installs from your link they will still be able to get updates from the market. As long as you use the same apk for market and your links.
I think that it will work because if I have a market signed apk and install it with adb, or manually by putting it on the sdcard, or downloading it. Once its installed I am able to go the market to install from there and replace it.
I don't know however if it will get the notification reminders for updates, but I suspect that it would as long as you set the versions in the manifest accordingly.
I also don't know how it would work it if you have in app purchases or some of the other fancy billing things they offer now.