We are building an enterprise focused mobile application.
To take this app to the market we need to figure out how to remotely
a) upgrade / wipe the application on mobile devices
b) get access to the device for support and troubleshooting
I guess mobile device management (MDM) applications like AirWatch or
MobiControl can do this job. But they are expensive and do a lot of
other things which we are not interested in.
Is there anything else in the market that is especially geared for
mobile application developers to add the above features within their
application?
*Addition:
We are working on iOS and Android for now.
iOS
Install/Upgrade
On iOS you can use MDM API to install and upgrade apps. However, there are multiple gotchas
A user has to accept it
If the same app is preinstalled by user, you won't be able to install it/upgrade it through MDM
Wipe
You can wipe only whole device or you can remove an application which will remove it's data. However, you can remove only apps which was installed through MDM
Get access to the device for support and troubleshooting
If you are talking about remote desktop like capabilities then you are out of luck. You can't remotely control it. However, you may be interested to look at airplay mirroring.
Android
Install/Upgrade
Look at this: Android: install .apk programmatically
Install Application programmatically on Android
Wipe
You can use device admin capabilities for this: http://developer.android.com/guide/topics/admin/device-admin.html
Get access to the device for support and troubleshooting
I am not sure.
Obvious self-marketing :)
Can you contact me by email (I have it in my profile). My company does a lot of things which you are interested it. May be we can find interesting opportunity for a cooperation.
Related
My goal is to write an application for Android (>= 9.0) which basically offers a device-owner-style control like Google's "Android Device Policy".
The following criteria have to be met:
Zero dependency on Google servers or any other 3rd party infrastructure like existing EMM solutions (MobileIron et cetera)
The user should not be able to remove or disable the app
Provisioning methods: QR-Code, NFC, URL, ADB, actually any "local" way ...
Has to work with stock androids on regular consumer devices
In short: I'd like to write an unremovable device manager (including a web-based management UI), put it on a device I own, give that device to someone else, and being able to fully control the device remotely.
Is such a project even possible with the current situation of Android?
No.
Has to work with stock androids on regular consumer devices
Mostly, this is your biggest hurdle to overcome.
What you are asking for is the description of a very powerful MalWare. An app that ca run on any version of Android, that can't be uninstalled, but can do what it wants to "fully control the device".
If you move away from the idea of "stock android on regular consumer device", towards a suite of devices you have some say in distributing:
Here is a list of Google Partners who offer an EMM solution: https://androidenterprisepartners.withgoogle.com/emm/
Here is Samsungs effort at device control:
https://www.samsungknox.com/en
Here is Googles device management:
https://developers.google.com/android/management
You could write your own ROM of Android and be able to control the things you want, but that would require .. building a ROM aka a whole phone OS forked from AOSP.
The user should not be able to remove or disable the app
This is only possible if you have a system app.
Or something extreme (which with any extreme, is always possible to have problems), like having two apps, and they monitor each other for uninstall, and programatically reinstall (vs 1 app that can't do much when it is being uninstalled).
maybe someone know , samsung have a powerfull core with name KNOX SDK.We have application which based on this sdk. And we are looking a way to do same application without knox sdk. But we stuck with simple function like kiosk mode. This mode not working if device owner is not setted for application (for me it's hard to understand) All what i found - it's this way :
This way is correct if im testing application myself. But when time is come and we will need to install this application on our 100-200 devices , then this way looks bad . Every device to do factory reset, and adb commands etc.
So question :
I'm sure there are should be a way to do this offically. But i can't find any info about this. Maybe some one know how to do this ? Please help. I'm sure i'm missed something somewhere. :)
You can get information about the ways to provision device here. They include:
QR code
Managed Google Play Accounts
Google Account
NFC
I've wrote an article where I've described provisioning with QR-code here. We've selected this way for our Kiosk application as the most optimal one, because:
zero touch enrolment works only on a small subset of devices;
NFC provisioning requires another device with special app;
Google Account requires having and managing this account.
On the other hand QR-code works almost on all Android 7.0+ devices ("almost" because some vendors disable this in their custom ROMs) and is easy to setup for end user.
But when you need to install it on multiple devices (and it's some internal app, so you do it yourself, rather than end user) Google Account can be more appropriate.
In production, you'll want to provision your dedicated devices from the factory reset state (on the initial blue screen) using NFC, a QR code, or if supported, zero touch enrollment. NFC can be used from another Android device using an app such as the NFC provisioning app. A dedicated NFC card can also be programmed using an app such as NFC Tools. Google provides provisioning instruction on their TestDPC github repo. EMMs will also provide instructions for their DPC app. Using Android Management is usually a better alternative to TestDPC for production deployments under a 1000 devices. Additonal provisioning options and increased API usage limits are available if you're part of the EMM Community.
I seek advise about what solution to use for building a specific enterprise app for android.
We want to develop an enterprise app for a business partner.
Our partner sells android devices, and they want us to administrate their devices.
Needed features:
ability to administrate the device (reboot, block/allow apps, disable uninstall of the app other than administrators, update app silently), so in general, have a functionality that DPC apps have with device-owner mode
the phone should be associated with a device-account, generated for each device in a store, about 50 devices per store; the phones belong to the store, and customers can try it, but should not have control over it (similar to a retail mode phone)
I am facing these issues:
rooting the devices is not an option
silent auto-update and remote management is a must
only administrators (we) should be able to remove the app
I have read through the
Android EMM Developers overview,
and the Android in the Enterprise tutorials,
but I can't seem to figure out what to use.
As I understand, EMM developers should provide a DPC app and an EMM console to customers.
This situation is a bit different, because our customer does not need a console since we will be administrating their devices, and we don't want anybody else to use our console.
Can we use the EMM solution provider way to achieve this - is it right for it at all? -, or should we do something else?
The functionality you are looking for is exactly what EMM providers do, there's no need to develop a new app. It's typical for Admins to interact with the EMM portal instead of the business owners.
Here's how it works:
The DPC app is provided by the EMM and acts as the device owner. Settings applied through the EMM console are communicated to the DPC app for enforcement. EMMs manage the devices in two ways: Managed Profile (Android for Work) or Managed Device. You'll want to use a managed device. These are set up by enrolling a device that has been factory reset with your EMM. Newer devices don't need to be factory reset.
EMM's provide you with all the control you need including:
Locking down/force installing applications silently
Applying configuration to managed applications
Enforcing device encryption
Enforcing device security policies
Ability to remotely wipe the device
Kiosk mode
Because the DPC app acts as the device owner instead of the user, it can't be uninstalled and has complete control over the device. The capabilities provided by the EMM's will vary from provider to provider but I'm pretty sure all offer the capabilities you are looking for. AirWatch and MobileIron are popular ones, but there are many more including some free solutions.
These features are available on all devices with Android 5.0 and newer.
Is their an android equivalent to the Apple configuration policy?
https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/Introduction/Introduction.html
We are deploying some android tablets (company owned) in a corporate environment and need to lock down specific features in the tablets. Mainly to turn off the camera and the lock which applications can be run. Possibly forcing install of certain applications.
Mainly to turn off the camera
That is supported via the device administration API.
the lock which applications can be run
There is nothing in the Android SDK for this.
Possibly forcing install of certain applications
There is nothing in the Android SDK for this.
Try out android for work..
https://www.google.com/work/android/features/
It should give you ways to remotely administer android devices.
App security
Work apps are deployed through Google Play for Work. IT can prevent
installation of apps from unknown sources and apply app
configurations.
Is it true that ANY Android phone can be used for App development and testing?
I'm trying to find some inexpensive off-contract hardware for development and testing of our Apps. I've found some devices I can buy New with No Contract for $150 to $300 (like the HTC Aria or the Huawei Ascend). Is there anything that would prevent me from using these devices for USB debugging and app testing? I guess I'm concerned because I've read how the HTC Aria has been locked down by AT&T to limit applications. I suspect this won't affect me loading apps using ADB, but I'd like to be sure.
Yes, you can use any phone for testing applications via the Android development tools. This includes the HTC Aria of what I've read.
You can read more here: http://developer.android.com/guide/developing/device.html
And it is not true what Sam Dufel wrote. A developer phone have messaging and phone features. It's just as any other ordinary unlocked phone. The only difference between the dev-phones is that they have unlocked bootloaders so you can install and customize your own Android-system and install it. It is rooted by default.
Google actually sells development phones - after you create a developer account, they give you an option to buy one of a couple different models. You don't get any messaging / phone features though, obviously.