is it possible to create an android application that is meant only for internal use? Basically a private application not meant to be installed by non-approved phones?
If so what is the basic process of deployment? How do you get the app on the employees phone's?
thanks!
The easiest way is to email it to them. Any email with an .apk attachment will get an "Install" button that you can tap to install the app.
Installing from non-market sources needs to be enabled -- which is a bit of a security risk -- but the user will be prompted to turn that on if they need to, and even given a button that will take them right to the appropriate settings page. The whole process is really quite slick. :)
Alternatively, you can copy it to the phone (e.g. after connecting the phone in USB storage mode) and then use a file system app to locate the file and install it.
Emailing it is the easiest way, however.
Edit: I'm assuming you meant private as in "only sent to certain individuals" and you're not actually looking for a method that will prevent the apps from being run on non-approved devices should they end up on one.
There's a proper way to do it now: Google Play Private Channel for Google Apps. You publish app on Private Channel and then send invitations to users. It won't be seen by other users of Google Play.
Option 1
Using Google Play Private Channel is probably the best way, but is useful only for Google Apps users.
Option 2
You can use new Developer dashboard options that let your app be in Alpha or beta phase and is available to only selected google accounts (using groups or google plus circles). Your app can stay in beta indefinitely so not become visible to other users. if you like this method you can also use services like TestFlight.
Option 3
Mail distribution is also ok it's even mentioned in documentation which I find a little bit odd, but I would advise you to use some file storage like Dropbox and just distribute the link to selected people.
Two major ways:
You can either use the non-market application installation method, or adb from a connected PC to install an apk which you distribute as a bare file. The downside is that anyone in possession of the apk can install your application.
Alternatively, you can distribute the application through the android market, but make it require an account on a server you control in order to do anything useful. The upside is that possession of the apk doesn't get an unauthorized user much; the downside is negative ratings from confused randoms, and that you've made your apk very available for interested parties to know about and decompile. (There is or was also a way to put an app on the market but not list it so it was only accessible via a full url, however don't rely on that)
Yes. As of right now I use such a method, I have to manually load the app on the phone, however other techniques can be used. Once loaded the app checks the main server to see if it is up to date. If it is not, it downloads and installs the new version of itself.
If you go to your eclipse workspace and go to yours app's folder, in the bin folder assuming you develop with eclipse, you will find a .apk file somewhere in there. Copy it to the phone and then use something like EZ File Explorer (or something like that) to access your android filesystem, click on the .apk and it will install and be ready to use.
Related
is it possible to create an android application that is meant only for internal use? Basically a private application not meant to be installed by non-approved phones?
If so what is the basic process of deployment? How do you get the app on the employees phone's?
thanks!
The easiest way is to email it to them. Any email with an .apk attachment will get an "Install" button that you can tap to install the app.
Installing from non-market sources needs to be enabled -- which is a bit of a security risk -- but the user will be prompted to turn that on if they need to, and even given a button that will take them right to the appropriate settings page. The whole process is really quite slick. :)
Alternatively, you can copy it to the phone (e.g. after connecting the phone in USB storage mode) and then use a file system app to locate the file and install it.
Emailing it is the easiest way, however.
Edit: I'm assuming you meant private as in "only sent to certain individuals" and you're not actually looking for a method that will prevent the apps from being run on non-approved devices should they end up on one.
There's a proper way to do it now: Google Play Private Channel for Google Apps. You publish app on Private Channel and then send invitations to users. It won't be seen by other users of Google Play.
Option 1
Using Google Play Private Channel is probably the best way, but is useful only for Google Apps users.
Option 2
You can use new Developer dashboard options that let your app be in Alpha or beta phase and is available to only selected google accounts (using groups or google plus circles). Your app can stay in beta indefinitely so not become visible to other users. if you like this method you can also use services like TestFlight.
Option 3
Mail distribution is also ok it's even mentioned in documentation which I find a little bit odd, but I would advise you to use some file storage like Dropbox and just distribute the link to selected people.
Two major ways:
You can either use the non-market application installation method, or adb from a connected PC to install an apk which you distribute as a bare file. The downside is that anyone in possession of the apk can install your application.
Alternatively, you can distribute the application through the android market, but make it require an account on a server you control in order to do anything useful. The upside is that possession of the apk doesn't get an unauthorized user much; the downside is negative ratings from confused randoms, and that you've made your apk very available for interested parties to know about and decompile. (There is or was also a way to put an app on the market but not list it so it was only accessible via a full url, however don't rely on that)
Yes. As of right now I use such a method, I have to manually load the app on the phone, however other techniques can be used. Once loaded the app checks the main server to see if it is up to date. If it is not, it downloads and installs the new version of itself.
If you go to your eclipse workspace and go to yours app's folder, in the bin folder assuming you develop with eclipse, you will find a .apk file somewhere in there. Copy it to the phone and then use something like EZ File Explorer (or something like that) to access your android filesystem, click on the .apk and it will install and be ready to use.
I want to access the apk file of any app before installation.
In more details: in google play store when the user clicks on Install button I want my application to access the apk file of the application that the user wants to download, and analyze this apk file and be able to whether allow the installation or stop it.
is that possible and if so how to approach this
On Android this functionality was introduced in Android 4.2. It is usually used by anti-malware products like Google Play Protect is known as a "Package Verifier". There is a good blog post on it here.
The short answer is this has to be done as part of the phone manufacturing process as it is so critical to security. So the answer is it can be done, but if you write this code you will need to get a phone manufacturer to include your code as part of a phone system image.
Most third party anti-malware products instead rely on analyzing the APK after the install happens by listening to the package added notification.
Definitely not possible in the way that you want. Android's OS is pretty well locked down. You might be able to do something if the device was rooted but at that point you may as well write your own OS fork. You can attempt to do someting with https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_ADDED broadcast but you will not be able to analyze the apk freely nor will you be able to stop the installation of it.
If I want to deploy to the Android Market it looks like I have two options:
Create my own keystore and upload. When I update my app use that keystore on my APK to ensure that users are given the option to update.
Do step 1, but also implement Application Licensing which will put controls on how the app is used.
Am I correct to assume that step 1 means that anyone could copy my APK once it is purchased from the Android Market and install it anywhere they wish?
How common is it for people to use Application Licensing and is it the defacto approach?
My app will be paid and I want to ensure I am taking the best approach.
Am I correct to assume that step 1 means that anyone could copy my APK once it is purchased from the Android Market and install it anywhere they wish?
Yes you are correct, it would be extremely easy to copy your application.
How common is it for people to use Application Licensing and is it the defacto approach?
I would say it's very common since it's the only way to verify the licence against the Android Market, though I don't have any stats on this. Otherwise you would need to implement your own "Market" and verify purchases in your own.
My app will be paid and I want to ensure I am taking the best approach.
Use LVL, DO NOT use the default implementation. Watch the LVL session from the 2011 IO for a how to.
Often times, people will not simply download an app and copy it anywhere they would like. However, it is possible through some apps and other software for users to copy off APKs from their phones (even though they aren't suppose to). In my opinion, if you app is paid, you should implement Applicant Licensing. It is a very useful tool to help in preventing people from stealing your APKs (in other words, downloading it and then trying to install it some where else) as it checks on start up to ensure that the app is on the phone that purchased it. Otherwise, for free apps, I don't really see the neccessity because it's free and anyone could have downloaded it.
Here's the scenario i am trying to achieve:
Publish/have an app in the Android app store
However - i do not want it to be searchable through the android market search, etc.
The only way people can access the app is if i give them an explicit link to download
Is above possible? If so - how? All FAQs/instrucitons i have seen publish & make it searchable for the whole world - but i want it only accessible through #3 above.
Thanks.
Try this site https://www.push-link.com/, you can upload apk on your private account and only can be accessible thorough automatic generated link and QR code. This service contains user notification on new versions and bug reports.
Two things that are problematic with the link to an APK approach:
Some of the devices out there (I m only aware of the Motorola Atrix) don't have the "Unkown Sources" option, meaning that this won't work on them.
You loose the ability to auto update the app if you want.
I would recommend adding a login process where only your users will have access to the actual application. This way, you still have the Market advantages and only those people can activate the application.
The main disadvantage is that the application will be open to search in the Market, but as far as I know, this won't be a problem since people will immediately uninstall it since they won't be able to activate it.
In your case, what I do is, I dont upload the application to the Market and distribute it from my server.
I mean this is simple, sweet and it also saves my $25 for the market account...
Don't do this. Just publish the APK to your own website, then give the users the URL to the APK, they can download and install it directly. The only thing they'll need to do is ensure that Menu-Settings-Applications-Unknown sources is ticked.
A company asked me if I am able to program an Android-App for their internal process but with small mobile-device-management capabilites. I'm aware of the "enable manual apk-installation"-checkbox inside of the Android-Settings-Menu. I think it opens additional security holes if it is permanently checked.
So easiset way is to send a SMS with an URL to this APK, enable checkbox, install the update and disable checkbox manually. A lot to do, to update a program.
Coming from Windows Mobile and Symbian I was able to program a Facade.exe which starts a download and replaces some signed parts. The Application signing of Windows Mobile and Symbian allows this.
Is this possible with Android(not rooted)? I read some articles that it is possible to implement own Markets(like Amazon is doing it). Is it possible to use some of those APIs for the purpose of doing an auto-update. Where are thoes APIs, I am not able to find them.
Is this a solution:
Programming a torch-app(there are thousands around), publishing it to the android market. But with a small button to activate the whole application with a secret password. Updates can be rolled out via android market functionality.
A complete MDM (mobile device management) is overkill.
Is this possible with Android(not rooted)?
Not readily. You can use the techniques used by the Sideload Wonder Machine, extracting the requisite bits out of the SDK to do sideloads via USB. However:
Your Facade.exe implies the user runs Windows.
This implies that the user has the adb drivers for their device for Windows.
Neither of those are guaranteed.
I read some articles that it is possible to implement own Markets(like Amazon is doing it). Is it possible to use some of those APIs for the purpose of doing an auto-update.
You can download whatever you want, such as an APK. You can tell Android to VIEW whatever you want, such as your APK. If you VIEW an APK (and have the right MIME type in your Intent), that will trigger an install or update. The user will be prompted about the install or update -- on an install, for example, it will give them the screen listing all the requested permissions.