A company asked me if I am able to program an Android-App for their internal process but with small mobile-device-management capabilites. I'm aware of the "enable manual apk-installation"-checkbox inside of the Android-Settings-Menu. I think it opens additional security holes if it is permanently checked.
So easiset way is to send a SMS with an URL to this APK, enable checkbox, install the update and disable checkbox manually. A lot to do, to update a program.
Coming from Windows Mobile and Symbian I was able to program a Facade.exe which starts a download and replaces some signed parts. The Application signing of Windows Mobile and Symbian allows this.
Is this possible with Android(not rooted)? I read some articles that it is possible to implement own Markets(like Amazon is doing it). Is it possible to use some of those APIs for the purpose of doing an auto-update. Where are thoes APIs, I am not able to find them.
Is this a solution:
Programming a torch-app(there are thousands around), publishing it to the android market. But with a small button to activate the whole application with a secret password. Updates can be rolled out via android market functionality.
A complete MDM (mobile device management) is overkill.
Is this possible with Android(not rooted)?
Not readily. You can use the techniques used by the Sideload Wonder Machine, extracting the requisite bits out of the SDK to do sideloads via USB. However:
Your Facade.exe implies the user runs Windows.
This implies that the user has the adb drivers for their device for Windows.
Neither of those are guaranteed.
I read some articles that it is possible to implement own Markets(like Amazon is doing it). Is it possible to use some of those APIs for the purpose of doing an auto-update.
You can download whatever you want, such as an APK. You can tell Android to VIEW whatever you want, such as your APK. If you VIEW an APK (and have the right MIME type in your Intent), that will trigger an install or update. The user will be prompted about the install or update -- on an install, for example, it will give them the screen listing all the requested permissions.
Related
is it possible to create an android application that is meant only for internal use? Basically a private application not meant to be installed by non-approved phones?
If so what is the basic process of deployment? How do you get the app on the employees phone's?
thanks!
The easiest way is to email it to them. Any email with an .apk attachment will get an "Install" button that you can tap to install the app.
Installing from non-market sources needs to be enabled -- which is a bit of a security risk -- but the user will be prompted to turn that on if they need to, and even given a button that will take them right to the appropriate settings page. The whole process is really quite slick. :)
Alternatively, you can copy it to the phone (e.g. after connecting the phone in USB storage mode) and then use a file system app to locate the file and install it.
Emailing it is the easiest way, however.
Edit: I'm assuming you meant private as in "only sent to certain individuals" and you're not actually looking for a method that will prevent the apps from being run on non-approved devices should they end up on one.
There's a proper way to do it now: Google Play Private Channel for Google Apps. You publish app on Private Channel and then send invitations to users. It won't be seen by other users of Google Play.
Option 1
Using Google Play Private Channel is probably the best way, but is useful only for Google Apps users.
Option 2
You can use new Developer dashboard options that let your app be in Alpha or beta phase and is available to only selected google accounts (using groups or google plus circles). Your app can stay in beta indefinitely so not become visible to other users. if you like this method you can also use services like TestFlight.
Option 3
Mail distribution is also ok it's even mentioned in documentation which I find a little bit odd, but I would advise you to use some file storage like Dropbox and just distribute the link to selected people.
Two major ways:
You can either use the non-market application installation method, or adb from a connected PC to install an apk which you distribute as a bare file. The downside is that anyone in possession of the apk can install your application.
Alternatively, you can distribute the application through the android market, but make it require an account on a server you control in order to do anything useful. The upside is that possession of the apk doesn't get an unauthorized user much; the downside is negative ratings from confused randoms, and that you've made your apk very available for interested parties to know about and decompile. (There is or was also a way to put an app on the market but not list it so it was only accessible via a full url, however don't rely on that)
Yes. As of right now I use such a method, I have to manually load the app on the phone, however other techniques can be used. Once loaded the app checks the main server to see if it is up to date. If it is not, it downloads and installs the new version of itself.
If you go to your eclipse workspace and go to yours app's folder, in the bin folder assuming you develop with eclipse, you will find a .apk file somewhere in there. Copy it to the phone and then use something like EZ File Explorer (or something like that) to access your android filesystem, click on the .apk and it will install and be ready to use.
My application will be running on hundreds of android devices belonging to a single owner and I may need to modify the software as an update at some point.
I decided I should include a feature to check with the server for updates and download them, which is currently working.
Installing the update is the difficult part. I need it done automatically. Preferably with no user interaction since there are hundreds of devices and it would be very time consuming to do each one manually.
This is the problem, even with the device rooted, I can not find a generic way that each device can install the update without system specific information.
I have read questions like this but can not find a proper answer: Install Android APK without prompt
The bottom answer executes but I can find no installed app, so I assume it failed.
What you want to do is not possible without some serious hacks. A private app store might be a better fit.
If your client is a Google Apps user, you can create a private channel in the Play Store.
Distribute Android apps in your organization
If not, you will have to rely on third party solution like these one:
Apperian Mobile Application Management
ManageEngine Mobile Device Manager
I didn't try any of these, so you will have to do some research to check that they fit your needs
I'm building an MDM application for Android devices and I want to be able to silently update the MDM app in order to patch security holes, add new features, etc. I know it is possible to achieve this by accessing the Android Package Manager Installer but from what I can tell this requires the application to be signed with the same signature from a specific OEM.
Is it possible to do a silent update for an MDM application without rooting the device?
You cannot, and this is viewed as a Good Thing from the point of view of the user, because the code that I install cannot be changed by anybody except software signed by a trusted key (such as Google's Play), or with manual approval.
I can think of two workarounds:
Check if there's an update, download it, then refuse to do anything until the user updates the app.
Dynamically load most of your app's functionality at runtime from a JAR that your app downloads. You could silently update this at will.
Heck, you could even combine the two options, so that if the wrapper needs updating, it will bother the user. The second method will make the nags very infrequent.
You should probably let the user know that this is happening, at least in an initial info-screen. I know I would uninstall any app that tried to go behind my back in this manner, if I found out about it.
I'm currently developing a small Android app that will not be on the Play Store. It is a private business application that will be used for a non-emergency transport company. The Android app will show drivers a list of pickups and drop-offs that they will have throughout the day and allow them to update the status of those trips. What I'd like to do is have some method of updating the app during off hours or when the device is idle. Ideally, it would be great if someone has already written some kind of Android updater that can run as a service. However, I certainly wouldn't mind writing this on my own.
Either way, all it needs to do is pull an APK from our servers and install that APK. I usually don't like doing things sneaky like this, but our clients want it to be this way so that they won't have to go to each device and press OK on permission prompts and they don't want to leave the responsibility of updating the software to the drivers.
I understand the security concerns, but it seems to me that there should be some way to allow an app to auto-update itself if the user permits it. Also, our app is signed and includes a certificate on the device to verify that the downloaded app is legit.
As CommonsWare mentioned it's not supported by standard android. If you take the path of creating your own firmware and installer take a look at the existing PackageInstaller. The required changes are not so complicated.
I did it for a couple of custom versions and it works.
Either way, all it needs to do is pull an APK from our servers and install that APK. I usually don't like doing things sneaky like this, but our clients want it to be this way so that they won't have to go to each device and press OK on permission prompts and they don't want to leave the responsibility of updating the software to the drivers.
This is not possible, except via custom firmware or on a rooted device.
it seems to me that there should be some way to allow an app to auto-update itself if the user permits it.
You are welcome to build your own customized version of Android that has this capability. Stock Android does not offer this, except to the firmware itself.
When you visit the market place web site on a desktop browser and log in with your account it knows about your devices and what apps do and do not work on it. Fairly understandable how they do this.
What is intriguing is the feature whereby you can click the install button on the web site and the app is then automatically downloaded and installed on the phone. Now that is magic! How does this push notification work?
Is it something that can only be done via the market place web site or is it a feature that can be used by third parties to trigger installations? My use case is to drastically simplify the use of a QR code to install an application. The QR code take the user to a mobile web page that has informative content (e.g. about a painting in a museum) and also has a button to allow the user to install the corresponding application that has the same but offline content. The app would installed without going via the market place and thus losing the user's immediate attention.
I expect that the answer is "you can't do that" but rather than live under that presumption I thought that I'd ask. Is there another way to achieve my use case?
In general much work was done to ensure any applications being installed require explicit action to be taken by the user(i.e. view the permissions and press the install button). This behavior that the Market service exhibits is one of the few things that sort of sidesteps this process but I would assume the logic behind it is that the user viewed the permissions and agreed to the install on the web front end so it would be redundant to make them do it again.
As far as I am aware the use case which you mentioned (user is browsing on PC and installs app to one of their devices from there) is the only situation where it works like this. I don't believe the market offers any way for 3rd parties to tie into this and distribute their applications in this manner (other than the market web front end).
So in short, no there isn't really any other good way to push applications like that.
Im sure you could set up something that behaves similarly but it would rely on something extra being done to or installed on the device and as such it wouldn't work on stock devices which means 90% or more of people wouldn't be able to use it.
I do agree with your motivation though, it seems like a trivial process to some of us to install an app from a QR, but the general public is not yet at a point where you can count on them get it it all done correctly and quickly enough that their attention is still focused on whatever it was, in your case the item in the museum.
There are certain security measures which prevent automatic installs from unknown sources.
Outside of Android Market, downloading & installing are two separate steps. The QR code which takes a user to a web page, that bit is easy: Just embed a URL in a QR code. When the user goes to the page, they can download the APK file as an attachment (just link to it somewhere on the page).
However, the user then needs to manually select the APK from their downloads section, and explicitly indicate they wish to install it (just a button click). The user also needs to enable downloading from "unknown sources" on their device. This can be enabled in the Settings App, usually in a security area. The feature may be disabled by certain carriers. Note that any "Market" type app or mechanism for downloading APK's which didn't come pre-installed on the device is going to count as an unknown source (websites are counted as unknown sources)- For instance, using the Amazon Market app requires a tick in that checkbox.