Application deltas between Android GMS and AOSP

Anonymous (not verified) -
13 MIN READ
895

This is the fourth in a series of blog posts looking at the considerations around adopting a GMS deployment in the enterprise.  Each post features a summary along with recommendations.  For other posts in this series please see the links below:

 

The most immediately noticeable difference between GMS and non-GMS devices is which applications come pre-installed on the device and these pre-installed GMS apps represent a large part of the value added to Android by Google.

 

Whether you are looking to better understand exactly what constitutes ‘GMS applications’ and what those applications do or whether you are looking to disable GMS apps, this post aims to give you the information and background required to make informed decisions.

 

Summary

There are a large number of applications which are included only on GMS devices including YouTube, Gmail, Play Music, Google Drive, Google Maps, Calendar, Google Chrome and more. In addition to GMS applications there are also a number of services which are only present on GMS devices including Play Services, the Keyboard, Localized keyboards, Contacts sync and others. Some applications lend themselves to further discussion with the Play Store and the Set-up wizard being handled in previous and future posts respectively.

 

GMS applications & services can be disabled either through code or as part of your staging process with StageNow.

  • If you plan on selectively disabling some applications or services thorough testing is recommended since there are many interdependencies between the GMS components.
  • Disabling ALL GMS apps & services can be done with minimal risk however you may need to post-load 3rd party components to fill the feature gaps left e.g. disabling Gmail will leave you without a pre-installed email client but there are many 3rd party email clients available.  Note that the Package Manager is required and should not be disabled.
    • At the time of writing, disabling all GMS apps & services is a manual process since which applications are installed depends on your device & BSP.

 

Pre-Installed system applications

GMS devices ship with a number of applications and services that were not present on AOSP (non-GMS) devices. Some of these applications and services are required for the correct functioning of the device whilst others can be safely disabled with the loss of only specific, contained capabilities. Some applications have replaced their AOSP equivalents for example ‘Gmail’ replacing ‘Email’ whilst others add entirely new functionality.  If you are using a managed Android device you may notice that some of these system applications are disabled out of the box, as detailed later in this post.

 

The purpose of this section is to present the reader with an understanding of what they have on their device; how they can disable or control the running of applications should they choose to do so and any implications of disabling those apps.

 

It is not possible to create an exhaustive list of all GMS components, their interdependencies and possible dependencies which might exist for 3rd party or partner applications.  If you plan on selectively disabling GMS components then it is recommended to thoroughly test the effect on your device, taking the following information into account.

 

Understanding installed applications

Zebra currently have a wide range of devices which run GMS so it is not feasible to list every device build produced by Zebra and detail every GMS component in those builds along with the features of each.

 

To determine the applications running on your device you can use the package management (pm) command via adb:

 

$ adb shell pm list packages

 

Several options can be appended to the command to provide additional detail about the installed packages:

-s lists only system packages

-3 lists only 3rd party packages (for the purposes of this command, Zebra pre-installed services like the MXMF are classed as 3rd party packages)

-f lists the package names as well as the path to the installed APK files

-d and -e list the disabled and enabled packages respectively

 

The following table lists a subset of available applications and services provided by Google and available on GMS devices.  Some packages listed here may not be available on your device, depending on OS version and build.

 

Application Package Name What it does
YouTube com.google.android.youtube Ubiquitous video client
Android services library com.google.android.ext.services May be added to in future.  For now it contains ‘Notification ranking service’ to sort notifications by importance.
Quick search com.google.android.googlequicksearchbox Provides context sensitive searching after long pressing on text.
Google one time init com.google.android.onetimeinitializer Runs on initial boot and downloads required apps.
Android shared library com.google.android.ext.shared Future enhancement to share common code (e.g. the support library) between apps.
ConfigUpdater com.google.android.configupdater Performs on device app configuration such as certificate installation and firewall configuration.
TalkBack com.google.android.marvin.talkback Application to aid the visually impaired
Clock com.google.android.deskclock Android clock application
Gmail application com.google.android.gm Ubiquitous mail client
Setup wizard com.google.android.setupwizard The wizard presented to the user at first boot *
Play music com.google.android.music Google's music playing & streaming service
Google drive com.google.android.apps.docs Google's online document storage and sharing tool
Google maps com.google.android.apps.maps Ubiquitous mapping application
System webview com.google.android.webview Provides the web rendering engine for use in native apps.  Will not be present in Nougat or higher.
Google contacts sync com.google.android.syncadapters.contacts Enables contacts associated with your account to sync to multiple devices
Package installer com.google.android.packageinstaller Required to use the Android PackageManager *
Google Play services com.google.android.gms Infrastructure for much of the GMS value-adds *
Google services framework com.google.android.gsf Supports the Play Services application in a variety of ways from application updates, user authentication, location services, user searches & more * (with gsf.login)
Google account manager com.google.android.gsf.login Supports the Play services application by providing APIs for account management * (with gsf.)
Google backup transport com.google.android.backuptransport Implementation for the Android Backup Service, providing key/value cloud storage for apps.
Text to speech engine com.google.android.tts A text-to-speech output engine
Google partner setup com.google.android.partnersetup Enables applications to perform functionality that requires access to your Google account information
Google Play movies & TV com.google.android.videos Allows you to buy and rent movies from Google
Market feedback agent com.google.android.feedback Allows apps to request the user provide market feedback for them.
Print recommendation service com.google.android.printservice.recommendation Provides an implementation of the Android print service *
Google photos com.google.android.apps.photos Google's photo sharing and storage app
Google calendar com.google.android.calendar Device calendar
Pinyin IME com.google.android.inputmethod.pinyin Pinyin keyboard
Japanese IME com.google.android.inputmethod.japanese Japanese keyboard
Hindi IME com.google.android.apps.inputmethod.hindi Hindi keyboard
Latin IME com.google.android.inputmethod.latin Latin (English) keyboard
Google Hangouts com.google.android.talk Google's messaging application
Google Play store com.android.vending The Google play store implementation *
Google Chrome com.android.chrome Ubiquitous browser *
Google Play games com.google.android.play.games Online gaming service and development kit
Newsstand com.google.android.apps.magazines News aggregator and digital newsstand service

 

Those applications marked with a * are further discussed in the following section

Considerations around disabling applications

When you configure your device to be in Device Owner (DO) mode you may see that many system applications are disabled by default (for example Google Photos, Google Maps, Camera etc).  Whether or not these system apps are disabled will depend on your method of provisioning (as it can be configured) and applications can be re-enabled via the Device Policy Controller or EMM, if applicable.  Applications disabled in this manner will not be shown with the following command, contrary to what you might expect with the -d parameter:

 

$ adb shell pm list packages -d

 

Besides using an EMM, Zebra offers two techniques to prevent applications from running.  The MX Access Manager can be used to securely whitelist only those applications that you want to run but will only work for user applications, i.e. the Access Manager is NOT suitable for disabling system applications or preventing them from running.

 

The MX Application Manager WILL allow you to disable system applications and can therefore be used to disable GMS applications and services that you do not want to run on your device.

 

When determining which GMS applications to disable the following table provides information on specific apps which is worth bearing in mind:

 

Application Implications of disabling
Setup wizard Some system properties are set whilst running the setup wizard and without these properties some applications may not run correctly.  The setup wizard will be the subject of a future post that will dive into this in more detail.
Package installer Disabling the package installer will prevent the device from booting therefore it should not be disabled.
Google Play services

Google does not recommend disabling Play Services however the detail is more nuanced.

Any application that depends on Play Services, https://developers.google.com/android/guides/overview will be limited in functionality in some capacity if you disable Play Services:

  • Some applications may detect the lack of play services and refuse to run, e.g. Google Calendar

1.png

  • Some applications detect the lack of play services but allow you to run by dismissing the warning, e.g. Chrome

2.png

  • Some applications will prompt you to enable Play services and fail to function properly if you do not enable them.  For example, I wrote an application that uses the Google Vision library to detect barcodes and although the application will show the camera it is not able to detect any barcodes in the field of view.

3 - modified.jpg

Apps may also raise a notification when they detect the lack of Play Services so if you use a lot of apps with Play Services dependencies you will get a lot of notifications.

 

If your apps are running on a non-GMS device without issue then it is fair to assume they do not have any dependencies on Play Services.  It is not recommended to disable Play Services without thorough testing unless you are certain about the functionality of all your apps; many store applications depend on Play Services and often in ways you would not expect e.g. location, attestation or innumerable others.

Google services framework

Google account manager

Disabling the Google Services Framework and Google Account Manager will not produce the same degree of errors and warnings from applications that are produced by disabling Google Play Services but in my (limited) testing can still lead to instability in some app designed for GMS, particularly when attempting to configure a Google account.  If your aim is to prevent the user from creating accounts on the device, I would not recommend disabling these applications to try to achieve that, instead you should do that via your EMM or by preventing access to the Settings UI.
Latin IME Disabling the keyboard will leave the user with no way to input text so should be avoided without installing an alternative, e.g. Zebra's Enterprise Keyboard.
Google Play store

Disabling the Google Play Store will affect both managed and unmanaged devices equally and is discussed in more detail in a previous post in this series .

 

Disabling the Play Store application can be used to disable application updates (for which there is currently no API).

 

One common point of confusion is between the Play Store and Play Services, the former is an standalone application whereas the latter is a service that provides an array of functionality to many applications.

Google Chrome On Nougat devices and above, any application which uses a webview component has that webview share a rendering engine with the Chrome application on the device.  Disabling Google Chrome does not however disable every application that uses a webview, e.g. Zebra’s Enterprise Browser  and other apps with an integrated webview will continue to function as normal.

 

Disabling applications with the MX App Manager

As previously noted, the MX application manager can be used to reliably disable GMS system applications and services; assuming you know which applications you want to disable there are two primary ways to invoke the access manager:

 

Via StageNow

Zebra’s proprietary StageNow tool can be used to create a barcode which, when scanned, will disable the desired application(s).

1. Create a StageNow profile to disable the applications you do not want to run and publish the profile (as a barcode for example).

a. I have created a sample profile attached to this post which will disable some common GMS apps not needed in the Enterprise: YouTube, Gmail, Play Music, Drive, Play Movies & TV, Photos, Calendar & Hangouts (DisableApplications.zip).  You can import this profile into StageNow 2.8+ and configure it to suit your needs.

DisableApplications.png

 

b. Note that what constitutes a GMS distribution changes from version to version of Android and you will get errors deploying the above profile if your OS does not contain one of the specified applications.  If this is the case just remove that application from the profile.

c. You can undo the effects of the DisableApplications profile with the EnableApplications profile, also attached to this post (EnableApplications.zip)

EnableApplications.png

2. Launch StageNow on your mobile device and scan the StageNow barcode.  The mobile device must be running MX4.4+

3. Wait a few seconds for the profile to take effect

 

In Code

I previously wrote a blog on disabling GMS features using MX and as part of that effort I created an accompanying application which allows you to disable or enable specific applications present on your device using the EMDK Profile Manager API, https://github.com/darryncampbell/Disable-System-Apps

 

4.png

 

Please note however that this application is not provided with any kind of guarantees or warranties from Zebra.

 

The MX profile to enable or disable the selected application is generated dynamically and passed to the EMDK Process Profile API.

 

GMS replacements to AOSP apps

With the move to GMS from non-GMS (AOSP) we have seen several AOSP applications replaced by their GMS equivalents:

 

Non-GMS application GMS application
AOSP IME (com.android.inputmethod.latin) Latin IME (com.google.android.inputmethod.latin)
Music Play music
Email Gmail
Gallery Photos
Calendar Google Calendar
Messaging Hangouts

Browser (Pre-Nougat)

Chromium / 3rd party browser

Chrome
Webview Android System Webview (L/M); Chrome (N+)
People Contacts
Search Google

 

In all cases the application replacing the non-GMS application is more functional and has received more recent updates from Google, some examples:

  • Gmail is updating with every version of Android to include support for the latest notification APIs.  Gmail running on Nougat takes advantage of bundled notifications by subject and direct message replies whereas the AOSP email client would have the same functionality it had on KitKat.
  • The Webview as part of AOSP, whilst receiving security updates, does not have the latest features available in Chrome.  The mobile web is a constant source of innovation and according to caniuse.com even something as popular to modern developers as service workers are only partially supported in the Android Browser: http://caniuse.com/#search=serviceworkers.
  • The Browser application cannot be remotely configured so any administrator wishing to disable cookies has to manually touch every device.  Chrome exposes standard techniques to configure itself (managed configurations) meaning such settings can be remotely configured.

If you have concerns regarding the privacy or security of any of the GMS applications then please see the previous post in this series on the topic.

 

Recommendations

GMS applications and services provide great value for end users, developers and administrators but many organizations want to prevent at least some of that functionality for numerous reasons (battery concerns, data cost etc.).

  • It is possible to selectively disable specific GMS applications or services.  If you do so it is recommended to undertake thorough testing and concentrate that testing around any potential interdependencies.  The information presented in this post should help identify possible areas of dependency as well as understand some of the more cryptic GMS components.
  • Disabling all GMS applications and services is a tempting route for anybody wishing to revert their GMS device back to an AOSP-like configuration and is possible (with the exception of the Package Manager which should not be disabled).
    • Disabling apps & services must be done manually but the sheer number of configurations in the field prevent me from providing a one step StageNow barcode that will work for everybody.
    • It is recommended to take the StageNow profile attached to this post and edit it using StageNow version 2.8 or higher to disable the undesired apps in your deployment.  Be aware that the installed apps may differ from device to device and BSP to BSP.
    • Install 3rd party applications to replace functionality lost from disabled GMS apps e.g. install a mail client to replace Gmail; remember if you have disabled Play Services then your choice of 3rd party applications must be tolerant of that.
profile

Anonymous (not verified)

Please Register or Login to post a reply

Replies