This is the fourth in a series of blog posts looking at the considerations around adopting a GMS deployment in the enterprise. Each post features a summary along with recommendations. For other posts in this series please see the links below:
- Preventing unattended application updates initiated via the Play Store
- The managed Google Play Store
- Application deltas between Android GMS and AOSP
- GMS Location services and tracking
- Distributing private apps in the Managed Play Store
- Data usage of GMS applications and services
- Factory Reset Protection
- The setup wizard and how to bypass it
The most immediately noticeable difference between GMS and non-GMS devices is which applications come pre-installed on the device and these pre-installed GMS apps represent a large part of the value added to Android by Google.
Whether you are looking to better understand exactly what constitutes ‘GMS applications’ and what those applications do or whether you are looking to disable GMS apps, this post aims to give you the information and background required to make informed decisions.
There are a large number of applications which are included only on GMS devices including YouTube, Gmail, Play Music, Google Drive, Google Maps, Calendar, Google Chrome and more. In addition to GMS applications there are also a number of services which are only present on GMS devices including Play Services, the Keyboard, Localized keyboards, Contacts sync and others. Some applications lend themselves to further discussion with the Play Store and the Set-up wizard being handled in previous and future posts respectively.
GMS applications & services can be disabled either through code or as part of your staging process with StageNow.
- If you plan on selectively disabling some applications or services thorough testing is recommended since there are many interdependencies between the GMS components.
- Disabling ALL GMS apps & services can be done with minimal risk however you may need to post-load 3rd party components to fill the feature gaps left e.g. disabling Gmail will leave you without a pre-installed email client but there are many 3rd party email clients available. Note that the Package Manager is required and should not be disabled.
- At the time of writing, disabling all GMS apps & services is a manual process since which applications are installed depends on your device & BSP.
Pre-Installed system applications
GMS devices ship with a number of applications and services that were not present on AOSP (non-GMS) devices. Some of these applications and services are required for the correct functioning of the device whilst others can be safely disabled with the loss of only specific, contained capabilities. Some applications have replaced their AOSP equivalents for example ‘Gmail’ replacing ‘Email’ whilst others add entirely new functionality. If you are using a managed Android device you may notice that some of these system applications are disabled out of the box, as detailed later in this post.
The purpose of this section is to present the reader with an understanding of what they have on their device; how they can disable or control the running of applications should they choose to do so and any implications of disabling those apps.
It is not possible to create an exhaustive list of all GMS components, their interdependencies and possible dependencies which might exist for 3rd party or partner applications. If you plan on selectively disabling GMS components then it is recommended to thoroughly test the effect on your device, taking the following information into account.
Understanding installed applications
Zebra currently have a wide range of devices which run GMS so it is not feasible to list every device build produced by Zebra and detail every GMS component in those builds along with the features of each.
To determine the applications running on your device you can use the package management (pm) command via adb:
$ adb shell pm list packages
Several options can be appended to the command to provide additional detail about the installed packages:
-s lists only system packages
-3 lists only 3rd party packages (for the purposes of this command, Zebra pre-installed services like the MXMF are classed as 3rd party packages)
-f lists the package names as well as the path to the installed APK files
-d and -e list the disabled and enabled packages respectively
The following table lists a subset of available applications and services provided by Google and available on GMS devices. Some packages listed here may not be available on your device, depending on OS version and build.
|Application||Package Name||What it does|
|YouTube||com.google.android.youtube||Ubiquitous video client|
|Android services library||com.google.android.ext.services||May be added to in future. For now it contains ‘Notification ranking service’ to sort notifications by importance.|
|Quick search||com.google.android.googlequicksearchbox||Provides context sensitive searching after long pressing on text.|
|Google one time init||com.google.android.onetimeinitializer||Runs on initial boot and downloads required apps.|
|Android shared library||com.google.android.ext.shared||Future enhancement to share common code (e.g. the support library) between apps.|
|ConfigUpdater||com.google.android.configupdater||Performs on device app configuration such as certificate installation and firewall configuration.|
|TalkBack||com.google.android.marvin.talkback||Application to aid the visually impaired|
|Clock||com.google.android.deskclock||Android clock application|
|Gmail application||com.google.android.gm||Ubiquitous mail client|
|Setup wizard||com.google.android.setupwizard||The wizard presented to the user at first boot *|
|Play music||com.google.android.music||Google's music playing & streaming service|
|Google drive||com.google.android.apps.docs||Google's online document storage and sharing tool|
|Google maps||com.google.android.apps.maps||Ubiquitous mapping application|
|System webview||com.google.android.webview||Provides the web rendering engine for use in native apps. Will not be present in Nougat or higher.|
|Google contacts sync||com.google.android.syncadapters.contacts||Enables contacts associated with your account to sync to multiple devices|
|Package installer||com.google.android.packageinstaller||Required to use the Android PackageManager *|
|Google Play services||com.google.android.gms||Infrastructure for much of the GMS value-adds *|
|Google services framework||com.google.android.gsf||Supports the Play Services application in a variety of ways from application updates, user authentication, location services, user searches & more * (with gsf.login)|
|Google account manager||com.google.android.gsf.login||Supports the Play services application by providing APIs for account management * (with gsf.)|
|Google backup transport||com.google.android.backuptransport||Implementation for the Android Backup Service, providing key/value cloud storage for apps.|
|Text to speech engine||com.google.android.tts||A text-to-speech output engine|
|Google partner setup||com.google.android.partnersetup||Enables applications to perform functionality that requires access to your Google account information|
|Google Play movies & TV||com.google.android.videos||Allows you to buy and rent movies from Google|
|Market feedback agent||com.google.android.feedback||Allows apps to request the user provide market feedback for them.|
|Print recommendation service||com.google.android.printservice.recommendation||Provides an implementation of the Android print service *|
|Google photos||com.google.android.apps.photos||Google's photo sharing and storage app|
|Google calendar||com.google.android.calendar||Device calendar|
|Pinyin IME||com.google.android.inputmethod.pinyin||Pinyin keyboard|
|Japanese IME||com.google.android.inputmethod.japanese||Japanese keyboard|
|Hindi IME||com.google.android.apps.inputmethod.hindi||Hindi keyboard|
|Latin IME||com.google.android.inputmethod.latin||Latin (English) keyboard|
|Google Hangouts||com.google.android.talk||Google's messaging application|
|Google Play store||com.android.vending||The Google play store implementation *|
|Google Chrome||com.android.chrome||Ubiquitous browser *|
|Google Play games||com.google.android.play.games||Online gaming service and development kit|
|Newsstand||com.google.android.apps.magazines||News aggregator and digital newsstand service|
Those applications marked with a * are further discussed in the following section
Considerations around disabling applications
When you configure your device to be in Device Owner (DO) mode you may see that many system applications are disabled by default (for example Google Photos, Google Maps, Camera etc). Whether or not these system apps are disabled will depend on your method of provisioning (as it can be configured) and applications can be re-enabled via the Device Policy Controller or EMM, if applicable. Applications disabled in this manner will not be shown with the following command, contrary to what you might expect with the -d parameter:
$ adb shell pm list packages -d
Besides using an EMM, Zebra offers two techniques to prevent applications from running. The MX Access Manager can be used to securely whitelist only those applications that you want to run but will only work for user applications, i.e. the Access Manager is NOT suitable for disabling system applications or preventing them from running.
The MX Application Manager WILL allow you to disable system applications and can therefore be used to disable GMS applications and services that you do not want to run on your device.
When determining which GMS applications to disable the following table provides information on specific apps which is worth bearing in mind:
|Application||Implications of disabling|
|Setup wizard||Some system properties are set whilst running the setup wizard and without these properties some applications may not run correctly. The setup wizard will be the subject of a future post that will dive into this in more detail.|
|Package installer||Disabling the package installer will prevent the device from booting therefore it should not be disabled.|
|Google Play services|
Google does not recommend disabling Play Services however the detail is more nuanced.
Any application that depends on Play Services, https://developers.google.com/android/guides/overview will be limited in functionality in some capacity if you disable Play Services:
Apps may also raise a notification when they detect the lack of Play Services so if you use a lot of apps with Play Services dependencies you will get a lot of notifications.
If your apps are running on a non-GMS device without issue then it is fair to assume they do not have any dependencies on Play Services. It is not recommended to disable Play Services without thorough testing unless you are certain about the functionality of all your apps; many store applications depend on Play Services and often in ways you would not expect e.g. location, attestation or innumerable others.
Google services framework
Google account manager
|Disabling the Google Services Framework and Google Account Manager will not produce the same degree of errors and warnings from applications that are produced by disabling Google Play Services but in my (limited) testing can still lead to instability in some app designed for GMS, particularly when attempting to configure a Google account. If your aim is to prevent the user from creating accounts on the device, I would not recommend disabling these applications to try to achieve that, instead you should do that via your EMM or by preventing access to the Settings UI.|
|Latin IME||Disabling the keyboard will leave the user with no way to input text so should be avoided without installing an alternative, e.g. Zebra's Enterprise Keyboard.|
|Google Play store|
Disabling the Google Play Store will affect both managed and unmanaged devices equally and is discussed in more detail in a previous post in this series .
Disabling the Play Store application can be used to disable application updates (for which there is currently no API).
One common point of confusion is between the Play Store and Play Services, the former is an standalone application whereas the latter is a service that provides an array of functionality to many applications.
|Google Chrome||On Nougat devices and above, any application which uses a webview component has that webview share a rendering engine with the Chrome application on the device. Disabling Google Chrome does not however disable every application that uses a webview, e.g. Zebra’s Enterprise Browser and other apps with an integrated webview will continue to function as normal.|
Disabling applications with the MX App Manager
As previously noted, the MX application manager can be used to reliably disable GMS system applications and services; assuming you know which applications you want to disable there are two primary ways to invoke the access manager:
Zebra’s proprietary StageNow tool can be used to create a barcode which, when scanned, will disable the desired application(s).
1. Create a StageNow profile to disable the applications you do not want to run and publish the profile (as a barcode for example).
a. I have created a sample profile attached to this post which will disable some common GMS apps not needed in the Enterprise: YouTube, Gmail, Play Music, Drive, Play Movies & TV, Photos, Calendar & Hangouts (DisableApplications.zip). You can import this profile into StageNow 2.8+ and configure it to suit your needs.
b. Note that what constitutes a GMS distribution changes from version to version of Android and you will get errors deploying the above profile if your OS does not contain one of the specified applications. If this is the case just remove that application from the profile.
c. You can undo the effects of the DisableApplications profile with the EnableApplications profile, also attached to this post (EnableApplications.zip)
2. Launch StageNow on your mobile device and scan the StageNow barcode. The mobile device must be running MX4.4+
3. Wait a few seconds for the profile to take effect
I previously wrote a blog on disabling GMS features using MX and as part of that effort I created an accompanying application which allows you to disable or enable specific applications present on your device using the EMDK Profile Manager API, https://github.com/darryncampbell/Disable-System-Apps
Please note however that this application is not provided with any kind of guarantees or warranties from Zebra.
GMS replacements to AOSP apps
With the move to GMS from non-GMS (AOSP) we have seen several AOSP applications replaced by their GMS equivalents:
|Non-GMS application||GMS application|
|AOSP IME (com.android.inputmethod.latin)||Latin IME (com.google.android.inputmethod.latin)|
Chromium / 3rd party browser
|Webview||Android System Webview (L/M); Chrome (N+)|
In all cases the application replacing the non-GMS application is more functional and has received more recent updates from Google, some examples:
- Gmail is updating with every version of Android to include support for the latest notification APIs. Gmail running on Nougat takes advantage of bundled notifications by subject and direct message replies whereas the AOSP email client would have the same functionality it had on KitKat.
- The Webview as part of AOSP, whilst receiving security updates, does not have the latest features available in Chrome. The mobile web is a constant source of innovation and according to caniuse.com even something as popular to modern developers as service workers are only partially supported in the Android Browser: http://caniuse.com/#search=serviceworkers.
- The Browser application cannot be remotely configured so any administrator wishing to disable cookies has to manually touch every device. Chrome exposes standard techniques to configure itself (managed configurations) meaning such settings can be remotely configured.
If you have concerns regarding the privacy or security of any of the GMS applications then please see the previous post in this series on the topic.
GMS applications and services provide great value for end users, developers and administrators but many organizations want to prevent at least some of that functionality for numerous reasons (battery concerns, data cost etc.).
- It is possible to selectively disable specific GMS applications or services. If you do so it is recommended to undertake thorough testing and concentrate that testing around any potential interdependencies. The information presented in this post should help identify possible areas of dependency as well as understand some of the more cryptic GMS components.
- Disabling all GMS applications and services is a tempting route for anybody wishing to revert their GMS device back to an AOSP-like configuration and is possible (with the exception of the Package Manager which should not be disabled).
- Disabling apps & services must be done manually but the sheer number of configurations in the field prevent me from providing a one step StageNow barcode that will work for everybody.
- It is recommended to take the StageNow profile attached to this post and edit it using StageNow version 2.8 or higher to disable the undesired apps in your deployment. Be aware that the installed apps may differ from device to device and BSP to BSP.
- Install 3rd party applications to replace functionality lost from disabled GMS apps e.g. install a mail client to replace Gmail; remember if you have disabled Play Services then your choice of 3rd party applications must be tolerant of that.