This is the sixth in a series of blog posts looking at the considerations around adopting a GMS deployment in the enterprise. Each post features a summary along with recommendations. For other posts in this series please see the links below:
- Preventing unattended application updates initiated via the Play Store
- The managed Google Play Store
- Application deltas between Android GMS and AOSP
- GMS Location services and tracking
- Distributing private apps in the Managed Play Store
- Data usage of GMS applications and services
- Factory Reset Protection
- The setup wizard and how to bypass it
With the move to the managed Play Store on GMS devices, as explained in an earlier post, there are several use cases that need to be addressed:
- Create an application in-house and distribute only to devices within my organization
- Have a 3rd party create an application to be distributed within my organization without having to exchange login credentials with that 3rd party.
The steps to publish a private application to your (or any) organization are as follows:
- Register as an Android developer.
- If you plan on developing applications in house it may be easier to use the administrator account for your enterprise to simplify the distribution process.
- Publish the application to either your own organization or any other organization for which you have the Organization ID.
- Once published, distribute the application via your EMM.
Google documentation for the above steps is also available.
Publishing an application to your own organization
- Sign into the Google Play Console with a registered account
- Run through the process of completing the required form(s) as part of the standard application publishing process.
- Under Pricing & Distribution, check the ‘Turn on advanced Google Play features’ checkbox under the ‘User programs’ section
Google Play console: Pricing & Distribution
All ticking this box does by itself is enable a paid application to be bulk-licensed by organizations for distribution on managed devices, which is not entirely what we are trying to do.
- To “privately target this app to a list of organisations” tick the appropriate tick box and then ‘Choose Organisations’
Targeting a list of organisations
Note that this application is already privately targeted to 1 organisation, this is because the Google account being used to distribute the app is also an administrator account of an organization
- If you click ‘CHOOSE ORGANISATIONS’ you are able to see the organisation to which this application already belongs as well as add any other organisations.
The 'Choose organisations' modal dialog
- Details of how to determine your organisation ID are given in the following section
- If you are distributing your application to a separate organization, for example if a company has outsourced development of an internal application to you, you can distribute the application to that company by adding their organisation ID to this dialog.
- Roll out the production release of your application as you would do for a public application, but the application will not appear in the public Play Store.
- After a few minutes, the application will appear in the managed Google Play Store for the organization(s) to whom you have distributed the app.
The application in your managed Play Store
Determining your Organisation ID
To determine your organization ID:
- Sign into the managed Google Play Store
- Click ‘Admin Settings’ on the left-hand side
- The Organisation ID is given along with any other organisation information
Determining your organisation ID
If you receive a warning that you are not an administrator of your organisation, try navigating directly to the administrator settings screen and agree to the presented EULA.
Distribute the application via your EMM
Once published, the application will be available on your EMM. Instructions on how to do this will vary from EMM to EMM and the EMM themselves will need to support distributing private applications via the Managed play store. Whether the application is automatically pushed to registered devices (push-install) or whether the user needs to manually download the private application from the managed Play Store will also be controlled via the EMM.
Just to show something end to end I used the managed Android experience, as explained in my earlier post
Example of how your private app might appear within an EMM console
The application will now be available in the Play store on the device managed by your EMM
The private application seen in the managed Play store on the device
As stated in a previous post, the managed Play Store remains one of several possible techniques that can be used to distribute applications:
- Deploy the application via adb to connected devices
- Side-load the application via an SD card or copy it to internal storage
- Use Zebra’s StageNow tool
- Use the MX App Manager to install previously downloaded applications to the device.
These techniques are not going away and remain perfectly functional on GMS devices however the benefits of using the Managed Play Store should not be ignored:
- It is the recommended technique by Google for application deployment on managed devices and is therefore the de-facto standard.
- Google’s Play Protect features of the Play Store helps to protect your device from potentially harmful applications
- The managed Play store is being adopted by OEMs, leading to additional features and capabilities being added with the continual focus on Android in the Enterprise.
- Out of the box support for managed configurations (in conjunction with a supporting EMM)