5 Replies Latest reply on Feb 5, 2019 8:26 AM by Matt Dermody

    Enterprise Browser distribution via private Play Store

    George Frost

      Hi there,

       

      We're preparing to deploy approximately 200 Zebra TC52 devices, enrolled as Android Enterprise devices into Microsoft Intune. Under the Android Enterprise model, side-loaded apps can not exist on the device unless they're system apps, or have been delivered via the managed Play Store - they're removed by the DPC (device policy controller) automatically if the app is installed manually via the file browser or StageNow.

       

      We need to deliver Enterprise Browser to the devices by either:

      A) Managed Google Play store in order for it to be usable on our devices (privately published).

      B) Installing the app as a system app

       

      Option A is obviously our preferred option here. This would mean we can fully utilize our MDM and other GMS features

      The issue I've struck to date by using the private Play Store is that Google's target API level requirement is level 26. Enterprise Browser 2.0.1 is only API version 23.

       

      Does Zebra plan to update the API level of the Enterprise Browser apk to at least 26 any time soon? Or is there an alternative method of utilizing the manage Play Store that anyone could suggest?

       

      Thanks,

      George.

        • Re: Enterprise Browser distribution via private Play Store
          Darryn Campbell

          Hi George,

           

          Thank you for your feedback - I have heard this point a couple of times (though frankly, not explained so well).  It is in the backlog of work to do but I'll raise this post to the product owner which should increase the priority (the more people asking for it)

           

          Darryn.

          • Re: Enterprise Browser distribution via private Play Store
            Matt Dermody

            Can you really not distribute the APK any other way? I manage Zebra Android devices in AEDO mode with SOTI MobiControl and I regularly distribute APKs of Non-System Apps to those devices outside of the Play Store. I did this today with an MC3300 running Oreo which I suspect you're also running on the TC52.

              • Re: Enterprise Browser distribution via private Play Store
                George Frost

                Hi Matt - unfortunately not. Intune limits us to only Managed Play apps. Getting on the app installed on the device is relatively straightforward (e.g. sideloading), however the DPC automatically uninstalls the app if it is not a system app or has not originated from the Managed Play store shortly after its installed. I've also raised this with Microsoft as a big limitation within the COSU (Corporate Owned, Single Use which I presume is the same configuration as AEDO) but its fallen on deaf ears unfortunately.

                 

                Cheers,

                George.

                  • Re: Enterprise Browser distribution via private Play Store
                    Matt Dermody

                    That is crazy! There are some scary implications of being forced down the AEDO COSU use case. I'm sure going to miss the glory days of Device Admin on an AOSP device. Some scenarios I'm already dreading:

                    • Emergency updates to a private enterprise app will have to wait on Google's approval process. This is supposed to take only 10 minutes but there are already reports of it taking 24 hours.
                    • Older, unmaintained, but mission critical apps being eventually flagged and quarantined by Google Play Protect. Sure this old warehousing or field service app targets an older API but my devices are completely managed in a private network, what does it matter?
                    • Rollback. I haven't explored this fully but what are the rollback options with private apps distributed through Managed Play? With standalone APK installation I'm easily able to rollback to a previous version of an enterprise application if something goes wrong with a new build. Do we even have that option anymore?

                     

                    I think AirWatch/Workspace UEM is set up the same way as Intune according to Arsen's recent blog post:

                     

                    Google Play Managed iFrame in Workspace ONE UEM (AirWatch) – Private Apps – Arsen Bandurian: Technical Blog

                     

                    I did confirm however that I'm able to install ZEB as an APK via a Package based install, bypassing the Managed Play Store, via SOTI MobiControl. I used ZEB 1.8 for the test but imagine the results would be the same with 2.0. Maybe you could tell Microsoft that you're considering switching to SOTI over this feature so they get their act together!

                     

                    1 of 1 people found this helpful