Installing and managing native apps as .apk files

Introduction

There are two possible ways to deploy self-developed enterprise apps on Android devices enrolled via Android Enterprise. The official way provided by Google and recommended by us is the distribution via the managed Play Store.

The alternative way is the direct distribution of an APK file, e.g. via Relution, web or email. Since various security mechanisms of Android Enterprise have to be deactivated, this way is not recommended and only makes sense in exceptional cases.

1. possibility - distribution via Play Store

There are two ways to upload apps to the Play Store. In both cases, a developer account is necessary. A Google developer account costs a one-time fee of $25.

The app is regularly uploaded to the Play Store via any developer account (Google Play Console). We recommend using an official enterprise account for this purpose.

Here, all the setting options of the Play Store are available, such as the possibility to pre-publish development versions of the app only for certain groups of people.

If the app is not to be available to the public, its availability can additionally be restricted to your own company. Caution: This setting cannot be reversed afterwards. If the app is to be offered publicly in the future, it must be published again under a different package name.

The big advantage is that the app can then be released for other companies or company accounts. This can be helpful, for example, in the event of a server relocation, but also if the access data to the Google account used for Android Enterprise is lost.

In order to restrict the app to your own company, its organization ID can be stored under Setup > Advanced settings > Managed Play Store. The ID starts with LC0.... This ID is visible e.g. in Relution under Settings > Device platform specific > Android Enterprise.

Relution Android Enterprise Settings

Google Play Console

Upload via the Play Store dialog in Relution

Instead of uploading the app via the Google Play Console, it can also be uploaded directly from Relution. However, the Google account used to set up Android Enterprise must be a corresponding developer account.

Apart from the name of the app, no other settings can be made here and there is also no possibility to activate the app for other companies or enterprise accounts afterwards. Due to these restrictions, we generally advise against this option.

To upload an app as a private app, proceed as follows:

  • In Relution, go to Devices > Policies.
  • Open any Android Enterprise policy
    • Add a Manage apps configuration
  • Click on Add in the configuration
  • Select Managed Google Play Store App (Android Enterprise).
  • Go to the link Private Apps
  • Click on + to add a new app

Caution: The package name of the app must be unique. If the app is already available in the Play Store, even as a private app from another company, it cannot be uploaded again. We therefore generally recommend uploading via the Play Store, which can then also be used to unlock the app for other organization IDs.

Add managed app

Select Managed Play Store

Select Managed Play Store

Upload private app

2nd option - distributing an APK file

Native apps uploaded to the Relution App Store in the .apk format are not available for selection in the Manage apps policy configuration and the Install app action for Android Enterprise devices.

To still be able to install downloaded APK files on an enrolled device, the following policy settings are required:

  1. configuration Advanced security overrides.

  • The option Install from unknown sources must be set to Allow installation of untrusted apps on the entire device.

    Caution This basically allows users to install APK files from any source on the device!

  1. configuration `Play Store management

  • The option Restricted Google Play Store must be deactivated.

    If the restricted Play Store is active, the device will remove apps that have not been installed on the device using the Manage apps configuration or are part of the system after about 10 minutes.

    Caution This allows users to install any apps from the Play Store in the managed profile.

Once these settings are made it is again possible to install any APK files on the device. Since users can install APK files from any source in this mode, we generally advise against enabling these settings. Furthermore, there is no easy way to ensure the up-to-dateness of apps.

There are various options for distributing APK files, for example:

Installation via the Relution Legacy app.

For this, the Relution Legacy App is installed on the device via a Manage apps configuration. Afterwards, users can log in to the app and get access to all native Android apps that are stored in the Relution Store. Users can download and install these apps via the Companion. Depending on the Android version, users must also grant the Companion the right to request app installations.

If the Companion (Legacy) is additionally enrolled (requires another device license!), administrators can alternatively install apps via action. Depending on the device type, users may still have to agree to the installation manually.

Installation via email

Users receive the APK file to be installed from the company via email.

Installation from the web

Users receive the APK file to be installed via a download link that is distributed via email, Messenger or SMS, for example.

Android Enterprise Help