Manage Public App Installs/Updates on Kiosk, Point of Sale, or Line of Business Android Devices

I wanted to write one last blog post for 2018...

I work with a couple customers who have Android devices in the hands of their employees who work with their customers.  Think folks in the customer service industry.  It is very important, priority number 2 after usability, that during the business hours of the end user, that the device remain undisturbed.  No one wants to be signing a form, or ordering a sandwich and in the middle of the process the app updates, they lose the customers data, and delay the process.. or worse. 

So historically, and still a valid current method, we use Workspace ONE UEM's 'Product Provisioning' delivery mechanism.  This contains conditions based on the device time, network, power status, in which to create a 'Product' to deliver to the device.  The 'Product' is the latest version of the APK you are developing for your point of sale or line of business use case. 

This does leave a gap for some... there are plenty of use cases which require Public App store apps. Things like Chrome, Adobe, or even the VMware apps like Tunnel, Web, Hub.  How do we prevent app installs or updates in the middle of the working day?

To further that last point, with Android Enterprise, Google has doubled down on their holistic platform strategy as a means to standardize its phone manufacturers individual capabilities or lack of capabilities by making all phones support the same set of APIs.  One such powerful paradigm is the Managed Play Store.   Meaning rather than rely on individual capabilities of each MDM or UEM vendor, the Play platform natively supports a corporate app store.  There are a lot of benefits to the Managed Play Store or Private Play Store or Work Play Store (it has gone by a lot of names).  However that is for another blog post.  One such challenge this brings customers who are looking to migrate from older techniques like the 'Product Provisioning' from Workspace ONE UEM is the capabilities to control when the app gets installed or updated.  

With the Google Developer Console you can upload your internally developed APKs to that and make them available in Workspace ONE UEM, or you can actually upload your internally developed APKs directly to the Google Developer Console to make available to your Managed Play Store, directly through Workspace ONE UEM.  

Quickly this is done like this:

Step 1:  Navigate to where you would normally find any application. Search for anything.
 Step 2: On the left side hover over the menu and select Private apps.
Step 3: Here is a tricky button to find... on the very very bottom right click the plus arrow to upload your new APK. 
Step 4: Upload your APK. It will be available to distribute using the Manage Play store within the hour.



Okay now that I showed you it is very easy to take the modern approach of distributing apps through the very fast and distributed Managed Play network, lets talk about that App Install/Update challenge. 


One effective way to manage if you are able to install or update a Managed Play or Public Play Store app is the Google Play app.  The Google Play app is responsible for checking for updates, install apps which are assigned, and removing apps which are MDM removed.  So if we could manage the Google Play app we could solve our challenge.  You guessed it, we can... sort of.  I wouldn't say this is a voluntary management of the app.  

There is a restriction within Workspace ONE UEM that allows us to disable the Google Play app on the device.   Seen below:


Simply unchecking that box removed the Google Play app from the device, either fully Work Managed or just Work Profile.  When Google Play is removed from the device none of the managed applications can update and new Play applications can install. 

If only we could schedule unchecking that box say during business hours.... we can with a little used feature of 'Schedules' in Workspace ONE UEM.  The box is hidden on the bottom.



What I have done to make this very clean is actually rather than use a Restrictions Payload with 100 checkboxes that will get added/removed on that Schedule was pull out the custom XML from that Payload.  So the Profile I create is installing during the 7 AM to 7 PM hours which removes Google Play from device when the user is using it. Ensuring that the user experience remains consistent when the device is busy assisting customers, making money, or saving time. 

For reference here is the Custom XML I use:
<characteristic uuid="12345678-1234-1234-1234-123456789abcd" type="com.airwatch.android.androidwork.restrictions">

<parm name="allowGooglePlay" value="False" />

</characteristic>

Thanks and if there are any questions post a comment below.

Comments

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. The post you have shared here is really great as it contains some good knowledge which is very useful for me. Thanks for posting it. Keep it up. Outdoor Kiosk Solutions in New Jersey

    ReplyDelete
  4. Your blog is really good and it helps others about technology staffing solutions in London. It's a perfect solution for those who search for it. Please share more information like this.

    ReplyDelete
  5. The information you've provided is useful because it provides a wealth of knowledge that will be highly beneficial to me. Thank you for sharing that. Keep up the good work. Download Kindle Firmware

    ReplyDelete

Post a Comment