i have to implement single use application for my Enterprise's devices where there is only one major android app that itself can use 2-3 other apps like call, sms and google maps, other than that user must not be able to use or access other apps and settings,
1) I have considered Corporate owned Single use through Enterprise Management Api which is more sophisticated and big, but more complete solution.
2) I have implemented and tested the sample
Lock task with an android device owner app
that looks more like being my solution, but there is a problem
How do i provision device owner for production level devices? for my test i was able to provision with adb shell commmand. i know that device must be new/Reset and unprovisioned thats not a problem.
I am seeking some suggestion here, if anybody has implemented it it could help.
Update
going with the android management Api QuickStartGuide, suggested by Fred seems like correct way.
where my policy is Multiple app from custom launcher
now i am stuck in a situation, i want to publish my launcher app or other app to play store only for my enterprise.
I have followed Upload your own app to the Google Play Store,which led me to publish private app, but i am not able to do so as i am not getting Restrict Distribution option.
I don't know how to perfectly achieve this.
for my current policy and enterprise, i have 2 active email ids,
first email_1 is the one which is connected to the initial project
and
all the google api call is done under email_1 .
and the other is email_2 the one is admin for the enterprise
and connected to managed Google Play Store.
both email_1 and email_2 has admin access to my company developer account
.
Now i need to figure out to publish app only for my enterprise, i think there is a issue with correct permission or otherwise,
need Help.
Thanks
It's easy, once you understand the missing links.
The documentation should definitely clarify these steps.
1 Setup the accounts
We created a Google Suite Account for our client and uploaded his app in the Google Play Console account created using a Google Account under their organization, and limited the app distribution to their organization.
We also added Android for Work to our organization here: https://admin.google.com/AdminHome?pli=1&fral=1#SelectServices
And added a role to our organization to manage Google Play Private Uploads:
https://admin.google.com/AdminHome#DomainSettings/notab=1&role=new-role&subtab=roles
2 Find the organization ID
This is the key part. You should find your organization ID here: https://play.google.com/work/adminsettings
3 Enroll the organization
When following the steps for the Android Management API, you need to enroll the organization ID found in your Google For Work account.
Follow the step detailed here using your enterpriseID:
enterprises/{enterpriseId}/enrollmentTokens/{enrollmentTokenId}
4 Add your app
Add your app using its PackageName in a ApplicationPolicy. Your devices will now be able to find it and install it.
You no longer need to implement a Device Policy Controller to manage Android devices, Google has recently released the Android Management API which allows you to set up a COSU device with just a few Cloud API calls.
If you have one main app and want to allow to open a few other apps, you can set the main app as a custom launcher and mark the other apps as lockTaskAllowed. You can simply do so by defining an ApplicationPolicy such as the one below (copied from Create a policy):
"applications": [
{
"packageName": "com.example.custom_launcher",
"installType": "FORCE_INSTALLED",
"lockTaskAllowed": true,
"defaultPermissionPolicy": "GRANT",
},
{
"packageName": "com.example.app1",
"installType": "FORCE_INSTALLED",
"lockTaskAllowed": true,
"defaultPermissionPolicy": "GRANT",
}
],
"persistentPreferredActivities": [
{
"receiverActivity": "com.example.custom_launcher",
"actions": [
"android.intent.action.MAIN"
],
"categories": [
"android.intent.category.HOME",
"android.intent.category.DEFAULT"
]
}
]
Google provides a good feature list here:
https://developers.google.com/android/work/requirements/features
If your devices have NFC, I would provision using NFC. You can look at the code here for your own implementation or you might be able to use the app with very few modifications.
https://github.com/googlesamples/android-NfcProvisioning
By tapping the welcome screen in the Google Setup Wizard 6 times will allow you to use QR code provisioning. It is a bit more cumbersome in my opinion and requires Android 7.0+.
Those are your only two options unless you become a Google EMM Partner or again, partner with them to support Zero Touch Enrollment on Android 8.0+ devices for your own homebaked solution.
You might want to also look at existing open source EMM/MDM implementations that already exist such as WSO2.
Related
I am developing Xamarin.Forms application which will be used for Android and iOS. It will have access to full functionality with a paid subscription.
I researched about subscriptions policy for Play Market and App Store and they require to use their in-app billing if an application gives access to some of its functionality only with a subscription.
But if, for example, user buys the subscription in Android app and then wants to use iOS app - what is the best way to handle this? Since subscriptions are created separately on Play Market and App Store side they need to be somehow synced?
That's probably a problem that was solved a ton of times, but I can't find how to do it
This is explicitly allowed on the platforms, e.g., here's an excerpt from Apple's App Review Guidelines:
3.1.3(b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or
features they have acquired in your app on other platforms or your web
site, including consumable items in multi-platform games, provided
those items are also available as in-app purchases within the app.
As to how to do this: Basically you have to have user authentication and a backend that ties a subscription status to a user ID. Also, the backend needs to keep the subscription status up to date by refreshing the subscriptions with the stores (Apple App Store, Google Play Store).
(If you weren't using Xamarin, I'd recommend using RevenueCat for this (disclaimer: I work there), but we don't have a Xamarin SDK so I don't think
that that's a possibility)
I published a private app in closed tracks to my own organization using Play Console, explained here.
Under Pricing & distribution -> User Programs -> Managed Google Play it says:
This app is privately targeted to 1 organization.
You can also target app releases in closed tracks to organizations. Manage closed tracks or Learn more
Under Release management -> App Releases -> Manage testers I added my organization.
Still, when setting my app to force install in my Android Management Api policy for my devices, my private app won't get installed and is also not visible to my dedicated devices using that policy.
Previously, I published a private app as a production release to my organization and everything works like a charm.
So what exactly do I have to do to target my organization in a closed track release?
I realised that you just have to add the "releaseTrackId", which can be found in the URL of the Play Console page that displays the app’s track information, to my application json object inside the policy. As it says here and here
List of the app’s track IDs that a device belonging to the enterprise can access. If the list contains multiple track IDs, devices receive the latest version among all accessible tracks. If the list contains no track IDs, devices only have access to the app’s production track. More details about each track are available in AppTrackInfo.
So basically in my applications array in the particular policy I just had to add the "releaseTrackId" of my closed track app in the "accessibleTrackIds" array.
"applications": [
{
"packageName": "some.package.com.closedtrackapp",
"installType": "FORCE_INSTALLED",
"accessibleTrackIds": [
"myreleaseTrackId"
]
}
],
Try this API Custom App API. Publish your private app to your organisation and wait around 10min till the app is approved before you can install to your enrolled device.
It seems that you also need to add the track Id of the closed track to your policy:
See this link for ApplicationPolicy
{
"packageName":"<package id>",
"installType":"PREINSTALLED",
"accessibleTrackIds":[
"<track id>"
]
}
The track id is found on the play console URL (releaseTrackId parameter)
So here I am again, exploring new Google platform and hunting down information and docs.
I'm trying to build a skeleton of a flow before I write any business logic code with actual use of the APIs, and as expected from Google, this process is excruciatingly painful.
I've tried to follow this doc:
https://developers.google.com/gsuite/marketplace/listing
Packaged the zip, put the flag DOMAIN_INSTALLABLE flag as was instructed in order for the app to be installible from the marketplace. In the dashboard of PRICING & DISTRIBUTION I've selected Private and added testers to the list of testers.
Now when I click View in Chrome Web Store (seen in image) it takes me to the extensions web store, and not to the marketplace store.
How can I get to the GSuite Marketplace flow, rather than the extension flow? Do I need to alter my manifest.json in some way that is not mentioned in the docs?
Thanks
it's true that the publishing flow is too complicated now. We are working on improvements and in the future everything will be in one place.
Unfortunately G Suite Marketplace does not support trusted testers (yet), that's why it doesn't show up.
What you might be able to do, is modify the url a bit after you clicked on 'View in Chrome Web Store'.
Just remove everything after the webstore id
I use this url:
https://chrome.google.com/webstore/detail/xxxxxx
xxxx should be your webstore id
You should be able to show your unlisted app in the Gsuite Marketplace, where you can initiate the install flow.
It works for me, but my test app
I've got an application that does user provisioning for Google apps (specialty provisioning).
I got to thinking, instead of going into the developer console for each customer currently using the application that it may make sense to publish the app in the market place.
Is this appropriate to do? Also, there are limits on each api key on how many requests can be done. Would a new api key get generated for each customer installing from the marketplace? Is there anything else I need to be concerned on this?
I didn't fully understand your questions so i'll try to answer the best I can.
Yes, it would be easier for your customers, especially new customers, to find your app in Marketplace. From there they can install it easier.
Not sure what you meant by "instead of going into the developer console for each customer currently using the application". Do you create a new console project for each customer?
Are you using the Provisioning API? This API is being deprecated and it will stop working by April 20, 2015. Instead you should use the Directory API.
What do you mean with "API Key"? Is it Project ID? When users install the app, the app will use the same Project ID.
You should keep in mind that there are quotas for using Google services that will go against that Project ID.
I set up Google Play Games Services through the Google Play Developer Console by following the instructions here.
I went through the troulbeshooting guide here.
If i run my app through eclipse, it can connect fine to Play Games. However now the update is released and if I download it from the Play Store it cannot connect.
I verified that my SHA1 from the android export matches what is in the developer console. I even tried linking a new app with the SHA1 and it says: "This client ID is globally unique and is already in use."
I am now panicking because my game is live and can't connect. Help!
EDIT:
I added my client ID through the Google Play Developer Console, not the Google Developer Console. I removed the Client ID that was in the Google Developer Console.
Edit:
I cannot add a new client in GDC, i get an error about "duplicate fingerprint":
Have you tried deleting the console project related with your play service game installed application ?
Before altering / adding new API clients, make sure that you have checked the following:
IS your play games project published?
Or, are the accounts you are using for testing included on the testers list?
Are you signing your app correctly? If you are using your debug keystore in a released game, the app will not correctly be able to authenticate.
At any rate, deleting clients could fix working apps if you have already published and I'd hate to give you advice that breaks stuff. That said, if you're sure you need to create / recreate your client, move on.
The reason you are encountering the "This client ID is globally unique and is already in use." issue is that there exists a client with the same package name and SHA-1 hash in any Google Developer console project (not necessarily a Google Play Games project, not necessarily the current project, and not necessarily a project for your account if you are working on teams). This is because the combination of package name and SHA-1 hash must be unique for authentication.
At any rate, it's possible that the project still has a client (for Android) created that needs to be removed. This means that you must either remove the "bad" client from the developer console, re-sign your app with a new keystore, or use a different package name.
Option 1 - Removing clients
Although this is the most destructive option, it may be a good approach if you already removed clients from the Play Games Developer console and don't want to change your configuration.
Access your project from https://console.developers.google.com because this will give you a superset of the clients created from the play games console and will have an according project. Select the APIs & Auth -> Credentials section. From here, remove any Android clients you intend to replace.
Return to https://play.google.com/apps/publish and select your games project. You should now be able to add another client.
Option 2 - Create a new keystore
This is best covered in the Android documentation. After changing your keystore, you will be able to add another client using the new keystore signature.
Option 3 - Change the package name
You must update com.yourname.app with something other than com.yourname.app. This means renaming folders in your Android project, changing includes and package namespaces, and updating your project's AndroidManifest.xml.
After changing any of these, you should be able to create a working Google API project and get your app ready.
Have you only one account?
"This client ID is globally unique and is already in use."
Maybe someone is using your sha1... or you with another account