Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cosu app development through Android Management Api or device owner locktask

i have to implement single use application for my Enterprise's devices where there is only one major android app that itself can use 2-3 other apps like call, sms and google maps, other than that user must not be able to use or access other apps and settings,

1) I have considered Corporate owned Single use through Enterprise Management Api which is more sophisticated and big, but more complete solution.

2) I have implemented and tested the sample Lock task with an android device owner app that looks more like being my solution, but there is a problem

How do i provision device owner for production level devices? for my test i was able to provision with adb shell commmand. i know that device must be new/Reset and unprovisioned thats not a problem.

I am seeking some suggestion here, if anybody has implemented it it could help.

Update

going with the android management Api QuickStartGuide, suggested by Fred seems like correct way. where my policy is Multiple app from custom launcher now i am stuck in a situation, i want to publish my launcher app or other app to play store only for my enterprise.

I have followed Upload your own app to the Google Play Store,which led me to publish private app, but i am not able to do so as i am not getting Restrict Distribution option.

I don't know how to perfectly achieve this. for my current policy and enterprise, i have 2 active email ids,

first email_1 is the one which is connected to the initial project Project owner accountand

all the google api call is done under email_1 enter image description here.

and the other is email_2 the one is admin for the enterprise Admin of the enterprise

and connected to managed Google Play Store.Managed play store admin

both email_1 and email_2 has admin access to my company developer account Publish App account.

Now i need to figure out to publish app only for my enterprise, i think there is a issue with correct permission or otherwise, need Help. Thanks

like image 973
Vikas Pandey Avatar asked Oct 13 '17 13:10

Vikas Pandey


People also ask

What are COSU devices?

Dedicated devices (formerly called corporate-owned single-use, or COSU) are fully managed devices that serve a specific purpose.

What is Android management API?

The Android Management API is available as part of Android Enterprise, an initiative providing developers with tools to build solutions for organizations to manage their Android device fleets. The program is intended for enterprise mobility management providers (EMMs).

What is Android enterprise device owner?

Android terms Bring-your-own device (BYOD)–A personal device that a user adds their work account to. Device owner–The management privilege that gives the enterprise mobility management provider complete control over a device. The user can't add a personal account.

What is Android dedicated device?

The dedicated device solution set is designed for company-owned devices that fulfill a single use case such as digital signage, ticket printing, or inventory management. This solution set allows IT admins to further lock down the usage of a device to a single app or small set of apps.


2 Answers

It's easy, once you understand the missing links. The documentation should definitely clarify these steps.

1 Setup the accounts

We created a Google Suite Account for our client and uploaded his app in the Google Play Console account created using a Google Account under their organization, and limited the app distribution to their organization.

We also added Android for Work to our organization here: https://admin.google.com/AdminHome?pli=1&fral=1#SelectServices

And added a role to our organization to manage Google Play Private Uploads: https://admin.google.com/AdminHome#DomainSettings/notab=1&role=new-role&subtab=roles

2 Find the organization ID

This is the key part. You should find your organization ID here: https://play.google.com/work/adminsettings

3 Enroll the organization

When following the steps for the Android Management API, you need to enroll the organization ID found in your Google For Work account.

Follow the step detailed here using your enterpriseID:

enterprises/{enterpriseId}/enrollmentTokens/{enrollmentTokenId}

4 Add your app

Add your app using its PackageName in a ApplicationPolicy. Your devices will now be able to find it and install it.

like image 117
Francesco Frapporti Avatar answered Oct 03 '22 20:10

Francesco Frapporti


You no longer need to implement a Device Policy Controller to manage Android devices, Google has recently released the Android Management API which allows you to set up a COSU device with just a few Cloud API calls.

If you have one main app and want to allow to open a few other apps, you can set the main app as a custom launcher and mark the other apps as lockTaskAllowed. You can simply do so by defining an ApplicationPolicy such as the one below (copied from Create a policy):

"applications": [
  {
    "packageName": "com.example.custom_launcher",
    "installType": "FORCE_INSTALLED",
    "lockTaskAllowed": true,
    "defaultPermissionPolicy": "GRANT",
  },
  {
    "packageName": "com.example.app1",
    "installType": "FORCE_INSTALLED",
    "lockTaskAllowed": true,
    "defaultPermissionPolicy": "GRANT",
  }
],
"persistentPreferredActivities": [
  {
    "receiverActivity": "com.example.custom_launcher",
    "actions": [
      "android.intent.action.MAIN"
    ],
    "categories": [
      "android.intent.category.HOME",
      "android.intent.category.DEFAULT"
    ]
  }
]
like image 28
Fred Avatar answered Oct 03 '22 20:10

Fred