Allow LOB apps on devices managed in Android Kiosk Devices (COSU)
When a device is configured with Android Enterprise and the Microsoft Managed Home Screen in kiosk mode (as per here https://docs.microsoft.com/en-us/intune/android-kiosk-enroll), it is not possible to deploy LOB apps to these devices. If apps are sideloaded manually, they're automatically deleted by the device policy.
Being able to deploy LOB apps (or creating a whitelist) for Android Kiosk devices would allow Android Kiosk mode to be used to its full potential.

I was talking with our Android team about this one. They said “This is already supported. However LOB apps must be deployed by either uploading through the Google Play iFrame in Intune or using a dev account for Google Play.”
Does that satisfy the spirit of the request?
28 comments
-
Carlo commented
All MDMs on the market support the manual upload of apks. In the medical device domain (but even for the majority of LOB application where you have local back end components), it is totally not acceptable to use the play store to deploy apps (there's no way to properly manage versioning between customers). What we are doing in the company where i work, is to suggest to the customer to change MDM and switch to another one. Of course sometimes it works, other time we risk to lose a customer. I strongly suggest Microsoft to implement this basic feature as soon as possible. Is it something already present in the roadmap?
-
Tre`Von McKay commented
The Managed Play Store has been a pain to work with. Our private apps are still subject to review thus slowing down our deployment process and we've run into this issue with conflicting app IDs in the private upload. We expect to have a method to push apps to our devices without having to be approved by a 3rd or using any valid package name.
-
Christoffer Unes commented
This should be an feature that Intune has. Other MDM providers support the use os LOB apps without going thru Managed Google Play Store. as an example we have an app that can't be used with Google Play as someone has already used the app id.
-
Anonymous commented
Please add the possibility to install LOB .apk without using the managed play store.
The .apk file that we received from our developers has been blocked from the private Google play store due to policy conflicts.
The second problem is that the managed home screen app only allows managed Google play store apps. So even when we find a way to install the .apk on the android devices, we still can't use the kiosk mode since the .apk can't be pinned in the managed home screen. -
Bernard Goldberger commented
No it doesn’t satisfy it because in some cases we need to load apps without registering it to google.
-
Davide Gatti commented
Hi All,
i installed my LOB app from APK on the device memory.
Device is dedicated device (Kiosk) and i added my LOB app as Android Enterprise system app and the app not deleted by policy. I forced sync many times.
I don't know how long this porkaround :-) will work.Regards.
-
Raphael commented
Hi Cathy!
This does not satisfy our request at all.
The ability to deploy apps directly to our managed devices will greatly improve the experience. The company has lots of in house apps and every time we need to deploy is a brain ache, couse the play console has lots restrictions and its dificulto to work. Can you help us with this? Is there a policy to solve the LOB install on android Corporate-owned dedicated devices?My regards.
-
Adriaan Couchez commented
@Cathy , this does not satisfy the request at all.
The ability to upload applications and distribute them to the android kiosk/managed devices is an absolute must. It is a feature that you could use with the old Intune app and android device. You just had to upload the apk to intune and distrute it to your devices. I don't see why this is not an option for managed devices.. This is the reason why we moved to another vendor because all of the other vendors have this option, every single one of them except for intune. The 2 options you stated are not solutions at all and they are just there to claim to provide support for line of business apps but in reality make it impossible to use them. I have also contacted microsoft support and they blamed it on "google" . Which is just ridiculous and shows the lack of care and knowledge about the android platform. -
Steven commented
This is ridiculous. We have been supplied with an .apk file by a company whose app we are using. This is so that we distribute a known and tested version of the app rather than let users pull down which ever version is currently on the store. We don't use IFrame or have a dev account, because we are not developers. Because of this silly restriction, we can't totally manage our android devices. Our previous MDM allowed this (we are wishing we had stayed with it). I have raised two calls with Microsoft over this but got no where except for Microsoft to blame Google. This is causing us such issues that we have actually raised the idea of abandoning Intune after barely a year of use.
-
Matt Dermody commented
Cathy, this does not satisfy the request at all as it brings us right back to the start. The desire is to have direct installation of LoB applications delivered from Intune to the devices and installed without having to involve Managed Play for that distribution.
-
Bo S. Nielsen commented
The limitation with the private apps in managed Google Play store is that it must have a unique package id. Thus it fine if you develop your own private app but if you share an app with other for instance com.symbol.enterprisehomescreen then it won’t work. Also, most of these enterprise apps which are distributed as apk files also have a config file which needs to be distributed to the device. I understand that from Google perspective all apps should be move to Google Play and configs should be manage configs but that just not how it works right now. Would be really appreciated if Intune would support this kind of app / config deployment.
-
Anonymous commented
Google iFrame cannot be only option. We need to have the ability to custom upload apps and sideload them onto Company owned devices (Android Enterprise)
-
Shaun Ord commented
I have clients that have apps that either don't adhere to google play's policies, or have been previously banned from the Google Play store. Unfortunately the differences between the US' stringent policies in areas that are legal elsewhere make installation of apps from other sources important, like from Intune for device administered android devices currently. We use this currently for business clients as this cannot be done via Android enterprise.
-
Matt Dermody commented
Is this still a missing feature? I wish dedicated device manufacturers like Zebra and Honeywell wouldnt claim that Intune is supported when basic functionality like direct LoB apk installation is not supported. Requiring Managed Play for app distribution is not a viable alternative.
-
Ville commented
This feature is still lacking.
Several other 3rd party MDM providers allow apk sideloading via dedicated or device owner management.
Microsoft Intune is forced to use Private Google Play store, but not all app providers support it. -
Anonymous commented
iFrame doesn't work for apps that are not allowed in the google play store or have already had the package name suspended. It would be helpful if a sideloading method was available to store the apk elsewhere, but install via google play? Or use company portal to inject apps? I'm not sure, but google's policies are a barrier to using the manage google play store. Outside of the richer configuration set, the device admin enrollment method is working great for our purposes, though we know we will lose the ability to enroll and push apps to our tablets post Android 10.
-
Adrian commented
When will the other opions be available in the Managed playstore iframe
https://developers.google.com/android/work/play/emm-api/managed-play-iframe
-
Dominique Ruest commented
Updates of managed google play kiosk app aren't getting deployed to devices running the kiosk app which is very problematic. Allowing LOB apps to run in kiosk mode would fix this issue. Or am I missing something to get a private managed google play app updates deployed to my devices currently running the app in kiosk mode?
-
Anonymous commented
This needs to be implemented. Now.
We have devices going out unmanaged due to this.... -
Scott Peters commented
Please add the new iFrame features https://developers.google.com/android/work/play/emm-api/managed-play-iframe