Allow LOB apps on devices managed in Android Kiosk Devices (COSU)
When a device is configured with Android Enterprise and the Microsoft Managed Home Screen in kiosk mode (as per here https://docs.microsoft.com/en-us/intune/android-kiosk-enroll), it is not possible to deploy LOB apps to these devices. If apps are sideloaded manually, they're automatically deleted by the device policy.
Being able to deploy LOB apps (or creating a whitelist) for Android Kiosk devices would allow Android Kiosk mode to be used to its full potential.
I was talking with our Android team about this one. They said “This is already supported. However LOB apps must be deployed by either uploading through the Google Play iFrame in Intune or using a dev account for Google Play.”
Does that satisfy the spirit of the request?
What more do you need from administrators to get this sideloading without google play to work in Android Enterprise?
What can we do for you ?
Chris Bijl commented
I cant use the private Google Playstore. The APK files we would like to use, are used by other companies.. So the BundleID is allready in use. Sometimes we need to use a specific APK version, not the latest version in de playstore.
After nearly three years I can see that this feature has still not received any attention. As many have said in the comments, using the Managed Google Play Store to deploy a private app is not an acceptable solution. Every MDM on the market except Intune gives administrators the ability to deploy a .APK file to managed devices without it having to meet the Store requirements. Many LOB apps are incompatible with the requirements of the Store since the store is designed for publically available apps. Intune is missing out on market share because of this. I have to add my name to list of administrators under pressure to move to a different MDM because of this.
LOB support for Kiosk mode is a requirement that should be implemented as fast as possible.
As Google Play is a nightmare for old legacy APKs and versioning.
Knox Manage allows us to install APK files on Android Enterprise without uploading through the Google Play iFrame or using a developer account. I was really hoping Intune would support this as well. We have quite a few legacy applications we cannot install.
All MDMs on the market support the manual upload of apks. In the medical device domain (but even for the majority of LOB application where you have local back end components), it is totally not acceptable to use the play store to deploy apps (there's no way to properly manage versioning between customers). What we are doing in the company where i work, is to suggest to the customer to change MDM and switch to another one. Of course sometimes it works, other time we risk to lose a customer. I strongly suggest Microsoft to implement this basic feature as soon as possible. Is it something already present in the roadmap?
Tre`Von McKay commented
The Managed Play Store has been a pain to work with. Our private apps are still subject to review thus slowing down our deployment process and we've run into this issue with conflicting app IDs in the private upload. We expect to have a method to push apps to our devices without having to be approved by a 3rd or using any valid package name.
Christoffer Unes commented
This should be an feature that Intune has. Other MDM providers support the use os LOB apps without going thru Managed Google Play Store. as an example we have an app that can't be used with Google Play as someone has already used the app id.
Please add the possibility to install LOB .apk without using the managed play store.
The .apk file that we received from our developers has been blocked from the private Google play store due to policy conflicts.
The second problem is that the managed home screen app only allows managed Google play store apps. So even when we find a way to install the .apk on the android devices, we still can't use the kiosk mode since the .apk can't be pinned in the managed home screen.
Bernard Goldberger commented
No it doesn’t satisfy it because in some cases we need to load apps without registering it to google.
Davide Gatti commented
i installed my LOB app from APK on the device memory.
Device is dedicated device (Kiosk) and i added my LOB app as Android Enterprise system app and the app not deleted by policy. I forced sync many times.
I don't know how long this porkaround :-) will work.
This does not satisfy our request at all.
The ability to deploy apps directly to our managed devices will greatly improve the experience. The company has lots of in house apps and every time we need to deploy is a brain ache, couse the play console has lots restrictions and its dificulto to work. Can you help us with this? Is there a policy to solve the LOB install on android Corporate-owned dedicated devices?
Adriaan Couchez commented
@Cathy , this does not satisfy the request at all.
The ability to upload applications and distribute them to the android kiosk/managed devices is an absolute must. It is a feature that you could use with the old Intune app and android device. You just had to upload the apk to intune and distrute it to your devices. I don't see why this is not an option for managed devices.. This is the reason why we moved to another vendor because all of the other vendors have this option, every single one of them except for intune. The 2 options you stated are not solutions at all and they are just there to claim to provide support for line of business apps but in reality make it impossible to use them. I have also contacted microsoft support and they blamed it on "google" . Which is just ridiculous and shows the lack of care and knowledge about the android platform.
This is ridiculous. We have been supplied with an .apk file by a company whose app we are using. This is so that we distribute a known and tested version of the app rather than let users pull down which ever version is currently on the store. We don't use IFrame or have a dev account, because we are not developers. Because of this silly restriction, we can't totally manage our android devices. Our previous MDM allowed this (we are wishing we had stayed with it). I have raised two calls with Microsoft over this but got no where except for Microsoft to blame Google. This is causing us such issues that we have actually raised the idea of abandoning Intune after barely a year of use.
Matt Dermody commented
Cathy, this does not satisfy the request at all as it brings us right back to the start. The desire is to have direct installation of LoB applications delivered from Intune to the devices and installed without having to involve Managed Play for that distribution.
Bo S. Nielsen commented
The limitation with the private apps in managed Google Play store is that it must have a unique package id. Thus it fine if you develop your own private app but if you share an app with other for instance com.symbol.enterprisehomescreen then it won’t work. Also, most of these enterprise apps which are distributed as apk files also have a config file which needs to be distributed to the device. I understand that from Google perspective all apps should be move to Google Play and configs should be manage configs but that just not how it works right now. Would be really appreciated if Intune would support this kind of app / config deployment.
Google iFrame cannot be only option. We need to have the ability to custom upload apps and sideload them onto Company owned devices (Android Enterprise)
Shaun Ord commented
I have clients that have apps that either don't adhere to google play's policies, or have been previously banned from the Google Play store. Unfortunately the differences between the US' stringent policies in areas that are legal elsewhere make installation of apps from other sources important, like from Intune for device administered android devices currently. We use this currently for business clients as this cannot be done via Android enterprise.
Matt Dermody commented
Is this still a missing feature? I wish dedicated device manufacturers like Zebra and Honeywell wouldnt claim that Intune is supported when basic functionality like direct LoB apk installation is not supported. Requiring Managed Play for app distribution is not a viable alternative.
This feature is still lacking.
Several other 3rd party MDM providers allow apk sideloading via dedicated or device owner management.
Microsoft Intune is forced to use Private Google Play store, but not all app providers support it.