4th January 2022
We are currently evaluating Sophos MDM to manage some Android tablets for our customers. I have some questions that I cannot seem to find answers for in the documentation;
1) Although in Setup -> Google Setup -> Android, I am setup for Android Enterprise and the installation source is "Google Play", can I have a combination of Google play and APK files? So basically, in Configure -> Apps -> Android, I can use "Managed by Google Play" apps or I can add an apk file and add those to task bundles.
2) In either of the above scenario's, can I control WHEN an update to an app is pushed onto the device? So basically, having the ability to choose a set of devices and then sending through app updates be it from google play or an updated .apk file?
Some context behind my questioning. A software house that has android and iOS apps and they talk to a server using API calls. When features and functionality are enhanced on the server software and therefore on the apps, they would release the apps on the respective stores, but only need to upgrade the customer devices with the new builds of apps when they are on the new version of the server software also. These updates would happen at different times with different customers, so we need to control when the devices get the updates for our apps. General Google Play apps can updated automatically.
Thank you for reaching out to the Sophos Community Forum.
Settings to control when your apps get updated can be defined from within your Android Enterprise Policy. By selecting "Add Configuration > Google Play" the following options are present for "Auto update apps".- Over any network- Over WiFi only- Don't update apps automatically- Use device setting
The best options for your use-case would be either to select "Don't update apps automatically" or to use a "Private App". If a new version is published to the google play store, the devices will not update the version present, unless you create a task "Install App" over-top of the version already present.
The Private App will require you to upload the new revision of the application each time an update occurs, this offers the most granularity for you to control which version gets deployed out to which device. You can also have multiple versions present if all of the devices are being managed under one instance of SMC.
5th January 2022
Many thanks for your answer. The option you are proposing is to set it in the policy, I assume that means that ALL apps that are installed on the device are either automatically updated or manually updated. Is it not possible to select which apps are manually updated and which are automatically updated.
Secondly, if we use this option, are you saying that to update the app, we need to reinstall the app? I'm concerned that if we have to reinstall the app on 100+ devices, the configuration of the app may be overwritten.
Dave Chunilal said:ALL apps that are installed on the device are either automatically updated or manually updated. Is it not possible to select which apps are manually updated and which are automatically updated.
That is correct, the controls present with this setting are not so granular to allow you to define it for each application.
Your second point is an entirely valid concern. When looking through Google's documentation of Android Enterprise functions to see if the "Private App" option allows you to simply update the version that has been published previously, I was able to locate the following information. It is possible to update Private Apps using the EMM or using Google Play Publishing API.- https://developers.google.com/android/work/play/custom-app-api/publish
I was not able to test this fully on my side, as I do not have a valid APK file that is usable with the Private Apps option, but it looks like this should work with what you have in mind.
Let me know your thoughts.
7th January 2022
Thanks for your response - makes sense.
I'm going to go through this with my developers and look at the possibility of having this as a private app and then come back to you.
Dave S. Chunilal
16th January 2022
Apologies for the delay. After discussions with our developers. Can I just clarify that If I setup so that all apps are updated automatically, BUT our app is a private app and therefore that would be updated as and when I push it down?
So basically having the ability to have some public apps, but also a private app.
I appreciate that my private app cannot be a public app also.