Jump to:navigation, search
Wiki

Installation of APKs

From Securepoint Wiki









































































| }}


De.png
En.png
Fr.png









Installing applications via Android Packages (APKs) outside of the Google Play Store

Last adaption: 03.2025

New:
notempty
This article refers to a Resellerpreview
Access: portal.securepoint.cloud  Mobile Security Android  Profiles
notempty
Apps in the Play Store go through a review by Google.
APKs without this check pose a significant security risk. Be it through targeted malicious code that lands unchecked on the device due to installation from unknown sources, or even just bad code that contains unknown security vulnerabilities.



Installation options

Private Apps

  • Open profile
  • Applications tab
  • Add application
    • Select application button (Google Play Store dialog opens)
    • Menu left side: private Apps
    • Upload Private App
  • Size < 100MB
  • no activated developer features (debug mode)
  • Package name must not have been known to Google before!
    → High developer effort: A separate APK must exist for each customer
  • Updates must be made by the developer for each APK (=each customer)
    •


    per closedTrack in cooperation with the developer

    Use of closedTracks
    Google explicitly provides for the use of closed tracks not only for beta versions with a closed circle of testers, but also "... customers may need more granular control over which versions of an app reaches end users." Managed Google Play Help
    This procedure offers the following advantages:
  • verified and encrypted installation and update channel
  • GooglePlayProtect ensures the integrity of the app
  • Developer must add tenant ID once to a closed testing track
    • Requirements (developer-side steps)
    		Play Store Beta.png
    Developer environment in Play Store
    Vor App-Release im PlayStore
    Bevor die App in Google Play Store released wird, kann diese unterschiedliche Testphasen durchlaufen.
    Diese geschlossenen Test bieten die Möglichkeit App-Updates über E-Mail-Listen oder EnterpriseIDs
    auszuliefern.


    Dazu muss die verwendete E-Mail auf dem Gerät in die Liste der Tester aufgenommen werden und ein Teilnahmelink verschickt werden.
    Für die Nutzung einer closedTrack-Version über die EnterpriseID innerhalb des Unified Security Portals ist es notwendig, dass die App bereits released ist.

    		ManagedPlayStore-en.png
    Falls die App nicht über den automatischen DevAccount von Google die APKs managen soll, sondern die App über einen eigenen Account gemanagt werden soll, so gibt es zwei Möglichkeiten hierzu:
    App öffentlich freigeben
    • unterstützt Updates über geschlossene Test-Tracks
    • App muss jedoch produktiv administriert werden
    App auf privat stellen
    • App-Zugriff ist auf EnterpriseIDs beschränkt
    • App wird über den Managed Play Store verwaltet Private Apps über die Play Console veröffentlichen
    • Navigation: Testen und veröffentlichenEinrichtenErweiterte EinstellungenManaged Play Store
    • unter Umständen wird closedTracks nicht mehr unterstützt
    Ins Portal einbinden
    Unified Security Portal  Mobile Security Android  Profiles → Open profile → Tab Applications
    Application  Add application MS 1.31 Android Profil Anwendungen TrackID-en.png
    Track ID (Selectable after a save)
    Package name de.securepoint.ms.agent Add package name (must be provided by the app developer)
    Installation type Available
    Force installation    		 Select appropriate installation type: Available or Force installation
    Accessible Track IDs AppName-closedTrack
  • Selection is temporarily possible only after saving or changing the tab for a short time
    • Track IDs list of the app that can be accessed by a device of the company.
    • If the list contains multiple track IDs, devices will get the latest version among all accessible tracks.
    • If the list does not contain track IDs, devices will only have access to the app's production track.

    Installation via sideloading (not recommended!)

    • Open profile → Restrictions tab:
    • Untrusted apps policy → "Allow"
    • Applications tab (if Play Store Mode is on Approval List)
      • Add package name
      • Installation type Available or Force installation
    • Install APK manually on the devices
    • Untrusted apps policy → "Do Not Allow"
    • No review by Google → No quality assurance
    • No verification by Google Play Protect → Changes to the original source code are not detected
    • No update channel → New versions must be installed manually again
    • Each device must be updated individually

    Error message / Troubleshooting

    Error message Cause Solution
    APK has been signed with an insecure key size Google classifies the key length as too insecure Google requires a key length of at least 2048 bits. Create new key with at least this bit length.
    Retrieved from "https://wiki.securepoint.de/index.php?title=MS/APKs&oldid=95132"