Jump to:navigation, search
Wiki

Installation of APKs

From Securepoint Wiki




























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden






















































Installing applications via Android Packages (APKs) outside of the Google Play Store

Last adaption: 03.2025

New:
notempty
This article refers to a Beta version
Access: portal.securepoint.cloud  Mobile Security Android  Profiles
notempty
Apps in the Play Store go through a review by Google.
APKs without this check pose a significant security risk. Be it through targeted malicious code that lands unchecked on the device due to installation from unknown sources, or even just bad code that contains unknown security vulnerabilities.



Installation options

Private Apps

  • Open profile
  • Applications tab
  • Add application
    • Select application button (Google Play Store dialog opens)
    • Menu left side: private Apps
    • Upload Private App
  • Size < 100MB
  • no activated developer features (debug mode)
  • Package name must not have been known to Google before!
    → High developer effort: A separate APK must exist for each customer
  • Updates must be made by the developer for each APK (=each customer)

    • Unified Security Portal  Mobile Security Android  Profiles → Open profile → Tab Applications

    Caption Button Description
    Private Play Store
    Application  Add application
    Package name  Select application The Google Play Store opens in a separate window
     Private Apps
    		Manage private apps
    Titel Titel Unique description
    Dialog for selecting an APK
    APK file
    Upload APK
    		 Upload application
  • Package size must be < 100MB
  • Package name must not have been known to Google before
    • Create

    The button can only be reached by scrolling to the right in the dialog    		 Creates the app in the private or internal apps section
    As soon as the app status is Available (this can take from a few minutes to several hours), the app can be selected and thereby added to the app list in the Securepoint portal.


    per closedTrack in cooperation with the developer

    Use of closedTracks
    Google explicitly provides for the use of closed tracks not only for beta versions with a closed circle of testers, but also "... customers may need more granular control over which versions of an app reaches end users." Managed Google Play Help
    This procedure offers the following advantages:
  • verified and encrypted installation and update channel
  • GooglePlayProtect ensures the integrity of the app
  • Developer must add tenant ID once to a closed testing track
    • Requirements (developer-side steps)
    Developer environment in Play Store
    Before app release in the Play Store
    Before the app is released in the Google Play Store, it can go through different testing phases
    These closed tests offer the option to deliver app updates via email lists or Enterprise IDs
    Organisationen in EMM context


    For this, the emails used on the device must be added to the tester list, and a participation link must be sent out
    To use a closedTrack version via the Enterprise ID within the Unified Security Portal, it is necessary that the app has already been releaded

    If the app is not intended to manage APKs via Google's automatic developer account, but instead should be managed through a custom developer account, there are two options for this:
    Make app public
    • Supports updates via close test tracks
    • However, the app must be managed in a production environment
    Set app to private
    		App access is restricted to Enterprise IDs
    • The app is managed via the Managed Play Store Administrator Publish private apps via the Play Console
    • Navigation: Test and Publsih → ""Set up"" → Advanced SettingsManaged Play Store
    • In some cases, closedTracks may no longer be supported
    Integrate into the portal
    Unified Security Portal  Mobile Security Android  Profiles → Open profile → Tab Applications
    Application  Add application
    Track ID (Selectable after a save)
    Package name de.securepoint.ms.agent Add package name (must be provided by the app developer)
    Installation type Available
    Force installation    		 Select appropriate installation type: Available or Force installation
    Accessible Track IDs AppName-closedTrack
  • Selection is temporarily possible only after saving or changing the tab for a short time
    • Track IDs list of the app that can be accessed by a device of the company.
    • If the list contains multiple track IDs, devices will get the latest version among all accessible tracks.
    • If the list does not contain track IDs, devices will only have access to the app's production track.

    Installation via sideloading (not recommended!)

    • Open profile → Restrictions tab:
    • Untrusted apps policy → "Allow"
    • Applications tab (if Play Store Mode is on Approval List)
      • Add package name
      • Installation type Available or Force installation
    • Install APK manually on the devices
    • Untrusted apps policy → "Do Not Allow"
    • No review by Google → No quality assurance
    • No verification by Google Play Protect → Changes to the original source code are not detected
    • No update channel → New versions must be installed manually again
    • Each device must be updated individually

    Unified Security Portal  Mobile Security Android  Profiles → Open profile → Tab Restrictions

    Caption Value Description
    Untrusted apps policy Allow Allows installation of APKs from sources other than the Google Play Store
    Tab Applications
    Application  Add application
    Package name com.android.no-good-idea.apk Add package name (must be provided by the app developer)
    Installation type Available
    Force installation    		 Select appropriate installation type: Available or Force installation
    Play Store Modus Approval list If the Playstore mode is set to Approval list, the package name must be explicitly allowed
    Install APK manually on the devices
    Tab Restrictions
    Untrusted apps policy Do not allow
  • After installing the desired app, the installation should be prohibited again.
    •

    Error message / Troubleshooting

    Error message Cause Solution
    APK has been signed with an insecure key size Google classifies the key length as too insecure Google requires a key length of at least 2048 bits. Create new key with at least this bit length.
    Retrieved from "https://wiki.securepoint.de/index.php?title=MS/APKs&oldid=96016"