Jump to:navigation, search
Wiki

Installation of APKs

From Securepoint Wiki












































































De.png
En.png
Fr.png






Installing applications via Android Packages (APKs) outside of the Google Play Store
Last adaption: 07.2023
New:
notempty
This article refers to a Resellerpreview

Access: portal.securepoint.cloud  Mobile Security Android  Profiles


notempty
Apps in the Play Store go through a review by Google.
APKs without this check pose a significant security risk. Be it through targeted malicious code that lands unchecked on the device due to installation from unknown sources, or even just bad code that contains unknown security vulnerabilities.


Installation options

Manual (not recommended!)

  • Open profile → Restrictions tab:
  • Untrusted apps policy → "Allow"
  • Applications tab (if Play Store Mode is on Approval List)
    • Add package name
    • Installation type Available or Force installation
  • Install APK manually on the devices
  • Untrusted apps policy → "Do Not Allow"
  • No review by Google → No quality assurance
  • No verification by Google Play Protect → Changes to the original source code are not detected
  • No update channel → New versions must be installed manually again
  • Each device must be updated individually

Unified Security Portal →  Mobile Security  Android   Profiles → Open profile → Tab Restrictions

Caption Value Description MSP v1.16 Profile Einschränkungen APKs-en.png
Untrusted apps policy Allow Allows installation of APKs from sources other than the Google Play Store
Tab Applications
Play Store Modus Approval list If the Playstore mode is set to Approval list, the package name must be explicitly allowed MSP v1.16 Android Profile Anwendungen APKs1-en.png
Application  Add application
Package name     Add package name (must be provided by the app developer)
Installation type Available
Force installation		 Select appropriate installation type: Available or Force installation
Install APK manually on the devices
Tab Restrictions
Untrusted apps policy Do not allow
  • After installing the desired app, the installation should be prohibited again.

    • Private Apps (not recommended!)

    • Open profile
    • Applications tab
    • Add application
      • Select application button (Google Play Store dialog opens)
      • Menu left side: private Apps
      • Upload Private App
  • Size < 250MB
  • no activated developer features (debug mode)
  • Package name must not have been known to Google before!
    → High developer effort: A separate APK must exist for each customer
  • Updates must be made by the developer for each APK (=each customer)

    • Unified Security Portal →  Mobile Security  Android   Profiles → Open profile → Tab Applications

    Caption Button Description MSP v1.16 Play Store private Apps-en.png
    Private Play Store
    Application  Add application
    Package name  Select application The Google Play Store opens in a separate window
     Private Apps MSP Play Store Private App hinzufügen.png
    		 Manage private apps
    Title Title Unique description MSP v1.16 Play Store Private Apps Auswahl-en.png
    Dialog for selecting an APK
    APK file
    Upload APK
    		 Upload application
    • Package size must be < 250MB
    • Package name must not have been known to Google before
    Create

    The button can only be reached by scrolling to the right in the dialog    		 Creates the app in the private or internal apps section MSP v1.16 Play Store Private Apps APK-en.png
    As soon as the app status is Available (this can take from a few minutes to several hours), the app can be selected and thereby added to the app list in the Securepoint portal. Play Store Private Apps.png

    per closedTrack in cooperation with the developer

    Use of
    Google explicitly provides for the use of closed tracks not only for beta versions with a closed circle of testers, but also "... customers may need more granular control over which versions of an app reaches end users."→Managed Google Play Help

    This procedure offers the following advantages:

  • verified and encrypted installation and update channel
  • GooglePlayProtect ensures the integrity of the app
  • Developer must add tenant ID once to a closed testing track
    • Requirements (developer-side steps) Play Store Beta.png
    Developer environment in Play Store

    Unified Security Portal →  Mobile Security  Android   Profiles → Open profile → Tab Applications
    Application  Add application MSP v1.16 Android Profil Anwendungen TrackID-en.png
    Track ID (Selectable after a save)
    Package name de.securepoint.ms.agent Add package name (must be provided by the app developer)
    Installation type Available
    Force installation    		 Select appropriate installation type: Available or Force installation
    Accessible Track IDs AppName-closedTrack
  • Selection is temporarily possible only after saving or changing the tab for a short time
    • Track IDs list of the app that can be accessed by a device of the company.
    • If the list contains multiple track IDs, devices will get the latest version among all accessible tracks.
    • If the list does not contain track IDs, devices will only have access to the app's production track.

    Error message / Troubleshooting

    Error message Cause Solution
    APK has been signed with an insecure key size Google classifies the key length as too insecure Google requires a key length of at least 2048 bits. Create new key with at least this bit length.
    Retrieved from "https://wiki.securepoint.de/index.php?title=MS/APKs&oldid=87072"