Forum Discussion
[Feedback] App installs: share your experiences & suggestions
Hi Lizzie,
A couple of things come to mind with regards to working with apps on android (smartphones and tablets for me):
- App version management
- This is now done within an MDM that supports version management (WS1, Knox Manage and more)
- It would be nice to have such a feature in MGP making it available to every managed device without waiting for an MDM to implement it, or not.
- Some apps require specific rights, causing Android to prompt the user for approval. In some cases, you just want to make the device work as expected without involving the end user. Prompts do not always appear, depending on the app, and end users might ignore them making the app not work properly
- I'm aware that this is expected behaviour due to privacy regulations. But on a fully managed or dedicated device, you could say that the end user is using a device work purposes only (in theory). I would rather see that I'm able to set all needed permissions for an app, and notify the user that some privacy related permissions are given to an app instead of asking the user to set it.
The lack of proper version control in Managed Play continues to be one of the primary barriers to adoption for fully managed device use cases. I ultimately need to be able to control what version of an app is installed on a given group of devices and have precise control over the timing of upgrades and the ability to roll back as needed. MGP currently doesn't provide any of those mechanisms (precise timing, rollback, version control) so I can't realistically adopt it for mission critical device deployments. Instead I have to rely on direct APK installs through custom DPC based EMMs and avoid AMAPI based EMMs entirely. Until this feature gap is closed we won't be able to consider any AMAPI based solutions for line of business device deployments.
Also completely agree on your point around privacy prompts on company owned devices. It's completely nonsensical for these prompts to be displayed on a line of business devices like a POS register or an inventory device in a warehouse that are ultimately configured by an IT team and also shared across many users. What is the point of having a user granted permission prompt when the end user themselves are never being faced with these prompts (devices configured ahead of time). This extends into the increasingly painful setup wizard permission prompts that make no sense in the fully managed device space. The person manually accepting these prompts is not the ultimate end user of the device so what even is the point? We need to be able to blanket accept given permissions and prompts at an enterprise level for corporate owned shared line of business devices.
Hey mattdermody​,
I hope you are doing ok. Thanks for sharing your thoughts on this, I knew you'd have some feedback on this.
Your points on the prompts, as I said to Michel, I think this makes a lot of sense. Regarding the 'blanket accept given permission', as some of the acceptance is regarding privacy and in place to protect the end user, are you saying for fully managed devices would you have this display say once to the user when they get given the device (and start using it) or are you thinking at another time? And if new apps coming on have a more heavy level of permissions needed, would you like that to be blanketed into the one time prompt at setup? Feel free to correct me if I've misunderstood here. 🙂
Thanks again,
Lizzie
I dont think the end users should be prompted AT ALL for the devices that I'm referring to. A barcode scanning device shared across numerous shifts and end users without one dedicated end user should not prompt for privacy prompts or run time permissions. These should be able to be granted instead globally by the EMM. There are also android powered POS registers, customer facing displays, digital signage, kiosks, and other mission critical shared device uses where it does not make sense to have any end user view and accept privacy permission prompts. It makes even less sense to consider prompting every new user every time to accept these prompts. Imagine you're at a check out in a grocery store and you have to first accept Android privacy permission prompts before being able to proceed with your checkout. Google just doesnt seem to understand all of the use cases of their OS and are applying consumer grade protections to enterprise level devices as a result.
I Totally agree with mattdermody​
We are only managing dedicated devices in intune, they are user-less, there is no user to protect privacy for. All prompts during enrollment are 90% waste of time and money. Not so "Zero touch" ;)
Maybe there can be some kind of centrally managed consent or agreement the IT admin can sign on behalf of the "users".
Amen to that! :)
I totally agree.This got me thinking of tracks. This should be available for all apps from the MDM.
