operational device used for scanning - but what about those "other" Play Store apps?
We have rugged operational devices from various OEMs that we use for specific purposes to run the business - and we put our own internally developed business apps that we need on the devices. Those are the only apps that an end user ever opens, and, we usually have a specific Launcher in place. We don't usually look too much at the "consumer" type apps that come installed with Android on the device, normally. (calculator, clock, gmail, google TV, etc.) However with the recent news about Chrome vulnerabilities coming out, we have started to look at this again.
I am curious how others are dealing with this situation - do you update these other apps on your rugged devices, even if they are never used? Do you remove them? If you do update them, how do you do it? Does it happen automatically without intervention, or do you need to add them in as managed apps to whatever MDM you are using?
What we see is, without taking any action, that those apps never update as it stands now. As a first attempt at dealing with this situation, we just added Chrome as a "managed" app in our MDM, and only then does Chrome update.
I think it very depends on your environment.
If you have a static (maybe also isolated from internet) environment and you don't use such apps, you could still ignore them but when you use web apps etc, for example the webview app and chrome should be updated regulary for security and compatiblity reasons but always carefully.
We use managed play store for example and figured out that sometimes Google default/system apps get stuck in the managed playstore (because in the playstore there is an update available but we don't provided those to the devices) and causing an issue that provided apps are also not able to being updated.
So we decided later to update/provide all of those system apps to prevent this and since then all went fine. Even I really don't like that i need to act like that.
If you're running dedicated, either with a custom launcher or an EMM kiosk my assumption would be you've got system apps disabled out through fully managed provisioning, and users don't access them generally?
If that's the case then no, they won't update through Play because they're disabled and not much of a risk unless they were to be enabled through MDM, at which point they should receive updates.
Is this your use case, or are you seeing different?