Forum Discussion

w4lter's avatar
w4lter
Level 2.0: Eclair
2 months ago

Managed Google Play private app not available on Corporate-owned devices with work profile

Hi community,

 

I'm encountering a strange issue and could use some guidance.

A Google developer account released an app to Managed Google Play (so it's automatically private and not available on the public store) and entered our organization ID in the appropriate field.

 

We can find the app on the iframe in our MDM (Microsoft Intune in this case), select it, and assign it to groups.

Everything looks good: BYOD deployments (Personally-owned devices with work profiles) can install the app from the Managed Google Play store. However, COPE devices (Corporate-owned devices with work profiles) cannot search for it, and it's also not visible in the app collections we've created.

 

Could there be a setting in the Google developer account's store listing that prevents availability for COPE devices? 

I've exhausted all options in Intune, including multiple store syncs, with no success.

Intune is telling me, that the App is available to install on the specific COPE devices, but it does simply no appear.

The only thing left to check is the Google developer account that released the app for us.

Has anyone else experienced this issue?

 

Any hints or suggestions would be greatly appreciated.

Thanks!

 

Walter

  • jasonbayton's avatar
    jasonbayton
    Level 4.0: Ice Cream Sandwich
    2 months ago

    Could you double check how group assignments are set? Intune is a pain for hiding assigned apps from the store

    • w4lter's avatar
      w4lter
      Level 2.0: Eclair
      2 months ago

      hi jason,

       

      group assignments are set to "Available for enrolled devices" without any filters. pretty straight forward.

       

      i have on my table 2 devices enrolled with my user (im allowed to the app, because im member of one assigned group)

      BYOD -> App is visible

      COPE -> App is not visible and not searchable

  • Alex_Muc's avatar
    Alex_Muc
    Level 2.3: Gingerbread
    2 months ago

    Are the two devices the same device type / device model?

    I've seen this kind of behavior in the past when an app is restricted to certain display sizes via manifest.xml. (I am thinking of this) Such apps could be installed manually as apk, but Google Play refused to install them.

     

    I am not aware that an app can be restricted to certain Android management modes via manifest.xml / Managed Play.

    A privateApp available for an OrganizationID is generally available to the UEM. The UEM then releases the app for certain GoogleUserIDs/GoogleDeviceIDs in the background, making the apps available on the devices in Managed Play. (at least with the EMM API)

    Either the app assignment is not quite right, or the app is not compatible with certain devices.

  • w4lter's avatar
    w4lter
    Level 2.0: Eclair
    21 days ago

    hi,

    i want to make an update of my initial post, because there are new findings.

     

    a bit late, but we found out that the app developer used the "same" App Identifier, but case-sensitive, so for example:

     

    App 1: com.android.myapp

    App 2: com.Android.MyApp

     

    in my point of view, i was thinking google does not allow this, but also on android itself it's possible to install apps side-by-side with that App Identifier like in my example.

     

    It seems, that "Intune App" which is the controller on COPE Devices is not able to handle case-sensitive App Identifier, while "Company Portal App" on BYOD Devices is able to handle this.

     

    On COPE Devices, App 2 is not visible because (i guess) Intune App is thinking that App exists already. Also interesting finding -> if i set in Intune App 2 as "Uninstall" then App 1 will be uninstalled. If i set in Intune App 2 as "Required" then also App 1 will be installed.

     

    I'm quite sure this is a 100% Microsoft (Intune App) issue, but Microsoft Support is telling me, i need to Contact Google Support, because the App is not visible in "Managed Google Play Store".

     

    My Question now is:

    Where and how can i contact Google Support regarding Managed Google Play Store?

     

    Thanks.

  • Timmy's avatar
    Timmy
    Level 2.0: Eclair
    21 days ago

    Lizzie  - Do you have any pointers here on how to get in contact with someone at Google support in cases like this where its related to Managed Google Play and private apps ? 

    Me and w4lter have had a discussion around this issue over at the Intune subreddit. Im reaching out to some of my Microsoft contacts as well and I will be looking in to reproducing this issue as well. 

  • Lizzie's avatar
    Lizzie
    Google Community Manager
    21 days ago

    Hey Timmy and w4lter,

     

    Thanks for sharing this information - good to know. It's certainly an interesting one! I wonder would you be willing to share the app bundle(s) with me via direct message perhaps? Then I can see if I can raise this internally? 

     

    Thanks,

    Lizzie

     

     

  • Moombas's avatar
    Moombas
    Level 4.1: Jelly Bean
    20 days ago

    In general i would rather recommend to really use unique bundleIDs also to be sure not creating any kind of conflicts in the background.

  • Alex_Muc's avatar
    Alex_Muc
    Level 2.3: Gingerbread
    20 days ago

    I wasn't even aware that the Android package names are case sensitive. I haven't found much documentation on the Internet, e.g. information on the manifest.xml: https://developer.android.com/guide/topics/manifest/manifest-element

     

    In the past, we had apps from external devs that also used capital letters, but different versions were clearly named. (e.g. with numbers at the end) This is definitely an interesting test case. I won't be able to test it in the next two weeks, but I would like to try it out with our UEM.

    In any case, I find it strange that the app works with BYOD but not with COPE.

    • w4lter's avatar
      w4lter
      Level 2.0: Eclair
      17 days ago

      thanks!

       

      so, in my opinion, it should be not a problem to release for example Candy Crush with a new app identifier, for example:

       

      official:

      com.king.candycrushsaga

       

      new one:

      com.King.CandyCrushSaga

       

      I'm quite sure, that Intune App (COPE/fully managed Devices) are not able to handle those 2 app identifiers afterwards, while Company Portal App (BYOD Devices) is able to handle this.

      PS: Intune Admin Portal will find both Apps in Google iFrame. Also releasing both apps to devices will be fine. Just COPE devices will not receive the second app.

       

      Super weird case...

  • Timdavid's avatar
    Timdavid
    Level 1.5: Cupcake
    16 days ago

    Check the Google Developer Console settings to ensure COPE device support isn’t restricted. Verify the app's visibility settings for corporate-owned devices. Since Intune shows it as available, try re-syncing Managed Play settings

    • w4lter's avatar
      w4lter
      Level 2.0: Eclair
      16 days ago

      hi, sorry - i have no idea how i could prevent installs on COPE devices. just know how to release an app to a managed google play store.

      do you have any screenshot or google guide? thanks.