Configuring a corporate mobile app using AppConfig

If you are an administrator in a company that has an internal mobile application, no matter for what - be it a regular messenger or mail, or something special like a barcode scanner - sooner or later you will be faced with the task of remote configuration and management of applications. You can use crutches to prescribe a specific id or server address in all phones, but there is also a ready-made solution - a de facto standard that can be used in conjunction with one of the existing EMM / UEM platforms (Enterprise Mobile Management / Unified Endpoint Management).



In this article, we decided to give instructions on how to make your Android application configurable if you are its developer. That is: what exactly needs to be changed in your application to meet the needs of the corporate audience. We also described all the work of the administrator using the Knox Manage platform as an example .

 





Formulation of the problem



In an interview with colleagues from the SRI SOKB (Scientific and Testing Institute for Integrated Security Systems), we agreed that a modern corporate mobile infrastructure can no longer be imagined without a centralized control system. 



For example, in the Swiss railway company SBB, each of the 30,000 employees receivesa phone customized for work tasks - there is not only mail and a messenger, but also, for example, sending messages about faults. To entrust an employee with the task of setting up all this periphery is not only costly in man-hours, but is also fraught with possible errors in the process. And in some cases - for example, when a malfunction occurs - it is easier to completely reflash and re-initialize the phone than to look for an error. Therefore, a correctly chosen solution for a corporate application makes the life of an IT administrator of a company much easier.



Usually, when introducing centralized systems, we are faced with two tasks:



  1. . , : Knox Mobile Enrollment, Android Zero Touch Android Enterprise Enrollment (EMM-, QR- .)

  2. . ,   ,





As a solution to the second problem, there is the AppConfig mechanism , this is not an initiative of some single company, but the current convention of several vendors. Its essence is briefly as follows: the developer implements in his mobile application - mail, messenger, video client, etc. - support for Managed Configuration s, customized for a specific user. The developer decides what parameters in the application can be set from the outside (identifier, username, server address). Through corporate Google Play, these parameters go to the EMM system. And it already allows you to create managed configurations and remotely assign them to specific devices and users. 



To find out if such functionality is implemented in a specific application:



  • Go to corporate Google Play.

  • Find the app you want. 

  • If it supports managed configurations, you will see the icon "This application can be configured remotely" under the name:







 The general process looks like this:



  1. The developer adds support for managed configurations to their application. In the XML schema file, it specifies the parameters that are configured remotely, and in the application code, it expands those parameters. Then he uploads the application to the corporate Google Play.

  2. The EMM system provides an admin interface through which the XML schema is retrieved from an application on Google Play using an iframe .

  3. The administrator enters the parameter values ​​that should appear on corporate devices. After that, the EMM system transfers the configuration to Google Play.

  4. Google Play updates the app on all corporate devices to reflect the new configuration.



    



The process of adapting a corporate mobile application to AppConfig



     Suppose that you need to remotely enter an address and username in an email client. Using Samsung Knox Manage as an example, the interface for configuring these parameters using a managed configuration will look like this:







For the Email address field, enter $ emailaddress $, and for the User name, specify $ username $ (these variables will be dynamically substituted, depending on the specific user).       



How can a developer add AppConfig support to their application?



Suppose we are developing a mobile application where the configurable parameter is the server address. According to the recommendations of Google, the developer must:



  1. Find the XML resource file, which is usually found in the res / xml project folder. It contains information about all configurable parameters, which then enters the EMM system through Google Play APIs.



    <?xml version="1.0" encoding="utf-8"?>  
    <restrictions xmlns:android="http://schemas.android.com/apk/res/android">  
    <restriction  
             android:key="address"  
            android:title="@string/title"  
             android:restrictionType="string"  
             android:description="@string/description"  
             android:defaultValue="sample address" />  
     </restrictions>  
    
  2. Explicitly list the app_restrictions.xml file in your application manifest inside the application tag.



    <application  
         android:allowBackup="true"  
         android:icon="@mipmap/ic_launcher"  
         android:label="@string/app_name"  
         android:roundIcon="@mipmap/ic_launcher_round"  
         android:supportsRtl="true"  
         android:theme="@style/AppTheme">  
     <meta-data android:name="android.content.APP_RESTRICTIONS"  
         android:resource="@xml/app_restrictions" />
  3. Implement handling the ACTION_APPLICATION_RESTRICTIONS_CHANGED event in the application code. This step ensures that the application receives the new value as defined by the administrator.



    IntentFilter restrictionFilter = new IntentFilter(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED);
    BroadcastReceiver restrictionReciever = new BroadcastReceiver() {  
         @Override  
         public void onReceive(Context context, Intent intent) {  
              Bundle appRestrictions = restrictionsManager.getApplicationRestrictions();  
              /* 
              Fetch the values of managed application configuration from this bundle and take 
              action in your app accordingly. 
              */  
         }  
    };  




As a result of this simple refinement, after publishing the application in the corporate Google Play, you will be able to receive a custom configuration from the server: 





Application before and after receiving the configuration from the server



How can an administrator configure an application through the Knox Manage console?



To set control configurations, the administrator needs to add the application itself via Knox Manage (KM) from the corporate Google Play store, or upload it from their computer as Managed Google Play Private (then publishing to the corporate Google Play is optional). To set a new configuration:



  1. In KM, open the Group tab, select the group associated with your device and click the Application button



  2. Now select your application and click Assign



  3. Select Android Enterprise as the Target Device. Click on the Set Configuration button.



  4. If you did everything correctly and your application has AppConfig support, then KM will fill in the necessary parameters with values. Just enter the server address (don't forget to enter the configuration name) and click the Save button.



  5. Press the Assign button to download the new configuration to the device.



  6. Click OK to confirm.





If the application is running, and the developer has correctly implemented AppConfig support, then the application will receive the new server address specified in the KM console.





Application with the server address entered through the KM console 



We configure not only applications, but also the device itself



At some point, the developers thought: what if we want to configure not only applications, but also the parameters of the device itself in a similar way? OEMConfig is a new standard for sending configurations to applications written by device manufacturers. Sending is done using the same XML schema. Android hardware manufacturers follow this standard to give administrators more control over their device. So, on Samsung smartphones with Knox support, there is a solution - Knox Service Plugin (KSP), which can be downloaded from Google Play. But we will talk about this another time.



Outcome



  • Use AppConfig to support managed configurations for your applications. It's quite easy to implement, and most importantly, it can be really useful.
  • Create a new configuration and send it to devices of a large number of users using the EMM system (in our example, Knox Manage).
  • As few crutches as possible, use ready-made solutions and standard methods!




Additional resources on the topic:







Posted by Pavel Lepeev,

Engineer, B2B Pre / Post Sales

Business Development Team

Samsung R&D Institute Russia



All Articles