Create and manage private apps for Android Enterprise

In December 2018, Google quietly introduced support for private app upload within the Google Play iFrame, allowing for simple, straightforward upload of in-house applications without the hassle associated with uploading to the Google Play console directly.


With a switch to Android Enterprise, the recommended means for distributing corporate, in-house applications is through managed Google Play. UEMs can support silently pushing uploaded APKs directly to devices from the UEM platform, either UEM-hosted or by leveraging the externally hosted app capability Google has previously offered, but this isn’t consistent across UEMs in the way uploading an app directly to Play has been, and so the general recommendation has remained largely unchanged.

Uploading apps to the Google Play Store, however, is not straightforward:

  • You need to pay a $25 fee before being able to upload apps
  • The publishing process is long-winded and arduous
  • Mistakes can easily be made by inexperienced admins, leading to public availability of the in-house application.

..and more. The process has left a lot to be desired for a long time.

The proposed solution

In this case, rather than incrementally improve the process, Google seems to have taken the previously announced feature for G Suite and applied it to the Google Play iFrame. With only a little information, organisations can quickly and easily upload their private applications with very little effort:

  • App name
  • APK file

Once submitted, the app will be uploaded to managed Google Play against the Android Enterprise organisation ID in which the UEM is binded. Apps uploaded in this way cannot be made public, and therefore are only useful for internal, non-public applications.

It’ll take a little while for the app to upload and become available for use, but once complete, the app can be imported into the UEM as with any other public or previously Google Play-uploaded private application.

How it works

The following is demonstrated in VMware Workspace One UEM, but the process is identical in all UEMs supporting the iFrame (those that don’t cannot use this functionality).

Within Apps & Books > Apps > Public, add a new app. No name is required, despite it showing the asterisk*:

Once the iFrame opens, hover the mouse on the left hand side to display the sidebar menu, and click Private apps. You may need to scroll down in the empty private apps page to locate the new icon, but once located click it:

You’re now creating a new private app. Add a name and upload the APK:

Once complete, click Create:

The private app will be available normally within a few minutes (note the Not available yet message under the app after creating it, this will vanish when it’s ready).

If you click the app, you’ll be taken into the details view for it, where you’ll be able to edit the name, upload new versions, and also see a link to Google Play to add more information:

Some UEMs will import private apps automatically. Others will not. For the latter, simply add an app as you normally would, switch to the private apps tab in the iFrame, click the app in question and click Select. Alternatively if the UEM supports it, run an import from Play to get it.


An improvement to the process of uploading private apps to Google Play has been long-overdue, but definitely worth the wait for them to get it right.

Uploading private apps is now a 2 step process, free to use and ensures no mistakes can be made when compared to the old, convoluted process. That said, for organisations happy to use the Google Play Console for app management, the options to do so are still there and can be leveraged, so it’s a win-win with this implementation.

As it’s via the iFrame, the obvious prerequisite is your UEM must support this (and if they don’t, be sure to make your request heard), however beyond that the feature is ready to be used!

For more information on this feature with your particular UEM platform, please reach out to your UEM vendor directly.


  1. Hi Jason,

    For Private apps, can two customers upload an apk with the same package name in their respective private app stores?
    Asking, cause there are developers who give whitelabelled apps to our customers, but do not change the package names. So for example, consider a DriverRoster app made by the same developer for two customers and they have the same package name, so in this case can each of them upload to their private app store?

  2. Hey Sriram,

    It’s not possible to upload duplicate apps to the Play Store, whether you do so publicly or privately. Orgs would need to ask their devs to build an APK with a different package name. I’ve hit the same issue and always return to the dev to provide an app with a unique package name.

  3. Hello Jason,
    I found the info very helpful. I was hoping you might be able to shed some light on something that our EMM (Mobile Iron) is not able to. We are trying to upload privately hosted apps to the companies private play store. The issue I am running into is that in the documentation I was sent they want me to download a JSON definition file from Mobile Iron and upload it to google under the app release tab. They are showing a check box for “I am uploading a configuration file from an APK hosted outside of Google Play”, but I cannot find this option anywhere. Was this removed in recent versions?

  4. At least on mobile I see the same.

    It’s not a solution, but Core 10.3 introduces Play iFrame support to do app uploads directly.

    I’ll dig around to see what, if anything, has happened to that checkbox.

  5. Magnus says:

    Hello Jason,

    can you confirm, that the user doesn’t need to pay 25$ for the Google Play Developer account?
    Or is this required for adding more information in the last point?


  6. Confirmed. Unless you plan on pushing apps publicly you do not have to pay $25. Though once the app is published privately, it cannot be made public.

  7. says:

    What about when comes to app updates ?

    App package name has to be different for pilot testing ? if uploading the same app package name but different version will push to production deployment immediately?

  8. Yes if you upload any update to the private play iframe it’ll push it live, however you can use advanced edits to make app tracks as desired for closed/beta testing

  9. says:

    there are error messages uploading via iframe in mdm such as “release is not compliant with the play 64-bit requirement”, “APK is marked as debuggable”, will it also be the same error messages and checks from google when i ask the developer to upload in play console and assign to our organization id??

  10. Indeed, apps uploaded do still have to follow normal policies, including being 64bit, release-key releases (not debug), target the correct API level and more.

Something to say?