Connected apps is an Android framework-backed mechanism of giving your app access to content in both work and personal profiles to display to users in a single user interface.
Early Access Program
The Early Access Program for Connected work & personal apps enables developers
to apply for approval to use the
INTERACT_ACROSS_PROFILES
permission in an app published in Google Play.
The Android Enterprise engineering team is seeking feedback on the Connected apps SDK from app developers. Understanding developers' use cases and requirements will allow us to learn more about how app developers are planning to use this permission to improve the work profile experience for Android users. Just as importantly, the Early Access Program will allow us to gather third party feedback on the feasibility of the potential policy integration requirements. This will ultimately help us define the most appropriate set of policies to manage use of this permission in apps distributed in Google Play.
Approval process
To help protect Play users, apps requesting to use the
INTERACT_ACROSS_PROFILES
permission must be approved by the Android Enterprise team prior to being
published on Google Play. Developers who want to use this permission must first
submit their use case to Google for review. Not all use cases will be considered
for review. We will evaluate all apps and use cases against the same criteria,
considering how an app may benefit end users and the necessity of using the
permission for that use case, including the following factors:
- Does this feature, enabled by the app's use of the permission, deliver clear value to the user?
- Would users expect their work & personal app to interact in this way?
- Is the feature enabled by the app's use of the permission important to the primary purpose of the app?
- Can the app deliver the same or similar experience without use of the permission?
Developers need to fulfill the following criteria for applying to the EAP:
- The application they want to submit for review should be an existing application with demonstrated popularity (minimum 200,000 downloads in Google Play). We don't intend to accept EAP submissions for brand new applications.
- Applications that will be considered for allowlisting to use the
INTERACT_ACROSS_PROFILES
permission should fall under one of the following Play store app categories:- Personalization
- Productivity
- Tools
- Auto & Vehicles
- Communication
- Developers must agree to comply with the integration requirements as outlined in the following section.
Integration requirements
To be part of the Early Access Program, applications must also comply with the following requirements:
- The
INTERACT_ACROSS_PROFILES
permission may only be used to provide features beneficial to the user and relevant to the core functionality of apps intended for work (or include work features). Those functionalities are defined as the main purpose of the app. This may include a set of core features, which must all be prominently documented and promoted in the app's description. - Apps must get user consent, including by displaying appropriate screens
provided by the AOSP implementation before the
INTERACT_ACROSS_PROFILES
permission is granted. - Apps must not use this permission to associate user identities between the work and personal apps on or off the device.
- Apps must not use this permission to scrape any data accessible to the personal app to build identity graphs.
- Apps must not actively send data on the personal app to the IT admin or other admin-managed apps, or allow the IT admin to access data on the personal profile indirectly.
- Apps must not use this permission to access the personal profile to obtain a list of personal applications or accounts.
- Apps must not send cross-profile data to another application.
- Apps must not sign in one profile any data stored or generated in the other profile (for example: app data, device settings), including Personal Identifiable Information (PII, for example: email address, username).
- Apps must not transmit any data stored or generated in one profile (for example: app data, device settings), including Personal Identifiable Information (PII, for example: email address, username) off the device from the other profile.
Take a look at a few example use cases
A calendar app that allows the user to have a single view of their personal and work calendar may be an appropriate use case to request this permission.
An app providing backup services that will sync work data to a personal profile account, or vice versa, would not be approved as it would send and log data from one profile to the other profile.
A photo gallery app wanting to use this feature, in order to access work profile contact information to be able to share photos, would not be approved.This functionality could be achieved just as effectively using Sharesheet.
Request approval
- Review the Early Access Program (EAP) criteria and the integration requirements mentioned earlier to ensure your application qualifies.
Download and fill out the connected apps questionnaire to outline your use case.
Review and accept the EAP terms using this form and submit a complete copy of the connected apps questionnaire to connected-apps-ext@google.com for our team to review.
If your use case is approved, develop and test your feature / app.
When your app is ready, submit the apk to our team for review. Our team will review the application's use of the permission against that outlined in the approved use case.
If approved by our team, you will be able to publish the same apk on Google Play using the Google Play console
Whenever you introduce changes to an app that has already been approved, review that the application is still using the permission as outlined in the approved use case. If you are changing the way that your feature / app works, re-submit your use case to Google for evaluation in accordance with steps 2 and 3 mentioned earlier.
Failure to make the necessary changes to address the compliance issues within
the provided timeline will result in your application's approval being
rescinded. You will be unable to update your application on Google Play until
the issue is addressed and you are re-approved by the Android Enterprise team,
or you remove the feature and its use of the
INTERACT_ACROSS_PROFILES
permission from your app.
What can I expect? How difficult is this to build?
The connected apps SDK simplifies performing and testing cross-profile behaviour or data access, once you have the appropriate permission. Normally, the cross-profile calls themselves are quite straightforward, so you should be able to estimate the complexity and engineering cost from your specific product goals and other requested changes within your app itself.
Principles
The general flow of data through your app shouldn't change to accommodate becoming connected. At a high-level, don't think "send a message to the other profile to tell them that X" or "get data from the other profile to Y". Instead, continue to think "get emails", "delete event", or "register listener". A device only ever has one APK per package name, so each profile will always have an identical version of the app. At a single point in each data flow stack, the connected apps SDK can be used to route the call to the appropriate profile(s).
Permissions
Firstly, determine which category your app falls into: full-consent,
pre-granted, or cross-user. This will be referenced throughout this
document. If your privileged app already has the INTERACT_ACROSS_USERS
permission then you are cross-user. If you are listed in the
cross_profile_apps.xml
file, you are pre-granted. Otherwise, as with the
vast majority of apps, you are full-consent.
Product caveats
- Work data won't be accessible when the work profile is off.
- The connected apps SDK is only supported from Oreo-onwards, which encompasses the vast majority of work profiles. As discussed in the next section, this requirement will actually be from Android 11 onwards for most apps.
The following points apply to full-consent and pre-granted apps only:
- The permission is always user-revocable, so assume that you have to build for the case where the apps are not connected.
- Connected apps is only supported from Android 11 onwards.
- Apps using this permission will need to be included in a Play Store allowlist.
The following points apply to full-consent apps only:
- The default state will be off. You will need to send the user through the consent flow to request the permission.
- The IT admin will need to consent to your app as well, or the user won't be able to give the permission.
- The app will need to be installed in both profiles. The consent flow already prompts the user to install in the other profile if they haven't already.