Near as I can tell, it's (still) not possible to do an entirely unattended app update on an off-the-shelf android device, so I looked into what's possible with a rooted device. A day of searching, reading, and experimenting has yielded a workable approach that gives us all the remote control we need and more. A rough outline of the steps and settings involved might help others with similar needs:
- root the device (specifics vary from device to device, so you'll have to search for how to do it for your particular one)
- configure (or re-configure, depending on the effects of the rooting procedure) the device settings (e.g., wifi) to get it minimally functional
- go into Google Settings > Security and uncheck the "Improve harmful app detection" and "Scan device for security threats" options (otherwise, the phone will require an on-screen confirmation when remotely installing an app)
- make sure that Developer Options are enabled; I read that the location may vary with android versions or device manufacturers, but one common location is Settings > Phone > (scroll to bottom) Build number -- tap 7 times on the Build number item to enable the Developer options
- enable USB debugging in Settings > Developer Options (even though we will never make a USB connection to the phone and will do all our debugging over TCP; this option seems to behave more like "enable adb debugging" whether by USB or TCP)
- install an ssh server or sshd app (there are many; I chose SSH Server for now and configured it (added 1 server and 1 user for that server)
- from a terminal window on a computer or other device, connect to the phone with ssh using whatever port you used for the server you set up in SSH Server:
$ ssh 192.168.1.217 -p 34567 # e.g., a local network IP address
- configure the device for adb over TCP by issuing the following commands (doing it this way, there is no need to connect first over USB):
$ su
$ setprop service.adb.tcp.port 5555
$ stop adbd
$ start adbd
$ exit
Note that the first time you issue the su command, the device
will prompt for an on-screen tap to permit the SSH Server
app to run with elevated privileges -- this is a one-time
configuration that you must perform before you deploy to the field!
Note also that you specify which port adb will use -- you could
use something other than the default 5555.
- optionally, place a text file of adb authorization keys onto the device (/data/misc/adb/adb_keys -- requires su) to pre-authorize one or more computers from which you want to be able to connect and manage the remote devices -- see further discussion below
- from Android Studio's terminal tab (or from any terminal with adb installed), use adb to connect to the device, ideally using the device's public IP address (more on this below):
$ adb connect 93.184.216.34 # a public IP address
# or, if you aren't set up yet for public access, a local address
$ adb connect 192.168.1.217 # a local network IP address
Note that you will get another on-screen prompt, this time
to permit this computer to connect unless one of the
following is true:
a) you have previously connected to this device at this IP
address from this computer and you check the option to
permanently allow this connection, or
b) you created an adb_keys file containing the key for the
computer you are currently connecting from
If you get the prompt, you must confirm it on-screen with
a finger tap; if you select the option to permanently allow
this connection, the /data/misc/adb/adb_keys file will be
created and/or updated with the key for this connection
Since the goal is to configure the phone such that it never requires any on-screen user interaction, you need to ensure that you deploy it to the field with an adb_keys file containing the key it will see when you connect to it remotely. The simplest way to do this is to connect once, manually, with the device from the computer you will use for remote management and using the IP address that the phone will have when deployed, because the key is different when coming through a local network than it is across the internet (I would love to have anyone more knowledgeable than myself clarify all of this -- I'm just reporting on what I've seen/learned today putting all of this together).
If you anticipate managing the phone(s) from more than one computer, you should determine the keys for all such computers in advance and place them in a file that you install during setup into /data/misc/adb/adb_keys. This will "pre-authorize" adb connections from all computers whose keys match one in the file.
That's it for setup. To use this setup to actually manage app updates is pretty straightforward and only requires adb. The following is a minimal list of adb commands you can use to manage the remote device(s) -- type adb --help or search the web for more on the many things you can do with adb (note that most but not all of the commands are 'adb shell' commands, either for the activity manager ('adb shell am') or the package manager ('adb shell pm'):
# terminate your currently-running app
$ adb shell am force-stop com.example.appname
# uninstall your app completely
$ adb shell pm uninstall com.example.appname
# or, to keep the app's data and cache use the -k option
$ adb shell pm uninstall -k com.example.appname
# install your app from your local computer to the remote device
$ adb install /local/path/to/the/app.apk
# start your app by invoking it's main/startup activity
$ adb shell am start -n com.example.appname.Main
I have only done this for one phone; I will repeat it in the coming days for more phones and revise this answer if/as needed. While the setup for each phone is somewhat involved and will take a number of minutes, once configured it looks as though the updates for our hundreds of phones can be fully automated as a simple script of adb commands.
