Question : I can browse the Play Store, but cannot download any apps when onboarding my Android phone
Environment Information : This applies to all the versions of CPPM
Cause : The Google Play app store (play.google.com) is a cloud service, and the addresses it uses may change regularly.
Resolution : As we know that Android devices inherently do not trust apps being installed from an app store other than those trusted during the factory install.
Therefore, CPPM would not be allowed to host the app for Android devices by default. To keep the process simple for the end user, you have to open up the ACL to allow access to a range of addresses for Google Play.
It might not be enough to add a white list just for android.clients.google.com and ggpht.com.
The Google Play app store (play.google.com) is a cloud service, and the addresses it uses may change regularly. This presents a challenge to permit access to those ranges. The current solution is to permit a series of blocks of addresses that are known to be used by the Android Marketplace, as shown here:
These ACLs are used for both single and dual SSID onboarding.
Here is a URL to a Google support thread, where Google discusses how to identify the current list of
addresses: http://support.google.com/a/bin/answer.py?hl=en&answer=60764 .