Currently I'm developing an app and I included an apk that created by third party to be installed on specific condition. This apk is stored on assets folder. The problem is when I tried to install the third party apk, it ask me to activate allow the unknown source setting.
My questions are,
Can an .apk file contain another third party .apk file in its assets directory while uploading to Google Play?
Is it possible to sign a third party apk (make it known source)? So it won't prompt the user to allow the setting.
Can .apk file contain another third party .apk file in its assets directory while uploading to Google Play?
Yes, I am sure that we can.
Is it possible to sign that third party .apk (make it known source)? So it won't prompt the user to allow the setting
It is not something about the app signature, but the source of app installation. The only trusted source is the Google Play. All other sources (including assets directory of other APK regardless of where it has been installed from) are not trusted sources. If you want to avoid that problem - prompt to install the 3rd-party app from Google Play.
NO, we cannot install .apk without user's explicit permission unless the device is rooted.
Due to the security reasons, Google has forbidden that behaviour
Let me warn you that this is an absolutely terrible idea. This is precisely the sort of thing which will get your app to be very likely suspected as malware, and you are far more likely to get your app and developer account banned as a result. There is no good reason for a legitimate app to do this, and lots of reasons for a malware app to do this.
It also puts you at huge risk to the third party. If that app does anything bad that breaks the Play store policies then your app will be held responsible as it is included.
If you aren't producing malware, I'd be very curious why you want to do this.
Related
I am curious to know the technology behind automatic installation.
Apps from google playstore get installed automatically.
Moreover, 3rd party app store Aptoide also has this feature of automatic installation where the apk file needs not to be manually installed.
How does this happen?
Is there any certain API function or back end code for this?
Thanks
The play store does download the APK file. It just has a permission that allows it to install apps without asking permission. Any system app can get that permission- INSTALL_PACKAGES.
I am an Android theme designer and I publish my theme apks on Google Play.
I'm finding a lot of users are basically just stealing my themes. These themes do not allow support for license checking. Many users are simply installing the theme, then making a copy and refunding and then simply reinstalling the copied apk.
This is a huge issue and what I'm wondering is if anyone knows a way to add code to ie: the manifest that would prevent the apk from being installed from unknown sources? It would be great to have it where it attempts to reinstall and then just fails.
Of course this will not 100% stop the thefts because they can likely adb push the app or decompile and remove the code but it will certainly stop a lot of it I believe. Before you just had to worry for the most part about users with root to access the data partition.
Now there are several non root required file apps that can copy apks from data which allows easy access for theft.
Google Play has a licensing service that checks to make sure the user actually did pay for the app on Google Play, called App Licensing. The Google Play Licensing service is primarily intended for paid applications that wish to verify that the current user did in fact pay for the application on Google Play. Here is the documentation on how to implement it into your app; https://developer.android.com/google/play/licensing/index.html
I am publishing an app on Google Play. When the user downloads the app, the apk file is stored in external memory and people misuse the apk file.
How can I hide the apk at install time?
You can't exactly hide the apk file from users. You can force it to be installed on the internal memory instead of external, but I don't think that's going to help you. To do that, just make sure you don't use the installLocation attribute in the manifest.
From the docs:
If you do not declare this attribute, your application will be installed on the internal storage only and it cannot be moved to the external storage
Note that this does not mean your apk is "safe" either way. Any rooted user can still access the file no matter where it is. The only way to prevent people from accessing it is to not distribute it.
Google's App Licensing is probably what you're after. Have a read here: http://developer.android.com/google/play/licensing/index.html
Specifically,
Note: The Google Play Licensing service is primarily intended for paid applications that wish to verify that the current user did in fact pay for the application on Google Play. However, any application (including free apps) may use the licensing service to initiate the download of an APK expansion file.
Although you try to hide and apk there is lots of apps in android to extract apk from the app.
I am developing a paid app that I will be placing in the google play store, but I want to give away some copies of the app for free to reviewers, for promotions, etc. I know that I can just link to the apk file but that is not secure as anyone could then copy and re distribute it. My question is, is there a way to distribute an application outside of the google play store but in a secure manner? Are there other services that allow you to upload your apk and distribute the app to specific individuals?
If you're concerned about people redistributing your APK, anyone who can install your app can retrieve the APK from their phone and then make that APK available to others, if they wish.
A dedicated android app distribution service might have useful Play-Store-like features, but if that's not essential for you then you just need a non-public file distribution method.
Some possible means of distributing a file to a named set of individuals:
Email it directly (depending on the size of your apk)
Send it using a web-based file hosting + distribution tool (e.g. sharefile.com)
Host it on a website with logins that you control.
As I'm currently facing a similar task, I looked into Zubhium and HockeyApp. However, I haven't evaluated their potential, yet, I just browsed through the website. Maybe you can start from there.
I have already published android app on Google Play. It is desired to distribute the application even offline as .apk file directly. My app is completely free and we wish it should spread to as many people.
I am not sure what could be advantages and disadvantages of providing .apk file?
Questions are :
Will Google play count direct .apk installation as a download, when connected to internet ?
Will users with direct .apk installation get any update published later ?
To answer your questions:
Yes, you will get a download prompt if you click on an .apk in Android. When you go to open the completed download, it will offer it up for install (see caveats below)
If you offer your .apk up for direct download outside of Google Play you get no "update checking" -- you have to do that yourself. Not entirely sure what happens if the .apk is available in the play store and via direct download.
It is easier to talk about the disadvantages for the approach of distributing the .apk yourself.
You have to do all the tracking yourself, if you publish to the play store you get some statistics
Similarly, you have to do all "update checking" on your own (either via writing it in your app or some other way.)
No secure way of distributing your application. The built in Android browser does not support downloads over HTTPS streams that require authentication **
Easier for users to get the source code of your app. They can download the .apk from your site, open it in 7zip (or similar) and have at the underlying class files. Whether or not this is a concern is really for you to decide.
The most important reason
Your users will have to check "Allow installation of packages from unknown sources". Your average person might not know how to do this, and may be hesitant to do so. So, it may limit your ability to gain a a wide market share.
So, in summary, ask yourself if not being in Google Play/Android Market is really worth the hassle that comes for both you and your users.
** Not sure if this is true with Chrome on Android -- it is certainly true with the older default browser
Google play collects statistics of Apps only installed through Play Store , with a Google account logged in. Read Documentation on App statistics.
Newer version of Play Store app can auto detect if any of installed app is also available on play store, and will notify for the update.
Also, there are numerous third party app markets other than Play Store. You can upload your app there too (auto update is not available with all of them).
Seems no, correct me if I am wrong :)
Yes, provided that the package name is the same and the version code of the apk file you've uploaded to google play is larger than the one installed in the device.