So, I found this answer here by #CommonsWare about allowing an app to install apps silently to the phone like Google Play does. There, it is mentioned that the app should be either signed with the firmware-signing certificate or so, or add the app to System folder. What I need to know is, if I add the app to system\app\ or system\priv-app\, then is it possible to install app silently to an Android device? Or do I need to utilize INSTALL_PACKAGES permission? If so, how?
I'm asking this question because I've only 10 reputations so I cannot comment there.
I found an answer by #inazaruk here, but it's complicated and the provided links are dead.
It's the app doing the installation that needs to be system signed or reside in system/app system/priv-app, for those you do need to hold the correct permission in order to install an app (even if you're system signed), the difference is that you are able to get the necessary permission to do so at all. The fact that you use a permission is not the same as that the user gets a pop-up asking if it's OK.
In order to install a package you can call (ApplicationPackageManager.installPackage):
http://androidxref.com/7.1.1_r6/xref/frameworks/base/core/java/android/app/ApplicationPackageManager.java#1561
public void installPackage(Uri packageURI, PackageInstallObserver observer,
int flags, String installerPackageName) {
Since the ApplicationPackageManager has #hide on it you're going to have to use something like reflection to access it. You get an ApplicationPackageManager when you call "Context.getPackageManager".
Related
My company is letting an external provider manage its internal Android "app store" for it. For this, the provider wants a p12 and the APK.
My question is: would there still be an "emergency" way for us to disable an app?
I know that on iOS there is always the possibility of disabling a provisioning profile; is there something similar with this Android setup?
Thanks
If I understand correctly your question, you want to be able to disable your application remotely ?
If so, there is no built-in way to do it, with or without using the signing certificate. Even removing it from the Play Store would not prevent existing users to use it, since you can't uninstall an app for users.
The only solution I see would be to introduce a custom check when the app is launched, which would call a webservice and depending of the "status" returned, start a blocking behavior in your app. However, this requires network, and it's not a very good usability best practice, since your users could see their service interrupted without warning.
I am testing my Android app on my own phone. When I first run it on my phone, it asks for permission to user my gmail account. When I reinstall my app, it no longer does that? I would like to make it so that it re-requests permission every time I reinstall the app for testing purposes. If, on the other hand, I change the package name, it re-requests the permission. Does anyone know how to do that? Much help would be appreciated!
Thanks!
Note: By reinstall, I mean both pressing the run button and actually resinstalling the application by first uninstalling via settings.
This is not an actual Android permission, it's actually an account access grant specific to AccountManager. Technically, when you uninstall an app all grants should be cleared, but this appears broken on some devices. If you have a rooted device or are using the emulator, you can find accounts.db (usually in /data/system/users/0/accounts.db on newer versions) and clear the grants and extras tables (that could affect other apps, so handle with care). If you don't, clearing the data for Google Account Manager and Google Play Services could help.
What do you mean by reinstall? Does reinstall simply meaning pressing the "run" button? Or are you actually uninstalling and reinstalling the application. Once the Android OS detects that a permission is needed, it will request it from the user. But after that first time, it won't ask again. If you completely uninstall the application from the device and then reinstall, it should work. I don't know of any other way you can bypass that.
I'm implementing a demo on silently uninstall an app from device.
In adb shell, I can use pm uninstall packagename to do the task, but when I wrote code, I got some permission denied error.
I've been googling for a while, and found that to get DELETE_PACKAGES permission, I have to sign my app with the same certificate as the system does.
So, can anyone give me some tips on how to do this? Or, is there anyway I can do to make my app running as system service?
You can't do this, unless you are building your own firmware (ROM). If you are, just take the key that signs the ROM and sign your apk with it. If you have a rooted phone, you can also copy the apk in /system/app to get the permission.
Far better than a silent uninstall is somehow bricking the app. There's a few ways that this could be done, but basically keep track of the first day they used it, and make the program not work. Alternatively, it could be set up to work until a certain day, after which it will no longer work. This question answers how to do this.
If your application is not located at "/system/app",permission "DELETE_PACKAGES" would not work.
Compile your app with source code or try "root" ;)
I have experience about how get one application permission to read browser bookmark
Open the AndroidManifest.xml of That application that you want to add permission to it.
2.Somewhere between
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
</manifest>
add this code
<uses-permission android:name="..." />
3.For fill the ... go here
For example the following code will permit to app to get bookmark history
What is the best way to prevent a user from downloading and installing applications which uses some specific permissions like location and sms.
Is it programatically possible to parse the manifest of an application from the market before it get installed and look for the specific permissions and alert the user?
What is the best way to prevent a user from downloading and installing applications which uses some specific permissions like location and sms.
Write your own firmware, where you replace the normal installer mechanism with one that enforces your desired criteria.
Android SDK applications cannot interfere with application installation.
Is it programatically possible to parse the manifest of an application from the market before it get installed and look for the specific permissions and alert the user?
No, sorry.
However, you can listen for ACTION_PACKAGE_ADDED and examine the newly-installed package via PackageManager, and alert the user at that point. Since nothing of the installed package can run immediately upon the install, I would think that there is a decent chance that your alert will appear before the user tries to use the newly-installed app.
In the future this would be probably something you could do trough Device Administration, but right now limiting application installation based on its requested permission is not included.
One option is this snippet that decompress the apk and extracts the AndroidManifest.xml.
By the way the aapt tool for android runs on the Android OS too. You can get this information using this port
I am working for manufacture of cell phones. we develop for the Android platform, therefore we can sign our applications and have system permissions, for example we can use
the packagemanager.installPackage(|..) method, which gives us the ability to install APK's without the user involvement.
I would like to know, if any one you know about an Un-instantiation method which would uninstall apk's silently without user-involvement?
thanks,
ray.
There is functionality in there some where to do this - Google uses remote kill switch to uninstall Android apps, but I haven't seen any details on where you would find this. But as a user I would be very unhappy with a handset which silently removed apps without telling me - even if the app was a security threat, if I had installed it, I would want to be told it was being removed.