I've been trying to implement an application which sends and receives fake sms on my device (Samsung Galaxy S2, Android 4.1.2). I found an example of such application here:
http://blog.dev001.net/post/14085892020/android-generate-incoming-sms-from-within-your
I copy-pasted it and ran on my device. Nothing happened and I found in logs that BROADCAST_SMS permission was system. I made the app system using Titanium Backup, restart my device and ran the app again. And nothing happened again. I got the same exception that my app had no rights to use BROADCAST_SMS permission. Then I read that I should specify android:sharedUserId="android.uid.system" in manifest. When I added it I failed to run my app using Intellij Idea 14:
Failure [INSTALL_FAILED_SHARED_USER_INCOMPATIBLE]
I tried to install generated by Idea app but got exception: Package has no signatures that match those in shared user android.uid.system; ignoring!
So I have several questions:
1. How is it possible to install unsigned app with android:sharedUserId="android.uid.system" in manifest?
2. Will my app be able to use BROADCAST_SMS permission if I make it system using Titanium Backup or other trick?
3. Is there any other way to force the app work on my device?
I have seen applications which imitate sms incoming. But they all write to inbox directly. I need an application which makes other applications believe that new sms is coming.
Thanks in advance
To use shareduserid your app must have the same signature as all other apps using this uid. Installing the app on /system partition or even giving it priv-app status is not sufficient.
And btw the permission is of level "signature" anyway (not signatureOrSystem) so the only way you can be granted the permission is if your app uses the same signature as the android framework. In other words, you have to make a custom platform build and flash your phone with it.
If you install/build Android from AOSP, a test key is used to sign all the apps. You can use this key to sign your app and install it as a system app. This works great for testing; obviously not going to be an option for something you want to distribute.
Related
I wanted to use a 3rd-party app with an intent but application is not installed on user's device. Something like Android Instant Run but apk are included in application or If it isn't possible, How can I install apk on user's? However can I install application silently without Package Installer?
I'll be appreciated if anybody answer my questions.
I wanted to use a 3rd-party app with an intent but application is not installed on user's device.
Ask the user to install it.
Something like Android Instant Run but apk are included in application
Nothing like that exists, sorry.
However can I install application silently without Package Installer?
Fortunately, that is not possible, for security reasons.
I am working on a security app. everything is fine, except there is a backdoor. the security can be easily removed by just uninstalling the app. is there a way i can protect my app from getting uninstalled by intruders? i'm sure this is possible as i have seen apps on google play store which cannot be uninstalled from settings.
Please refer Device Administrator
Once the application is registered as a Device Administrator, it can't be uninstalled unless its unregistered. This will prevent the app from being uninstalled.
For example this application is using same functionality.
Make sure if you install above application(SeekDroid) you must sign up then it will ask for device admin permission. :)
I'm implementing a demo on silently uninstall an app from device.
In adb shell, I can use pm uninstall packagename to do the task, but when I wrote code, I got some permission denied error.
I've been googling for a while, and found that to get DELETE_PACKAGES permission, I have to sign my app with the same certificate as the system does.
So, can anyone give me some tips on how to do this? Or, is there anyway I can do to make my app running as system service?
You can't do this, unless you are building your own firmware (ROM). If you are, just take the key that signs the ROM and sign your apk with it. If you have a rooted phone, you can also copy the apk in /system/app to get the permission.
Far better than a silent uninstall is somehow bricking the app. There's a few ways that this could be done, but basically keep track of the first day they used it, and make the program not work. Alternatively, it could be set up to work until a certain day, after which it will no longer work. This question answers how to do this.
If your application is not located at "/system/app",permission "DELETE_PACKAGES" would not work.
Compile your app with source code or try "root" ;)
I have experience about how get one application permission to read browser bookmark
Open the AndroidManifest.xml of That application that you want to add permission to it.
2.Somewhere between
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
</manifest>
add this code
<uses-permission android:name="..." />
3.For fill the ... go here
For example the following code will permit to app to get bookmark history
What is the best way to prevent a user from downloading and installing applications which uses some specific permissions like location and sms.
Is it programatically possible to parse the manifest of an application from the market before it get installed and look for the specific permissions and alert the user?
What is the best way to prevent a user from downloading and installing applications which uses some specific permissions like location and sms.
Write your own firmware, where you replace the normal installer mechanism with one that enforces your desired criteria.
Android SDK applications cannot interfere with application installation.
Is it programatically possible to parse the manifest of an application from the market before it get installed and look for the specific permissions and alert the user?
No, sorry.
However, you can listen for ACTION_PACKAGE_ADDED and examine the newly-installed package via PackageManager, and alert the user at that point. Since nothing of the installed package can run immediately upon the install, I would think that there is a decent chance that your alert will appear before the user tries to use the newly-installed app.
In the future this would be probably something you could do trough Device Administration, but right now limiting application installation based on its requested permission is not included.
One option is this snippet that decompress the apk and extracts the AndroidManifest.xml.
By the way the aapt tool for android runs on the Android OS too. You can get this information using this port
I'm writing a testing suite for my other apps that triggers system intents, specifically ACTION_DOCK_EVENT.
I know I need to add android:sharedUserId="android.uid.system" to my android manifest in the manifest tag and I need to install my app in /system/app instead of the normal /data/data.
I have root access so that's not a problem.
The problem I'm running into is, it appears I also need to sign my app with a system key. Where do I get a system key store, users names, and passwords? I assume I could build my own version of Android and sign it with my own keys, but since I have root access there should be an easier way right?
I have a N1 with CM7 and the emulator I'd be fine with keys for either.
Thanks.
Your best bet would be to build the OS yourself and sign it with your own keys. Root access wont help you share user id with the system.
Unless you are working with the device manufacturer, you wont be able to (legitimately) get the signing keys for the firmware.
Turns out the send broadcast intents via adb with commands like:
am broadcast -a android.intent.action.DOCK_EVENT --ei android.intent.extra.DOCK_STATE 2
To test ACTION_DOCK_EVENT.
I couldn't figure out a way to do it from another app, but adb worked for my needs.