I am inheriting a code base that needs to be kept fairly in sync with the previous version to make updating to new versions as painless as possible when they push the changes via git. The changes I am making are related to re-styling and adding new features.
In the latest release, I was trying to install both the original version of the app alongside this custom version and got this error:
Failure [INSTALL_FAILED_CONFLICTING_PROVIDER]
I looked through my source control and found that in previous versions I was using the same authorities and name as the parent app, but I don't recall having this problem, but maybe I just never tested the case where both apps were installed at the same time?
In the original version of the manifest, this is the provider element:
<provider
android:name="com.foo.mobile.android.provider.Provider"
android:authorities="com.foo.android.mobile.contentprovider"
android:exported="false" />
I tried changing the authority to this:
<provider
android:name="com.foo.mobile.android.provider.Provider"
android:authorities="com.bar.android.mobile.contentprovider"
android:exported="false" />
But now the app crashes shortly after launch with SecurityException:
java.lang.SecurityException: Permission Denial: opening provider com.foo.mobile.android.provider.Provider from ProcessRecord{42cbc998 2462:com.bar/u0a191} (pid=2462, uid=10191) that is not exported from uid 10189
I've looked on SO and saw a couple of questions regarding this topic and also looked at the documentation and it all says I need this authorities to be different, but how can I keep this different while keeping synergy with the base code?
maybe I just never tested the case where both apps were installed at the same time?
I would presume this is the case. You cannot have two apps with providers supporting the same authority installed at the same time.
But now the app crashes shortly after launch with SecurityException:
My guess is that you changed your manifest, but you did not change the Uri that you are using to access the provider. Hence, your com.bar app is still trying to talk to the com.foo provider, and that provider is not exported.
how can I keep this different while keeping synergy with the base code?
Either this is the same app, or it is not.
If it is the same app, your first step is to switch back to the original package name. The only way you could have gotten Failure [INSTALL_FAILED_CONFLICTING_PROVIDER] is because you changed the package name and did not change the provider's authority. Changing the package name means that, from the standpoint of everyone outside of you and your team, it is a completely different app. Once you have switched back to the original package name (and rolled back to the original provider authority), everything should be fine, except that you won't be able to have the release version and the development version on the same device at the same time.
If you do indeed plan to have this app have a separate package name (so existing users of the existing app cannot upgrade to this new app), you will need to change the authority string in all relevant places. I presume that you can do this using a string resource, where you have different versions of the string resource. Or, if this is a free-vs.-paid app scenario, move to doing your builds using Gradle for Android, and set up separate free and paid product flavors, which can patch up your package name and authority data as part of the builds, without having to tweak the source code.
Related
When I download a my application from the Huawei AppGallery, a message is displayed indicating that the installation fails.
Opening the message and view the failure details.
The specific failure information is Conflicting Provider and Error Code is -13. In addition, the system displays the name of the application that conflicts with and the recommended solution. How can I solve this problem?
If a provider conflict occurs when you install an app, it is because an existing app has the same ContentProvider.
The ContentProvider feature interacts and shares data between processes, which determines that it must be globally unique. Once an app has registered a ContentProvider on the phone, the app installed later cannot use the same ContentProvider. Otherwise, the installation will fail.
The fix for this is to make sure that all ContentProvider names are kept unique, best practice is to make your package namespace part of the provider definition in your manifest.
For example:
<provider
android:name="myapplication.android.hms.unity.provider.AnalyticsContentProvider"
android:exported="false"
android:grantUriPermissions="true"
/>
Please Confirm you package name is unique and has been definited in your ContentProvi der.
<provider>
</provider>
(if you came here by googling looking for a solution for this error,below links will give you an answer,also my question has kind of an explanation!)
Possible duplicate of
INSTALL_FAILED_DUPLICATE_PERMISSION… C2D_MESSAGE
Error -505 INSTALL_FAILED_DUPLICATE_PERMISSION
Wait!
I got this error today in a live project.User came with the 505 error unable to install the app.Then i ran it on IDE!
If you download an app with this mentioned issue from play store you will get an error with 505 when you try to install.
If you try to run it using your IDE you will get the error like in above image! (correct me if I am wrong)
Then I was looking for reasons.
This was my issue!
<permission
android:name="in.wptrafficanalyzer.locationroutedirectionmapv2.permission.MAPS_RECEIVE"
android:protectionLevel="signature" />
<uses-permission android:name="in.wptrafficanalyzer.locationroutedirectionmapv2.permission.MAPS_RECEIVE" />
Surprise thing was another developer's app on a particular users phone used the same signature! Damn, those copy pastes met each other today!!
I think if I try to declare same permission in two applications with
same package name this error can occur.(correct me if I am wrong)
Here are my 2 questions?
1.Do they need to be with the same permission? anyway they will get this thing when its same. lets say app A users a pkg.name with permission permission.RECEIVE app B use same package with another permission CONFIGURE_SIP.Can this occur when they meet each other?(seems like a stupid question but I want to confirm the other app that was there in the client's mobile had the same thing!)
2.What are/is there any other the possibilities that this error can occur?
An application defines a custom permission using signature level security
You attempt to update the installed app with a version signed with a different key
The test device is running Android 21 or newer with support for multiple users
Got those 1 2 3 from this post ! Are they true? If yes any good explanation about them will be great or any additional reason for this error?
There are many good answers in the mentioned posts!Not asking how to fix this! But how it gets generated! Also if I mentioned/understood something wrong please do note it down!!
Thank you.
Edit : As I mentioned please note that the issue came form an app which is already in the Play Store. And about the other app I have no idea! It's there in the client's mobile.Probably its also from play store because even developer options was not activated till I try to run on that mobile.He did not had any previous apps from my company as well.He just tried to download the app got 505 error and came to fix it.
And also my first option was the removal of that permission an it made the app install successfully(not the right thing but to confirm where the issue was). That is the reason that I need to know the possibilities of this error!
#commonsware blogs has explain it in details in Custom Permission Vulnerability and the 'L' Developer Preview:
Near as I can tell, the “L” Developer Preview requires that all apps
with a <permission> element for the same android:name value be signed
by the same signing key. The actual protectionLevel or other values
inside the <permission> does not matter. Even if they are identical, an
app trying to define the <permission> will fail to install if an
existing installed app already defines the <permission>. Specifically,
the installation of the second app will fail with an
INSTALL_FAILED_DUPLICATE_PERMISSION error.
Here the answer from #commonsware: https://stackoverflow.com/a/11730133/4758255
Your problem isn't permissions. It's impossible to have two apps with the same manifest package name.It must be unique. So system think that user try to reinstall/update old app with new signing certificate. From android developers blog
If the signing certificate changes, trying to install the new application on to the device will fail until the old version is uninstalled.
EDIT:
I run some tests with permissions. I think, behavior is very similar with application package name. Error occur only if 100% matching. Results:
app A(package test.test) vs app B(package test.test2)
package="test.test">
<permission
android:name="test2.example.h"
android:protectionLevel="signature" />
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="test.test2">
<permission
android:name="test.example.hr"
android:protectionLevel="signature" />
permission A - test.example.h vs B - test.example.h - DUPLICATE_PERMSSIONS error
test.example vs test.example.h - success
test.example.g vs test.example.h - success
uses-permission doesn't affect on errors/installations. But I think you can get SeciurityException in runtime, if try to use others permissions.
I have two apps. one of the two has a custom content provider which works like a charm.
APP A -> The one with the provider
APP B -> The one that needs the data from the provider
Everything works fine in this scenario:
1st : Install app A
2nd: Install app B
However when I do it like this:
1st: Install app B
2nd: Install app A
I get the error :
09-19 13:07:22.576: E/AndroidRuntime(14621): Caused by: java.lang.SecurityException: Permission Denial: opening provider
uk.co.ringsizer.ui.BirthProvider from ProcessRecord{450c14c8 14621:uk.co.gemtv/u0a360}
(pid=14621, uid=10360) requires com.eir.provider.Size.READ_DATABASE
or com.eir.provider.Size.WRITE_DATABASE
My permissions are clearly stated in the manifest file and they are correct since it works if I install the apps in a different order.
It's the first time I'm using Content provider and I am relatively new to Android so the problem might be obvious to more experienced developers.
Any ideas? Has anybody else experienced the same issue before?
Thanks in advance.
The app that defines the custom <permission> must be installed before the app that requests it via <uses-permission>. If they are installed in the wrong order, the <uses-permission> app does not get the permission and must be uninstalled and reinstalled.
Custom permissions in general are risky for SDK apps.
Make sure that BOTH apps have the permission attribute in the manifest.
<permission android:name="com.example.permission.READ" />
I had only the use-permission attribute in the consuming app, and had exactly this problem. It'll work if the content provider app is installed first, but will fail if the content provider app is installed second.
When the consuming client app has the permission attribute as well, it will work regardless of app install order.
I'm trying to create my own version of Gesture Builder. In eclipse I selected android project from existing code and I renamed the project and package name to new gesture. Then I added in android:fadeOffset = "1000" in create gesture xml(so that I can create gestures for letters like t and f) and in AndroidManifest.xml I set the version name to NewGestures and I set a different icon but when I try to run it I get this error message:
"Re-installation failed due to different application signatures. You must perform a full uninstall of the application. WARNING: This will remove the application data! Do you want to uninstall?"
From what I've seen online I need to match the signature used originally on Gesture Builder, but I've no idea how to do this on eclipse, shouldn't the signature have been handled properly when I created from existing code? Any help would be very much appreciated. I just need this app working so I can get a gestures library for a different application I'm working on for college.
This message concerns the application signature. This happens when you are trying to install an application on your device while an application of the same package name is already installed, but signed with a different certificate (see details here).
For example:
You have exported and installed your application using your Google Play keystore (so using your actual developer's certificate), and now you are running/debugging it from Eclipse, implicitely using the debug certificate (which is different)
You have runned/debugged your application from Eclipse at home on this device, and now your are running it/debugging it from Eclipse with another computer (which is using a different implicit debug certificate)
etc
Normally, below the error message, you have a button that allows uninstalling/reinstalling. If not, just uninstall your app manually and everything will be fine again.
versionName:
The version number shown to users. This attribute can be set as a raw
string or as a reference to a string resource. The string has no other
purpose than to be displayed to users.
package:
The package name serves as a unique identifier for the application.
The package name declared in your manifest.xml is what makes your application unique. Therefore, there can not be two application installed with the same package name at the same time. If you try this, your error occurs.
During the upgrade of my android application, I changed the package name. But Android market doesn't allow to upload the changed package name application as an upgrade. If I upload the application as a new application, will the user have two applications on his/her device? How can I make sure that the user doesn't have to download the application again from scratch without reverting the change of my package name?
two package = two different application in market place.
Once you upload one app, its package should be same. Also, the key should be same.
Android market is only concerned about the package name in your manifest, not the actual packages name in the source.
You could try to give the old package name in the manifest attribute, then for activities give the new package name instead of relative (ie .MainActivity)
Like this:
<manifest package="your.old.package" ...>
...
<application android:name="your.new.package.MainActivity" ...>
Could work..
I plan to serve two versions of my app (paid/free) this way and using same project and code.
If you change the package name, it's treated as a separate app - not just in the market, but apk's in general will only 'replace' the same package name (and only if they're both signed with the same key).
Although it's possible to phase over to a new key by signing an intermediate package with both keys, there's currently no easy way to phase over the package name.
The best that can be done is this:
New apk version is signed with the same key, but has a different package name.
When installed, the new apk arranges to use the shared_prefs with the old package name.
The data is copied across to the new package name.
The new version requests that the old version is removed, and the user sees the uninstall dialog.
Note app data is usually kept here:
/data/data/pac.kage.name/
I haven't tried this, so I can't give anymore details yet. You may also be interested in my request for a seamless way of transitioning the package name.