Android : can native code get broadcast intent from android system? [duplicate] - android

This question already has answers here:
Listen to own application uninstall event on Android
(3 answers)
Closed 7 years ago.
Recently i've seen a funny app - Photo Wonder.
When this app is uninstalled, it shows a web survey page asking for the reason of app uninstall. Now, here is the problem.
As far as I know, after an app has been removed, the system broadcasts ACTION_PAKAGE_REMOVED intent.
But this funny app was able to show my the web page although the official doc says
"The package that is being installed does not receive this Intent."
Anyhow, I could find a process checking some kind of status of the app.
Now here is the question. Can the native app catch the broadcasted intent from android system?
If it is possible, please let me know how! :-(

I believe I've got the main idea of how they did it. Here is the pieces of the puzzle.
Any Android application can start a process by calling Runtime.exec() function.
Runtime.getRuntime().exec("chmod 755 '/data/data/my.app/files'/native_code");
After this line of code gets executed there is another process spawned. This process runs under the same linux user as the application itself.
When a user opens Settings -> Apps -> My App and presses "Force stop" button, main application process gets killed, but the process hosting native program (see above) still runs. I personally believe this is a security issue and I am going to report it back to AOSP.
Such native program can run infinitely and do nothing - just sleeping. But before going to sleep, it registers a termination signal handler which will be called when process is about to be terminated by the system.
int main(void) {
signal(SIGTERM, termination_handler);
while(1) {
sleep(10);
}
}
void termination_handler(int sig) {
// handle termination signal here
}
Now you should already know what the last piece is, right? My native termination_handler should be able to launch a browser. I didn't try this in code, but I assume this is possible, because I can do it using adb shell as following
adb shell am start -a android.intent.action.VIEW -d http://www.google.com
Now back to the question about how Dolphin Browser does it. Install the app and launch it at least once. Once started, it registers a native uninstall watcher using the principles described above. To see it, connect to the device and open adb shell. Then call ps to see list of processes. You will see two processes similar to following
u0_a109 315 ... mobi.mgeek.TunnyBrowser
u0_a109 371 ... /data/data/mobi.mgeek.TunnyBrowser/files/watch_server
As you can see it starts a watch_server native program, which is a part of its apk-file. Now open App info page of Dolphin Browser and press "Force Stop". Switch back to terminal and call ps again. You will see there is no mobi.mgeek.TunnyBrowser process anymore, but watch_server still runs.
By the way this approach will only work, if watcher server runs all the time. To
make sure it is always up, both apps require "run at startup"
permission, where they start their watchers.
Now, when you uninstall the app, Android stops all processes belonging to this application. Watcher receives termination signal and opens browser with predefined URL and then shuts down.
I might look a bit different in some details, but the main concept behind this hack must be as described.

There could be a tricky thing like that application is also having watcher service.
You can check the permission used by that app may contain INSTALL and UNINSTALL permissions.
HOW IT WORKS:
instead of single app that may have 2 app bundle.
as and when you install it, this app is also installing some service that is watching your app status
When you try to uninstall that app the system broadcast is called which is handled by that service and will check that if your package is exist in installed application or not.
as soon as this service finds that your package is not in the list it calls an intent with action view with the web url to open the brawser.

Related

Android: How to get the process id of the foreground app

First of all, please note that this question is not same as all the "android foreground app" questions I found on SO, please read on :-)
I'm trying to write an android app for my own use, using golang, without using android-sdk or ndk (this is the KEY point). It is pretty simple, just use golang to write a http service, compile it for arm CPU and voila my app is running and can be access by simply visit http://localhost.
For the purpose of my app, I need to know the currently running foreground application, to define it precisely:
Foreground application is the application that occupies the screen, or has an "activity" what-so-ever (forgive me I'm not an android developer).
Anything that that is depended by the foreground application (e.g. services) is NOT what I am interested in.
If the phone is LOCKED/screen turned off, I want the solution to tell me there is NO foreground app.
And since I do not use anything android, just treat the phone as a LINUX machine, I want the solution to use native LINUX ways, e.g. by inspect /proc, or by calling any installed android command line tool (including sending messages via these command line tools), but NOT using any SDK/NDK way so that I have to use java or incorporate these thing into my app.
Starting from Android SDK 26 (if I remember well) Apps are executed on -one-User-per-App, so (i.e.) WhatsApp is running on UID=30 and Telegram on UID=76, so executing a ROOT command of "ps -A -o PID,USER,NAME" you can parse output and then Kill all Processes that you don't want to be executed.
36119 u30_a149 <WhatsApp_packagename>
36203 u76_a211 <Telegram_packagename>
37399 root [kworker/1:2H]
37423 u0_a329 su
38069 root sh
Without Root Permissions nothing of what you're trying to achieve is possible simply because is not possibile to denied an application to be executed or to kill it without Superuser privilege.

The application sometimes restarts multiple times after shutdown

I have a problem, users report that when the application shuts down (ending the process), the app restarts and user must shuts it down again and the app restarts again. Sometimes even 4x ...
How is it possible? I will close all the services & activities that have been started and I will terminate the whole process ...
I've noticed that only users with android 7 report it to me. It's never happened to me (android 5).
It is the same restart as if the activity is an error, just an exception and a restart. But Fabric.io tool has no record of any errors ... so I do not know what could happen, does anyone have any idea?
Add a Log.d statement into your onCreate in the Application class.
Extent the application class
public class TheApplication extends Application {
#Override
public void onCreate() {
super.onCreate();
Log.d("restart", "My App is restarting");
}
}
and in the manifest
android:name=".TheApplication" <-- make sure the package is correct.
Install the app adb install yourapp.apk
open a terminal
adb logcat restart *:S
then click on your app and watch the terminal.
This way you don't have to run it in debug mode and it runs like a regular app.
If you see it logging the app restarting several times maybe you can put in a trace in places (loging) like put one in the onDestroy of the main launcher class.
hope you figure it out.
It could happen from the 3rd party library that you includes into the project.
Some of them might have a service to trigger something intervally and that wake up the app the couple times.
This issue happened before on the app that i've been working on where the app keep waking up after that particular library get included.
Please check for any service that running in the background.

Restart native app after crash

In android 4.4 and below, who loads a native application (/system/bin/*) at startup, I think that the file init.rc is responsible, it is correct?
Then if a native application crashes (for example /system/bin/mediaserver) it restart automatically, then the question is: who is responsible for the application restart? there is a file?
ActivityManagerService restarts the native apps.
There's usually some chatter in logcat when an app is restarted by the activity manager service, in the normal log and/or event log
(logcat -b events).
More Info:
If you see the code of ActivityManagerService.finishForceStopPackageLocked() method, this method fires an Intent with action Intent.ACTION_PACKAGE_RESTARTED.
And it is called from various methods like:
ActivityManagerService.forceStopPackage()
IPackageDataObserveronRemoveCompleted.onRemoveCompleted()
So internally there's an PackageDataObserver implemented in ActivityManagerService, which observes if any package is removed, and if it's need to be restarted, an intent is fired with the action Intent.ACTION_PACKAGE_RESTARTED
And every package is forced closed using ActivityManagerService.forceStopPackage(), it knows which package to restart.
Hope it clears the doubt.

How to show an Activity BEFORE my app is uninstalled (Android) [duplicate]

This question already has answers here:
Is it possible to detect Android app uninstall?
(8 answers)
Perform a task on uninstall in android [duplicate]
(4 answers)
Closed 7 years ago.
I though it was not possible but I noticed that NQ Mobile Security is able to show a message after I click on Uninstall and before the PackageUninstaller is called.
I would like to replicate this behavior in my App.
I tried with an Activity listening to "android.intent.action.DELETE" Intent, as suggested here:
How to know my app is uninstalled from the device...?
But as I'm about to uninstall my app, the chooser pops up asking to pick my application or the package uninstaller. How can I avoid this?
Is there a different way to intercept your application UNINSTALL event? (before answering that it is not possible, please try to uninstall NQ Mobile Security and see what happens. On my Android 2.3.4 it shows a nice screen saying that is not safe to go without a security app).
I noticed that NQ Mobile Security is able to show a message after I click on Uninstall and before the PackageUninstaller is called
They must be exploiting some security flaw in Android. I will research it and see if I can get it fixed. Apps are not supposed to get control at uninstall time.
Thanks for pointing this out!
Is there a different way to intercept your application UNINSTALL event?
I sure hope not.
Opera Max is an app that does something similar - after being uninstalled opens a webpage.
How do they do this?
By using libevent, from native code, they watch /data/data/com.opera.max directory to be removed and then post good old action.VIEW broadcast when it happens.
Install their app, run it, and on rooted device from adb shell remove /data/data/com.opera.max directory
UPDATE: I created a sample app that shows how it works. BTW it doesn't work with recent (KitKat+ I think) Android versions: https://github.com/pelotasplus/ActionAfterUninstall
I'm pretty sure that they are monitoring the LogCat to intercept when the Activity Manager calls the PackageUninstaller. I think they kill the task and start their own Activity.
It's pretty clever but it's definitely exploiting a security hole in Android.
They are likely asking for a very critical permission that the user is granting them unknowingly. Look at the "Permissions" tab for this app (as of 6/15/2012): https://play.google.com/store/apps/details?id=com.nqmobile.antivirus20&hl=en.
The list of permissions this app gets is downright chilling. Among other things:
SYSTEM TOOLS RETRIEVE RUNNING APPS Allows the app to retrieve
information about currently and recently running tasks. Malicious apps
may discover private information about other apps.
CHANGE/INTERCEPT NETWORK SETTINGS AND TRAFFIC Allows the app to change network settings
and to intercept and inspect all network traffic, for example to
change the proxy and port of any APN. Malicious apps may monitor,
redirect, or modify network packets without your knowledge.
PREVENT TABLET FROM SLEEPING PREVENT PHONE FROM SLEEPING Allows the app to
prevent the tablet from going to sleep. Allows the app to prevent the
phone from going to sleep.
CHANGE YOUR UI SETTINGS Allows the app to
change the current configuration, such as the locale or overall font
size.
MODIFY GLOBAL SYSTEM SETTINGS Allows the app to modify the
system's settings data. Malicious apps may corrupt your system's
configuration.
DISPLAY SYSTEM-LEVEL ALERTS Allows the app to show
system alert windows. Malicious apps may take over the entire screen.
MOUNT AND UNMOUNT FILESYSTEMS Allows the app to mount and unmount
filesystems for removable storage.
CHANGE NETWORK CONNECTIVITY Allows
the app to change the state of network connectivity.
CHANGE WI-FI STATE Allows the app to connect to and disconnect from Wi-Fi access
points, and to make changes to configured Wi-Fi networks.
-- Update --
I also found that the Android Package Manager pretty much just deletes a package if it is asked to do so. The only check it performs prior to doing so is whether the package being deleted is currently registered as having an active device admin:
try {
if (dpm != null && dpm.packageHasActiveAdmins(packageName)) {
Slog.w(TAG, "Not removing package " + packageName + ": has active device admin");
return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER;
}
} catch (RemoteException e) {
}
See line 6900 in PackageManagerService in the AOSP source here.
For this, the application must be explicitly registered as a device admin by the user. See notes on device administration here: http://developer.android.com/training/enterprise/device-management-policy.html.
As per https://stackoverflow.com/a/26829978/1317564, here is some example code that does it: https://github.com/zzljob/android-uninstall-feedback/blob/master/library/jni/feedback-uninstall.c. This won't actually stop the uninstall from taking place, but does provide a way to catch it and take some action. I'm honestly surprised that this works in Android and the team may have plugged the gap in recent releases.

Stop running application with ADB

is there a simple way to stop a running application using ADB.
Szenario:
Working on App
Have a script which uploads, installs and starts App on change
Problem:
Currently running version gets killed (not shutdown), which make testing cleanup very hard. Option would be to "do cleanup in between", like after a certain time, but I would prefer to do it in the correct location (so like with the OS, as long as the App is still running, so need to save value, as soon as the OS tells me e.g. memory low or calls onDestroy, I want to save stuff)
Chris
I'm not aware of a way to do this. I was hoping there might be a way to send an intent to tell the app to exit using adb shell e.g.
adb shell am start -a [intent] -n [class]
However, I found that somebody asked this question on a Google forum but they haven't got an answer:
http://groups.google.com/group/android-platform/browse_thread/thread/3fd02d01c6c3b41a/56814e518503efd6

Categories

Resources