I published my app on play store. But when I press install for installing any other app on play store. One app permissions page open. And it contains permissions like Phone calls, Network communication, Your location, Network communications and so on. But when I click install on my app in play store. App permissions page open that contains text Laughing Buddha does not require any special permissions. How can I add permissions like in other apps when someone click on install on my app in play store?
If your application need any special permission you can add in Manifest. Its your choice. If the app does't need any permission it will show like Laughing Buddha does not require any special permissions
Related
I have built 5 app with different sign key and they are not on googleplay market.
And user downloads and installs my apps from little banner ad click ,which I put in my apps(Internal downloader and then install app AND NOT market link!).
I use "REQUEST_INSTALL_PACKAGES" to get install permission and android targetsdk is 28 .Is this permission dangerous to use? And would "googleplay protect" detects it as a dangerous app and show warning protection dialog when user installs it?
Any help will be appreciated.
Please take a look at my answer I posted below:
Why HMS PushKit needs android.permission.REQUEST_INSTALL_PACKAGES
I've given allot of detail into why not to use this permission, and how it poses a security risk for google, (so much to the point that they will reject the app, if any dependency has this permission on its manifest).
I have got an app that fetches the list of several apps from my own server. By clicking download button in the list row, user can download an apk for the app and install it.
As you know when you install app with apk it requests permission before you install it. However, Google Play Store App requests permission before you download the app and don't ask you for permission before installing.
Can I get the same functionality for my app? Meaning, request permission before user download the app and don't ask for permission before they install the app?
Google Play Store reads details from the APK when the developer uploads it on their developer console and it is stored on their server separately. These details include a lot of information like required permissions, hardware features, platform support, screen size and other properties specified in the APK. Using these details they filter the visibility of the apps for different audiences.
Before the APK is downloaded, they fetch the list of permission from the server and present it to the user. You can definitely do this in your application, but it does not really have much that you can do on the client side except for fetching and displaying the list.
EDIT:
You might want to look at this gist about installing applications with INSTALL_PACKAGE permission: https://gist.github.com/Fuzion24/2623253
You will need to invoke PackageManager.installPackage() through reflection. This method needs a system permission - android.permission.INSTALL_PACKAGES which your application will get only if it is in the /system partition and not /data partition (where all the user apps are).
Scenario:
I have an app already deployed on Google Play.
For some internal reasons, we'll have a separate app (separate .apk) which define a custom permission on the manifest:
<permission
android:name="<my.app.package>.PERMISSION.extras"
android:protectionLevel="signature"/>
and the existing app will use this permission.
<uses-permission
android:name="<my.app.package>.PERMISSION.extras"/>
both apps are signed with our key and it the communication between the two apks is working fine.
Now the question:
because of this new custom permission, will Google Play:
require our users to go to Google Store -> My Apps -> <my.app> -> Update
or
just auto-update as usual, and it only cares about the new permissions if it is one of the android.permission.* permissions ?
Any well based information will be deeply appreciated.
To answer my own question I setup a small test.
test procedure:
created new google account, on a tablet and downloaded the app
added this new user to the G+ community for Alpha testers of the app.
on this user account, accepted to be an alpha tester
double checked that the app is with auto-update enabled.
pushed an update to the app with the new custom permission.
await for the cloud...
results:
on Google play developer console it shown the extra permission on both the total number of permissions and the list of permissions.
after a few hours the tablet auto-updated with no problems.
the custom permission are not shown on Google Play Store in the tablet
the custom permission are not shown on the tablet Settings -> Apps -> My App -> Permissions
so final answer:
custom permissions with signature level protection do not stop the auto-update from Google Play Store.
I believe custom permissions would fall under the category of "Other." Based off this page, you'll be asked to download the update when adding the permission. If the permission has already been approved, this may be different.
Whether or not the user has to manually go to the Play Store to get updates or if the app updates itself is also a different matter. This is dependent on the user settings within their Play Store application. You can refer to "App Updates" in the page linked previously. With Auto-Update enabled the user won't be prompted to approve permissions if the new permission group has been previously added (this may not apply in your case because it's a custom permission). No matter what, if your app is adding a new permission group, the user will be asked to accept the update.
I believe only if the user has auto updates disabled and notifications disabled for their Play Store application, will they need to manually go to the Play Store -> App -> Update.
I'm preparing my app for the play store and plan to deliver one component as separate install package (since my customer can't recover the source code, but the app is signed with his key). I thought about two ways of doing that. My needs are just these: Users with "unknown sources" deactivated should be able to install the 2nd app. And: The user should never be redirected to Google Play store.
Both apps are free.
I've looked up for solutions that would let me download an additional APK from Google Play and simply present the user an installation screen to acceppt the installation. I would like a solution, where I sent an intent to the PlayStore app and it displayed the app name, permissions and the install button. I've found nothing. Anyone any experience here?
I thought I could package this additional app into the assets of my enclosing app. I'd need to write it to the file system and send the system an intent to install the package. Problem: The App was not loaded from Google play and with that it's source is unknown. If I used the PackageManager and let it install the APK, does the permission INSTALL_PACKAGES allow my app installing this 2nd app on a user's device (since the user already accepted that my app may install packages)?
I hope someone may help. And thank you in advance.
My needs are just these: Users with "unknown sources" deactivated should be able to install the 2nd app. And: The user should never be redirected to Google Play store.
This combination is impossible, barring a major security flaw in Android and/or the Play Store. The only way to install apps through the Play Store is via the Play Store app.
I would like a solution, where I sent an intent to the PlayStore app and it displayed the app name, permissions and the install button.
That activity is not exported. You are welcome to use a market:// Uri to lead the user to the Play Store, where they can review this second app and decide, for themselves, whether or not to download and install it.
since the user already accepted that my app may install packages
Your app cannot install packages directly, unless it is signed with the firmware signing key or is installed on the system partition (e.g., by a rooted device user), as that is the only way that you can hold the INSTALL_PACKAGES permission. Ordinary SDK apps are welcome to create an ACTION_VIEW or ACTION_INSTALL_PACKAGE Intent to request that the app be installed, but the user will need "unknown sources" enabled.
Is it possible to initiate a fully automated app installation (after a user clicked a "Install app" button)?
Or do I simply have to open the respective Google Play page in the browser, and the user has to handle installation from Google Play as usual?
No. It is impossible to install apps from the API without user intervention. There are a number of reasons for this, you could perform privilege escalation, to mention one. Instead, you just have to redirect the user to the Google Play app.