I want to execute my code before an app get installed. i.e. whenever user download any app externally and click on icon of an app, before package installer I want show my activity or allow user to choose my application to run.
Here is the sample image which is from Lookout app, I want to replicate same feature.
Fortunately, this is not possible, for obvious security reasons, from a regular Android app.
You are certainly welcome to download the Android OS source code, modify it to contain your desired features, package the results into a ROM mod, and distribute that ROM mod. Convincing people to use your ROM mod may be a challenge.
Related
I want to access the apk file of any app before installation.
In more details: in google play store when the user clicks on Install button I want my application to access the apk file of the application that the user wants to download, and analyze this apk file and be able to whether allow the installation or stop it.
is that possible and if so how to approach this
On Android this functionality was introduced in Android 4.2. It is usually used by anti-malware products like Google Play Protect is known as a "Package Verifier". There is a good blog post on it here.
The short answer is this has to be done as part of the phone manufacturing process as it is so critical to security. So the answer is it can be done, but if you write this code you will need to get a phone manufacturer to include your code as part of a phone system image.
Most third party anti-malware products instead rely on analyzing the APK after the install happens by listening to the package added notification.
Definitely not possible in the way that you want. Android's OS is pretty well locked down. You might be able to do something if the device was rooted but at that point you may as well write your own OS fork. You can attempt to do someting with https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_ADDED broadcast but you will not be able to analyze the apk freely nor will you be able to stop the installation of it.
My question may look strange but I'll try to explain somehow. Let's imagine there is an Android device with software that adjusts some settings based on application package name - it's a real-life scenario. This software may provide better performance for listed applications and there is no way to add my application to that list. What I'm capable of doing is to release my application under one of listed package names (not to Google Play, just provide APK on GitHub so that anyone who wants to use it will install it manually). And there comes my question:
is it legal to use some company's existing package name for my own application? Is it protected legally? My app is free & open source application.
Just to be clear: I'm not doing this to impersonate "real" application with bad intentions. I just want my application to use full range of device capabilities... And download page will state it clearly & visibly :)
In other words: can I release app with package name e.g. com.google.android.talk? I know that it won't override existing app if someone has it installed etc. (it's not my goal to override some application). I'm just talking about such possibility and legality.
This is totally legal, as you can use whatever String you want for your app/package name.
However, just doing this will most probably be not enough to "impersonate" the other app, as this would be a serious security flaw. First of all, there can never be two apps with the same package name installed.
If the app you speak about is created by a "serious" developer, say Google or one of the OEMs, it will check both package and signature of the app and will therefore know your app is not the same as the replaced app.
Also, when the user tries to install your app, a package conflict will happen, followed by the signature conflict. There are two scenarios here:
If the app you are replacing is a standard app, the user will be able to install your app from adb, but only after thay accept to completely wipe the data of the original app. You have probably seen this dialog while developing stuff.
If the app is provided by the OEM and has system permissions, the installation will simply fail, with no possibility to "overwrite" the app. This can be dodged by having the devices rooted, replacing the .apk file in the system directory and restarting the phone.
Please mind that none of the above will work by just uploading the .apk to the phone. This needs to be done from adb. On-phone installer will just fail.
I'm currently developing a small Android app that will not be on the Play Store. It is a private business application that will be used for a non-emergency transport company. The Android app will show drivers a list of pickups and drop-offs that they will have throughout the day and allow them to update the status of those trips. What I'd like to do is have some method of updating the app during off hours or when the device is idle. Ideally, it would be great if someone has already written some kind of Android updater that can run as a service. However, I certainly wouldn't mind writing this on my own.
Either way, all it needs to do is pull an APK from our servers and install that APK. I usually don't like doing things sneaky like this, but our clients want it to be this way so that they won't have to go to each device and press OK on permission prompts and they don't want to leave the responsibility of updating the software to the drivers.
I understand the security concerns, but it seems to me that there should be some way to allow an app to auto-update itself if the user permits it. Also, our app is signed and includes a certificate on the device to verify that the downloaded app is legit.
As CommonsWare mentioned it's not supported by standard android. If you take the path of creating your own firmware and installer take a look at the existing PackageInstaller. The required changes are not so complicated.
I did it for a couple of custom versions and it works.
Either way, all it needs to do is pull an APK from our servers and install that APK. I usually don't like doing things sneaky like this, but our clients want it to be this way so that they won't have to go to each device and press OK on permission prompts and they don't want to leave the responsibility of updating the software to the drivers.
This is not possible, except via custom firmware or on a rooted device.
it seems to me that there should be some way to allow an app to auto-update itself if the user permits it.
You are welcome to build your own customized version of Android that has this capability. Stock Android does not offer this, except to the firmware itself.
I'm developing a remote-control application for Android.
I want to be able to lock/unlock the screen.
To do this there are two ways:
Making the app a Device Administrator.
Using PowerManager.goToSleep(), which requires the DEVICE_POWER permission, which is a system permission.
So eclipse tells me "this permission is only granted to system apps".
I really need this and some other system permissions in my app, as it's a remote control app that must be able to control system features.
From the support page:
Uploading System Applications
Most developers will not need to upload system applications and may ignore this section. System applications may come pre-installed on certain devices and may or may not already be published in the Play store.
If you need to upload a system application and encounter an error message when doing so, please contact us. Please be sure to select the Publishing issues and distribution option.
If I'm understanding it right, It's possible to make a system application. how?
I'm developing a remote-control application for Android
Fortunately, this is not possible, except perhaps if you run as root, or you download the Android source code, modify it, and roll it into your own ROM mod.
If I'm understanding it right, It's possible to make a system application. how?
Build your own ROM mod. Sign the app with the same signing key as is used to sign your ROM mod. Put your app in your ROM mod. Install your ROM mod on your device.
This, of course, will limit your app's distribution to those devices running your ROM mod.
A lot of “system” permissions are really SIGNATURE_OR_SYSTEM permissions. For those, you need to do one of the following:
After building the APK, install it as a system app.
Sign the app with the same key as the Android distribution on your device.
For the first option, you would need to be root on your device. Regular APKs reside in /data/app, while system APKs need to be placed in a different folder (on Android 6 and 7 it’s /system/priv-app, earlier versions may differ). However, this is not very suitable for an app to be distributed to end users, especially if your target audience is not very tech-savvy.
For the second option, you need to build Android from source for your target device. If you sign the app with the same key as your Android build, then users running that build of Android can install it in the usual manner.
I'm working at the IT-department of a rather large company, and we got Android phones for all of our employees. Every time someone quits or turn in their phone for any reason, we have to factory reset and then install all the required apps for our company, and this takes time.
I recently discovered that if you flash a custom rom, you can pick and choose what apps you want pre-installed in the ROM. This is good news for us and it got me thinking further.
So my question is, is there any way to customize the app data before flashing the ROM?
For example, we want our company's email app pre-installed with the correct user data already set up.
Look here http://forum.xda-developers.com/forumdisplay.php?f=613, theres some socalled 'rom kitchens' that let you remove or add apps from/ to roms and make some customizations.
I'm not exactly sure about having the users data already in the email application, but you need to decompile the ROM, place your company's applications in the /system/app/ folder and then recompile the ROM. This will keep you from having to install the applications manually.