I am working on an Android project where I want to change the permissions of an application at runtime.
To achieve that, I thought of changing the android:permission tag in the Android Manifest file.
But to change this at run time, I guess it might be possible to change the database where Android manifest file's data are stored.
Please let me know where this database is stored and is it feasible to change it at runtime.
The Manifest.xml file is stored in the signed apk which is in the systems area that you don't have access to without root. So it would only work on rooted devices, you would need to obtain root, possible decrypt the apk, unzip it, make the modification and then, somehow, resign it with the original keystore that was initially used. If you are trying to modify one of your own apps I guess it's possible but it seems like a lot of trouble to go to.
Related
I've been asked to make my android app, at the press of a button, download a file and put it into /enterprise/device/settings/datawedge/autoimport/. This location isn't something that my app creates or belongs to my app -- another app on the system reads files from there to import settings.
Is it possible in general to do this kind of thing? If so, how?
Is it possible in general to do this kind of thing?
No. In general, files exist outside of areas where you could possibly get permission to write. That would include /enterprise/, /TKoL/, or other arbitrarily-named directories off of the system root directory.
On a rooted device, you probably can arrange to write there. And pre-installed system apps might be able to write there.
Is it possible to call or access HTML file which exists in another apk ?
example:
lets assume one.apk has index.html in its assest folder
is it possible to access the index.html in another web view ?
or is there any workaround for this problem ?
On current android devices, .apk files (at least those under /data and /system) are world readable. The /data directory is not listable, so you need the full and specific path of an apk to access it. Currently this can be found in /data/system/packages.xml
If you want to access it with a web view, you will probably first have to track it down and extract your own copy from the apk, by treating it as a zip file, then point your webview at that.
Of course this is not official functionality - it could go away, so best not to rely on it. The more important point is you must not rely on someone not doing this to your apk, because they actually can.
The answer is No Never..
The security architecture of the Android will not allow one application to access resources of another application.
Every application is treated as different users. Can a user access the personal files of another user in your desktop machine when protected?? Same goes here.
No, Its not possible. Its private to only that .apk. So in other .apk file you can't. Its all about Android Application Security concern.
Or something for try, (I am not sure this one help you or not) The Resources object gives you access to assets. PackageManager can give you access to the Resources for an application.
I’m trying to create an app that is able to access and modify a protected database within /data/data/. This process obviously requires root privileges and I am testing this on a rooted device. The general code to access the SQLite database is complete and works against a test database that is located elsewhere (on /sdcard/).
However when I want the application to access the database within /data/data/, it obviously fails as I am trying to access it as a normal user. I have read on the topic of using the su binary on Android for a bit now, and as far as I understand it usually used to execute shell commands only.
So my initial idea of making this work was to simply change the permissions of the file when the application starts, and change it back when it quits. So before actually bothering with implementing that in the application itself, I used my file explorer to change the permission to rw-rw-rw-. However my application was still not able to open the database.
My next idea was to use the sqlite3 program directly from the shell, but I found out, that my ROM does not come with it, so I would have to distribute it myself (Titanium Backup seems to do that).
However there is something that makes me wonder if there might not be a better way: I am using Root Explorer as my file explorer and it has a built-in way to browse any SQLite database. Given that it does not seem to ship with a custom sqlite3 binary, and that my phone does not have one itself, the access seems to happen using the normal Java tools. But how does the app get root rights then?
Is there a way to make an Android application run as root? Or did I forget setting something for the permissions earlier which prevented me from accessing it? Or does anyone know how Root Explorer does it?
You cannot raise the permissions of an already running process as far as I know. The simplest answer would be to copy it somewhere using the root shell / command line edit it, then copy it back as root again. And yes, I did read your question, just didn't explain the answer fully. Hopefully it's clear now. Not sure if root explorer does that or something else, but it would work.
When I download a apk file I need to first save it before I can install. Is there anyway to dirctly install it without saving? Do I need to make any changes in the AndroidManifest.xml?
It think what manifest file hasn't any power here. It is up to OS to do this. And it think (as a user) what download must not lead to auto installation of downloaded program.
AFAIK, an app is not extracted when it is installed, but the whole APK reacts as the self contained application. Thus, you must keep the APK in order to use the application. And if you're keeping it, then downloading it is the only option.
I was thinking about this earlier and figured I'd ask.
If I made an application that has lots of resources, what would stop someone from extracting and adding/modifying the resources I ship with it?
Does an application that doesn't want its data manipulated have any sort of option to protect itself?
Nothing prevents someone from extracting resources -- there is even an API for that. However, there is no way to modify the contents of an installed APK file, because that file is digitally signed.
Somebody with root access could obtain the APK file, mess with its contents, and re-sign it, for their own purposes, at least in theory.