I have a system app that the OEM installs with the system image, but is signed by me. If I upload an updated apk to the market, will the market app silently install this update automatically?
If my system app is instead signed with the platform signature instead of mine, this means any updates also have to be signed with the platform signature, correct? Can a platform-signed apk be updated from the market?
Lets first of all clarify the difference between all types of apps.
System apps are those that are located in the /system/app folder. These applications have a flag ApplicationInfo.FLAG_SYSTEM set. In an ordinary device the partition /system is mounted for read-only access. Thus, a system application cannot be updated because it is located in the read-only location. These applications can be updated only as a part of OTA update.
Ordinary apps are located on the /data partition which is read-write. Thus, these applications can be updated by a system.
Now lets talk about signatures. Some Android components are protected with permissions of signature type. This means that if you want to have access to a component protected with this type of permission, your application must be signed with the same certificate as a protected component. This is true not only for Android system, but also for Android applications, i.e. in your application you can have a component that is protected with a signature permission, thus, only applications that have the same signature will have access to this component.
The third thesis which we require to answer your question is that Android prohibits the installation of the packages that have the same package name but different signatures.
Thus,
I have a system app that the OEM installs with the system image, but
is signed by me. If I upload an updated apk to the market, will the
market app silently install this update automatically?
If my system app is instead signed with the platform signature instead
of mine, this means any updates also have to be signed with the
platform signature, correct? Can a platform-signed apk be updated from
the market?
The answer is no. Although the apps that are located in /system/app can be signed with a certificate that differs from the platform one, the update of these applications is possible only with system update.
To solve your problem you can change the packagename of your application, sign it with your (if the application does not require to have access to protected Android components) or platform (if the application should have access to protected components and if you have access to this signature) and put this application into market. Then, you'll receive the updates of your application through the market.
The system will not treat an apk in /data/app as an update unless the signatur matches the one in /system/ap
Related
I need to access VHAL properties like ABS_ACTIVE, ENGINE_RPM, etc which are restricted with signature permissions. The third-party app access to VHAL is restricted with permissions. I will get OEM signature permission in the production build, but for testing, I need to sign my app with an AOSP certificate or I have to move my app into the system folder.
Where can I find those certificates?
How can I sign my app with those certificates?
Build your own custom system image https://source.android.com/devices/automotive/start/avd
Include your apk in the system image as part of the build (& you will need to pre-grant access to your apk (https://source.android.com/devices/tech/config/perms-allowlist)
The system images that are published by Google/Volvo/Polestar are user/release-keys and hence you won't be to get those platform keys for it.
For testing you can sign your app with the default platform key that comes with android.
The Android tree includes test-keys
I'm developing an app for specific tablets that should be updated via our custom server (just checking the json with the version and if that version is bigger then current one - we download new apk and install it.
And facing some strange signing behavior.
I sign an app with the release key and after install it on the device - everything works properly.
BUT
when tablets' manufacturer installs that signed apk as system app - then somehow signing certificate of the app changes and I cannot update it (because certificates are different according to the console).
I tried to log hashes of the certificates and what i've received:
simple installation mode:
current: 1925650013
next version: 1925650013
app installed as system
current: -1314815697
next version: 1925650013
looks like it became "debug" key, and I cannot understand why.
Your question already contains the answer: when tablets' manufacturer installs that signed apk as system app.
System apps (in the original meaning) are granted the system permission and for getting this permission the app has to be signed with the system manufacturer's key.
If your app does not require system permissions I assume this is a misunderstanding between you and the tablet manufacturer - in such a case you only want to have your app pre-installed on the system partition. Most users call such an app "system app" but actually it is just a regular app on the system partition.
I'm developing a non google play application, that will be delivered as an unsigned release assembly apk to device manufacturers that will sign it with their own private system key signature.
the system signature is essential, because the app uses permissions with protection level signatureOrSystem .
since the app not going to be installed as a system privileged app, it must be signed with the system's signature.
since I'm not going to have access to the final signed apk (or the signing key itself) I don't know how can I test the product I'm delivering (on a real device and not emulator) since it functionality depends on been signed with a system signature.
so far, only reference I found is a very old thread discussing about how to sign with system signature, but as I understand - it will not work anymore.
I would like to understand what is the recommended work-flow for how to test my app behavior as it signed with a system signature on a real device.
With larger companies, the company manufacturing the device will provide a version of the OS for the app developer to flash to a device that has a different set of recognized signing keys for you to test with. This is how they would expect app developers to be able to test their apps as if they were running on a full production device.
You might be able to get away with rooting a device and sideloading your APK in /system/app instead of the usual install location of /data/app. Once you have an app with a manifest with necessary system permissions installed there, reboot, and install normally (adb install to /data/app) and then you will be able to use the system permissions define in the app in /system/app.
What I should to do to create a system app (to obtain rights to use android:sharedUserId="android.uid.system"in manifest file without receiving an error from package manager about certification problem?
I use rooted phone with stock firmware.
Ok, I think that I find sollution from great xda developers: http://forum.xda-developers.com/showthread.php?t=1776095 here is full description how to obtain access to apps signed by platform keys.
Do you apply with this approach?
PS it is interesting that users from stack instead of investigating hard problem immediately say that you can not solve it, then reduce novice user's reputation...
What I should to do to create a system app
There are two types of system apps:
Apps installed on the system partition, which can be accomplished by users with root privileges
Apps signed by the same signing key that signed the firmware
to obtain rights to use android:sharedUserId="android.uid.system"
That definitely would require your app to be signed by the same signing key that signed the firmware. That's true for any android:sharedUserId.
But some guys edit stock apps, prepare zip file which user can update system apps by recovery.
You are welcome to provide any evidence that what they do somehow involves android:sharedUserId="android.uid.system".
A system app must be signed with the platform key. This is done by developers deploying an android platform on their own device, or mobile carriers.
If that is your case, the easiest way is to add this to your Android.mk:
LOCAL_CERTIFICATE := platform
LOCAL_PRIVILEGED_MODULE := true
or this to your Android.bp:
certificate: "platform",
privileged: true,
If you add those lines without adding android:sharedUserId="android.uid.system" to your manifest, you will be a platform_app. A system app is more privileged than a platform app. That uses the platform key and runs as the system user.
If you are not the platform vendor, the platform vendor would need to sign your application using their platform key. Some vendors, including my company, will do this for 3rd parties demonstrating a valid reason for doing so.
Without the signature, your application can only be used on rooted devices.
I did not need to sign my app with the firmware signature! I have a rooted device. Therefore I can grant myself rights to write to certain directories using adb.
I moved my app to /system/priv-app instead of /system/app using those steps: Push my apk to /system/app
Now, I can access system permissions like android.permission.SHUTDOWN
There is two types of system apps.
Type 1: The App which is in the same signature of the Device ROM .
Type 2: The Signed app which is in system/priv-app ( Might differ based on adnroid version ) in your device storage location .
Visit this link -> http://www.archive.ricston.com/blog/explaining-behavior-android-application-system-apps-nonsystem-apps/
I am building an app that will be bundled on an android device as a system app. The manufacturer is a ways out on delivering the device to us, so in the meantime I'd like to grant my app system level permissions in the emulator so I can work on an auto update feature that will do silent installs of APKs without any interactions from the user. From what I've read, its my understanding that the only way to be able to do silent installs on android is if your app is signed with the same cert as the OS. So how can I simulate this in the emulator?
If you want a signatureOrSystem permission, you just need to be placed on the system image; you don't need to be signed with any special cert. You can do this as a one-off (until you exit the emulator) like this:
> adb root
> adb remount
> adb push /path/to/My.apk /system/app/My.apk
Once you have done that, you can use the normal process to install further updates on the data partition ("adb install -r /path/to/My.apk" which is what the developer tools do when you run from Eclipse). When installing this way, the app retains any signatureOrSystem permissions it had requested from the original version on the system image, but can not gain any new such permissions.
If you need pure signature permissions, you need to sign your app with the same cert as whatever is declaring those permissions (typically the core framework, but the media system is a separate cert etc). If you are requesting signature permissions you don't need to be installed on the system image, you can just install it as a normal app and it can still get the permissions because of the signing.
As far as I can tell, you need to:
download the Android source and build an emulator firmware image.
sign your application with the keys in the Android source tree at /build/target/product/security/.
add android:sharedUserId="android.uid.system" to your application's manifest.
run your application on an emulator using the image built in step 1.
The reason for having to build your own firmware image is so that you can get at the keys. Now, it might be possible that the keys for the standard emulator image are available somewhere, which will save you the long and exceedingly tedious process of building your own Android, but I'm afraid I have no idea where these might be.
Disclaimer: never tried this myself.