I made an android application inside that i have put an apk file in "res/raw" folder now what i want when i am installing my apk the apk inside the raw folder also install without clicking once more on install button. If it possible by writing my own package manager or package installer please suggest me.
Spyware? Malware? Even if it is not, it might be flagged as such if you have nested APKs.
You can't install without user interaction unless you have system or root permissions. This is a good thing too. If you are building your own firmware, and distributing to limited devices, you can sign your app with the platform key and be able to install packages directly. There are multiple questions about this, but generally you use one of the hidden (from SDK apps) installPackage() methods of PackageManager.
I think you would have to Root your phone to do this.
The main question is why you would want to.
Related
Background
Without root, I know that it's possible to install a single, normal APK using Intent (here).
Given root, I know that it's possible to install it using this .
This will install the app like a normal installation process, as a user-app.
There is also a way to install a split apk app (here), though for some reason I didn't succeed using it.
The problem
I want to know how to convert and/or install an app to be a system-installed-app, and back to be a user-app.
This includes both APK files of apps that aren't yet installed, and of apps that are already installed.
What I've found
I've found some very old ways to convert an existing app (or installing a new one) into a system app (here, for example or here), saying (in short) I should just move the APK file into /system/app/ path.
Thing is, this might have worked in the past, but now it's not. I think the reason for this is that the apps on /system/app/ exist in a different way now: each app has a folder with some files inside of it.
As for converting back to user app, I can't find it. Same goes for installing a split apk app to system app and convert it back to user app.
In fact, there are apps on the Play store (such as this one) that I remember that could convert other apps into system apps just fine (using root) - now can't do anything.
The questions
When did the method of installing/converting an app to system app worked? How come it doesn't work anymore?
What should be done installing/converting an app to system app, and back to user app, on both old and new Android versions?
Is the same thing possible for split-apk apps (example: AirBnb app) , or at least installed ones?
As I know the procedure which define system app has changed over the time.
The Privileged Permission Whitelisting AOSP documentation may help you:
Privileged applications are system applications located in the
/system/priv-app directory on the system image. Historically, device
implementers had little control over which signature|privileged
permissions could be granted to privileged apps. Starting in Android
8.0, implementors can explicitly whitelist privileged apps in the system configuration XML files in the /etc/permissions directory. Apps
not explicitly listed in these XML files are not granted privileged
permissions.
Below described process won't work with every android build versions but in most cases it will work as expected.
1 - When did the method of installing/converting an app to system app
worked? How come it doesn't work anymore?
You have two situations to install the application like system app.
When building an android image
You can place the application you want system privileges in /system/app folder and building system will sign it with the platform key and it will work as a system application.
After gaining root permission of installed images
If you can access your android system as the root user, then you can simply push the certain application to /system/app directory on android device.
2 - What should be done installing/converting an app to system app,
and back to user app, on both old and new Android versions?
If you want to make your application as a system application, you need to add android:sharedUserId="android.uid.system" as application attribute on your AndroiManifest.xml file
<application
android:allowBackup="true"
android:icon="#mipmap/ic_launcher"
android:label="#string/app_name"
android:roundIcon="#mipmap/ic_launcher_round"
android:sharedUserId="android.uid.system"
android:theme="#style/AppTheme">
For most of the custom images, manufacturer toolkit is provided and it can be used to create a new image file with system applications. If you don't have such a tool, you can root your device and push apk file to system/app directory.
According to my understanding, we don't have any straight forward way to revert back system app to user app. What you can do is simply uninstall system application and again install it as user application.
3 - Is the same thing possible for split-apk apps (example: AirBnb
app), or at least installed ones?
Above procedure should work with split-apk apps. But unable to confirm because I have no prior experience.
The apk i saw for rooted phones or w.e is called systemizer apk it claims to turn any apk into system apk thrpugh it and prolly back again is what im assuming it could or couldnt but nice if it does =} id decompile it and see what it does to do sucha thing if i needed the code instead for my own project.
My question may look strange but I'll try to explain somehow. Let's imagine there is an Android device with software that adjusts some settings based on application package name - it's a real-life scenario. This software may provide better performance for listed applications and there is no way to add my application to that list. What I'm capable of doing is to release my application under one of listed package names (not to Google Play, just provide APK on GitHub so that anyone who wants to use it will install it manually). And there comes my question:
is it legal to use some company's existing package name for my own application? Is it protected legally? My app is free & open source application.
Just to be clear: I'm not doing this to impersonate "real" application with bad intentions. I just want my application to use full range of device capabilities... And download page will state it clearly & visibly :)
In other words: can I release app with package name e.g. com.google.android.talk? I know that it won't override existing app if someone has it installed etc. (it's not my goal to override some application). I'm just talking about such possibility and legality.
This is totally legal, as you can use whatever String you want for your app/package name.
However, just doing this will most probably be not enough to "impersonate" the other app, as this would be a serious security flaw. First of all, there can never be two apps with the same package name installed.
If the app you speak about is created by a "serious" developer, say Google or one of the OEMs, it will check both package and signature of the app and will therefore know your app is not the same as the replaced app.
Also, when the user tries to install your app, a package conflict will happen, followed by the signature conflict. There are two scenarios here:
If the app you are replacing is a standard app, the user will be able to install your app from adb, but only after thay accept to completely wipe the data of the original app. You have probably seen this dialog while developing stuff.
If the app is provided by the OEM and has system permissions, the installation will simply fail, with no possibility to "overwrite" the app. This can be dodged by having the devices rooted, replacing the .apk file in the system directory and restarting the phone.
Please mind that none of the above will work by just uploading the .apk to the phone. This needs to be done from adb. On-phone installer will just fail.
The device my Android app is running does not have Playstore on it. The plan is to pre-install the software when shipping the device. I am now looking for a strategy to upgrade the application.
I found this useful link to install an Android app from the apk file:
Android: install .apk programmatically
I am thinking I will use this logic to auto-upgrade my app. I am wondering if it is even possible. I am thinking the upgrade will first try to uninstall existing version but will fail as the executable is still running and the file may be locked. Is there a better way? Regards.
Peter, we've just implemented the same thing.
Users have the software pre-installed on their device and we host update APK's on the companies servers.
From the app they can then check for updates where we have a WCF service which extracts the APK file (essentially a .zip) and returns the manifest details. From there we have the version of the APK and can compare it against the local version.
If the user decides to upgrade they can download the APK and you can automatically launch it. At which point the user will be told the application is going to be updated. There are no file locks etc, the app will just close and restart using the new version.
Note: Downgrading is not "automatic". The user would have to first uninstall the app. For upgrades, however, it's a simple case of downloading and launching the APK version (the user will be told they need to allow installations from unknown sources if this is not checked).
You have a couple of options, depending upon your target system.
Use the link you posted. This will provide the user with a traditional install dialog, whereby the user can choose to install or not. You should avoid doing that automatically, as APKs can be large and you might irritate the user if they don't want updates.
You can install updates magically, but you will require the firmware signing key (or possibly root, but I haven't tested that). That will not ask for consent from the user. You will need to add additional code using reflection to access the installation methods of Android. If you go this way, you should build an opt-out/in mechanism.
If your app is open-source, F-Droid would solve the problem for you.
F-Droid is an installable catalogue of FOSS (Free and Open Source
Software) applications for the Android platform. The client makes it
easy to browse, install, and keep track of updates on your device.
Mainly, it updates your app when necessary. (Or just have a look at its source code for inspiration on how to do it).
Yes but as far as I remember only if you had Root privileges in order to have access to the INSTALL_PACKAGES permission.
I would like some general info on system apps. I am working with a manufacturer who is willing to give me the info required to make my app a system app. However, I do not know exactly what this information should be and how to change with my app to make it a system app with the given information. I believe I need the something in my manifest like this
android:sharedUserId="android.uid.system"
and then I need to sign my app with the manufactures key? I am not sure could someone explain to me exactly what the process would be please?
Also the reason my app needs to be a system app is so the user cannot uninstall it, but my app still needs to update. Is it possible to update my app when it is a system app? I would be updating if from google play like normal.
Thanks for any help I simply could not find very much information on this subject and would appreciate the help.
This link here would give you a bit of information.
A System application is NOT an application which is signed by the OS’s
platform signatures. This is a common mistake believed by many and we
shall come to this later on. A System application is merely an
application which is placed under /system/app folder in an Android
device. An application can only be installed in that folder if we have
access to the OS’s ROM (system.img). The application is placed under
/app folder after the ROM has been extracted. A device which loads the
custom ROM will have the new System application added. The benefit of
a System application is that the application cannot be removed from
the device (cannot be uninstalled by the user). This is only because
/system/app is a read-only folder.
http://ricston.com/blog/explaining-behavior-android-application-system-apps-nonsystem-apps/
As for updating your app through the play store, I am assuming you should be able to do that without any problems, if the app is on the play store, and you use the same signature every time. It need not be the manufacturer's certificate, but it's better to use that certificate to sign your app.
So, the only thing that you need to ensure is that, while building the ROM, the manufacturer puts your apk into the system folder, and it should work.
Use mkkey.sh http://www.kandroid.org/online-pdk/guide/release_keys.html script to create new certificates, including x509 certificates. you wont need these steps as manufacturer is giving you the keys.
In AndroidManifest.xml of your application : under the element add the attribute android:sharedUserId=”android.uid.system”
Export an unsigned version of your Android application using eclipse.
Project >> Android Tools >> Export Unsigned Application Package
Use /out/host//framework/signapk.jar to sign your app using platform.x509.pem and platform.pk8 in /build/target/product/security/ generated earlier
java –jar signapk.jar platform.x509.pem platform.pk8 your_app_unsigned.apk your_app_signed.apk
Answer to some of your other questions are already given by Kumar Bibek. These are the steps I followed when I had to do the same. This was in done in Android ICS. The steps might have changed but still worth a try.
Since Android O (Oreo), you need to sign the system apps with dev keys, unlike in the past versions you can just copy them to a system folder which has varied in the past.
Is it possible to block installing apps from apk file directly. How can do this using code, not by using some setting on the phone.
I just need to block installation of apps outside of the play store. That is stop the user from copying a apk file to the phone and install it. But still allow them to install apps through the Play Store.
This isn't possible on AOSP Android.
The Install from unknown sources option is a setting in Settings.Global (previously in Settings.Secure) and cannot be controlled by third party applications.
However, it is possible do achieve this if you're willing to modify and compile Android itself for each and every device you want to use this on, as is done by AT&T on some of their devices.
You can't. This is a system setting you can't handle, because it's a security setting. This won't be editable by any application. Just think about what if, when any application could do: Then the application could download a bad .apk and install it without any warning.
try using code to copy file into directry /data/app/ .
but device is rooted and some app work not correctly