I'm implementing a demo on silently uninstall an app from device.
In adb shell, I can use pm uninstall packagename to do the task, but when I wrote code, I got some permission denied error.
I've been googling for a while, and found that to get DELETE_PACKAGES permission, I have to sign my app with the same certificate as the system does.
So, can anyone give me some tips on how to do this? Or, is there anyway I can do to make my app running as system service?
You can't do this, unless you are building your own firmware (ROM). If you are, just take the key that signs the ROM and sign your apk with it. If you have a rooted phone, you can also copy the apk in /system/app to get the permission.
Far better than a silent uninstall is somehow bricking the app. There's a few ways that this could be done, but basically keep track of the first day they used it, and make the program not work. Alternatively, it could be set up to work until a certain day, after which it will no longer work. This question answers how to do this.
If your application is not located at "/system/app",permission "DELETE_PACKAGES" would not work.
Compile your app with source code or try "root" ;)
I have experience about how get one application permission to read browser bookmark
Open the AndroidManifest.xml of That application that you want to add permission to it.
2.Somewhere between
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
</manifest>
add this code
<uses-permission android:name="..." />
3.For fill the ... go here
For example the following code will permit to app to get bookmark history
Related
So, I found this answer here by #CommonsWare about allowing an app to install apps silently to the phone like Google Play does. There, it is mentioned that the app should be either signed with the firmware-signing certificate or so, or add the app to System folder. What I need to know is, if I add the app to system\app\ or system\priv-app\, then is it possible to install app silently to an Android device? Or do I need to utilize INSTALL_PACKAGES permission? If so, how?
I'm asking this question because I've only 10 reputations so I cannot comment there.
I found an answer by #inazaruk here, but it's complicated and the provided links are dead.
It's the app doing the installation that needs to be system signed or reside in system/app system/priv-app, for those you do need to hold the correct permission in order to install an app (even if you're system signed), the difference is that you are able to get the necessary permission to do so at all. The fact that you use a permission is not the same as that the user gets a pop-up asking if it's OK.
In order to install a package you can call (ApplicationPackageManager.installPackage):
http://androidxref.com/7.1.1_r6/xref/frameworks/base/core/java/android/app/ApplicationPackageManager.java#1561
public void installPackage(Uri packageURI, PackageInstallObserver observer,
int flags, String installerPackageName) {
Since the ApplicationPackageManager has #hide on it you're going to have to use something like reflection to access it. You get an ApplicationPackageManager when you call "Context.getPackageManager".
I've been trying to implement an application which sends and receives fake sms on my device (Samsung Galaxy S2, Android 4.1.2). I found an example of such application here:
http://blog.dev001.net/post/14085892020/android-generate-incoming-sms-from-within-your
I copy-pasted it and ran on my device. Nothing happened and I found in logs that BROADCAST_SMS permission was system. I made the app system using Titanium Backup, restart my device and ran the app again. And nothing happened again. I got the same exception that my app had no rights to use BROADCAST_SMS permission. Then I read that I should specify android:sharedUserId="android.uid.system" in manifest. When I added it I failed to run my app using Intellij Idea 14:
Failure [INSTALL_FAILED_SHARED_USER_INCOMPATIBLE]
I tried to install generated by Idea app but got exception: Package has no signatures that match those in shared user android.uid.system; ignoring!
So I have several questions:
1. How is it possible to install unsigned app with android:sharedUserId="android.uid.system" in manifest?
2. Will my app be able to use BROADCAST_SMS permission if I make it system using Titanium Backup or other trick?
3. Is there any other way to force the app work on my device?
I have seen applications which imitate sms incoming. But they all write to inbox directly. I need an application which makes other applications believe that new sms is coming.
Thanks in advance
To use shareduserid your app must have the same signature as all other apps using this uid. Installing the app on /system partition or even giving it priv-app status is not sufficient.
And btw the permission is of level "signature" anyway (not signatureOrSystem) so the only way you can be granted the permission is if your app uses the same signature as the android framework. In other words, you have to make a custom platform build and flash your phone with it.
If you install/build Android from AOSP, a test key is used to sign all the apps. You can use this key to sign your app and install it as a system app. This works great for testing; obviously not going to be an option for something you want to distribute.
I am testing my Android app on my own phone. When I first run it on my phone, it asks for permission to user my gmail account. When I reinstall my app, it no longer does that? I would like to make it so that it re-requests permission every time I reinstall the app for testing purposes. If, on the other hand, I change the package name, it re-requests the permission. Does anyone know how to do that? Much help would be appreciated!
Thanks!
Note: By reinstall, I mean both pressing the run button and actually resinstalling the application by first uninstalling via settings.
This is not an actual Android permission, it's actually an account access grant specific to AccountManager. Technically, when you uninstall an app all grants should be cleared, but this appears broken on some devices. If you have a rooted device or are using the emulator, you can find accounts.db (usually in /data/system/users/0/accounts.db on newer versions) and clear the grants and extras tables (that could affect other apps, so handle with care). If you don't, clearing the data for Google Account Manager and Google Play Services could help.
What do you mean by reinstall? Does reinstall simply meaning pressing the "run" button? Or are you actually uninstalling and reinstalling the application. Once the Android OS detects that a permission is needed, it will request it from the user. But after that first time, it won't ask again. If you completely uninstall the application from the device and then reinstall, it should work. I don't know of any other way you can bypass that.
Is it possible to download apps programmatically? I don't mean to launch Google Play to a certain app. Let's say i have 3 apps, all related but have different functionality. Is it possible to create a 4th app which when you download also downloads the other 3 and serves as a hub for them? If so, can someone point me in the right direction?
Yep. I just did this the other day. Your app will need some permissions:
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.INSTALL_PACKAGES"/>
<uses-permission android:name="android.permission.DELETE_PACKAGES"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
Write external storage is because you'll have to download and save your APK file somewhere.
Additionally, you'll need to grab the file somehow. I use Java's HttpUrlConnection object to do the actual downloading (you can probably search for a better explanation of how to download a file in an Android app, but it's pretty straightforward).
Once you have your file downloaded, you just start up the package manager and tell it to install. Unfortunately, the user will be faced with the same dialog as usual for installing an app, and they can choose to decline the installation. To install without user intervention, you would probably need to connect from your app to ADB and call the package manager that way, although I'm not sure what kind of privileges would be involved there. If you don't mind the user seeing an install confirmation dialog, then this code will work:
Intent intent = new Intent(Intent.ACTION_VIEW);
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
intent.setDataAndType(Uri.fromFile(new File("/sdcard/whereever-you-saved-this.apk")), "application/vnd.android.package-archive");
startActivityForResult(intent, 0);
The FLAG_ACTIVITY_NEW_TASK prevents crashes on some phones if the APK you're installing overwrites the app you used to launch the Package Manager.
You can't automatically install apps, this would be pretty risky for users.
You could download a bunch of new APKs, but the user would have to install them by himself by opening the .apks.
You can however also create 1 big app internally, but show it as multiple small apps since you can set multiple Activities as launcher activity. Maybe that's an option for you?
There is also the option for Expansion Files. Perhaps that might fit the bill?
You can do this in this way also:
Download APKs files from server via web-service and after download install these APK files by using INSTALL_PACKAGES permission.
What is the best way to prevent a user from downloading and installing applications which uses some specific permissions like location and sms.
Is it programatically possible to parse the manifest of an application from the market before it get installed and look for the specific permissions and alert the user?
What is the best way to prevent a user from downloading and installing applications which uses some specific permissions like location and sms.
Write your own firmware, where you replace the normal installer mechanism with one that enforces your desired criteria.
Android SDK applications cannot interfere with application installation.
Is it programatically possible to parse the manifest of an application from the market before it get installed and look for the specific permissions and alert the user?
No, sorry.
However, you can listen for ACTION_PACKAGE_ADDED and examine the newly-installed package via PackageManager, and alert the user at that point. Since nothing of the installed package can run immediately upon the install, I would think that there is a decent chance that your alert will appear before the user tries to use the newly-installed app.
In the future this would be probably something you could do trough Device Administration, but right now limiting application installation based on its requested permission is not included.
One option is this snippet that decompress the apk and extracts the AndroidManifest.xml.
By the way the aapt tool for android runs on the Android OS too. You can get this information using this port