I want to prevent user from uninstalling my application.But my main objective is to ask the password before uninstallation of the applcation.Is it Possible in android.
Not without doing something fairly in depth. First of all, I'm completely against this in general. If it's their device, they should be able to remove your app from their device. That said, there are some corner cases where this might be valid. Manufacturers seem to do this a lot (actually, in my opinion this is one of those cases which is not valid but that's a whole other story). They install apps into the system partition, which the user doesn't have rights to modify. You could do the same if you're actually distributing the device. If you want to just do this for a regular Market app, then no.
No, you cannot prevent user from uninstalling your app.
Related
I'm building an MDM application for Android devices and I want to be able to silently update the MDM app in order to patch security holes, add new features, etc. I know it is possible to achieve this by accessing the Android Package Manager Installer but from what I can tell this requires the application to be signed with the same signature from a specific OEM.
Is it possible to do a silent update for an MDM application without rooting the device?
You cannot, and this is viewed as a Good Thing from the point of view of the user, because the code that I install cannot be changed by anybody except software signed by a trusted key (such as Google's Play), or with manual approval.
I can think of two workarounds:
Check if there's an update, download it, then refuse to do anything until the user updates the app.
Dynamically load most of your app's functionality at runtime from a JAR that your app downloads. You could silently update this at will.
Heck, you could even combine the two options, so that if the wrapper needs updating, it will bother the user. The second method will make the nags very infrequent.
You should probably let the user know that this is happening, at least in an initial info-screen. I know I would uninstall any app that tried to go behind my back in this manner, if I found out about it.
Does anybody has the Idea of making an android app undeletable.I want to install selected apps on the system memory so that anyone having an access to my phone cannot delete those apps even after resetting the phone...
What I earlier saw was that the apps installed on the system memory cannot be changed or modified by ordinary users...I tried resetting my phone but saw some apps preinstalled from the company remained and all the apps that were downloaded from the play store were deleted..
The answer I got from searching the web was that I could make install an Android app to the system memory...does it make the app undeletable even after resetting or formatting the phone?
You can achieve this by making your application by Developing a Device Administration Application, follow this link http://developer.android.com/guide/topics/admin/device-admin.html.
you could only do this if you root your phone and place the apps inside system/apps.
However, if this is about your phone, why don't you use a password protector for apps, so nobody can access the app manager?
Removing a users choice to uninstall your app, goes against everything most programmers strive for. It's probably against the Google T&Cs also. And as already said, other than Malware or some dodgy virus attempt, there would be no practical (ethical) use for such an app, IMO.
i've seen apps like Cerberus which can survive hard reset of phone. I want to add similar functionality in my app that has security features such as anti theft. So my question is: How to create a app that will survive hard reset to preserve some data that might be even used for further purposes, How can i prevent my app from hard reset of device?
I went through the .zip file from one of the app which is used to flash the app to the ROM but it didn't clear my doubts , can anyone clear the idea about how it can be done
Thanks in advance!
You can only do this if you have root permissions by moving the APK to /system/app. SuperSu, etc. offer this as an in-app feature. If you really want reliable 'security features' though, the app(s) should be part of the firmware, anything else is snake oil.
Why not store some data in a file on the SD card? You can simply retrieve this later and phone reset should not affect this. /sdcard is not wiped in a factory reset AFAIK.
See:
http://www.androidcentral.com/android-z-f-factory-reset
https://android.stackexchange.com/questions/33082/does-a-factory-reset-on-a-galaxy-nexus-wipe-the-virtual-sd-card-directory
I'm experimenting with Android and I want to know if the following is possible: can I modify/patch an installed APP using another APP?
I know it's possible with root access, but I was wondering about non-rooted phones.
The only solution that comes to mind is the following:
-Create copy of original APK from data/app/ folder
-Patch/rebuild it
-Launch installation of the patched APK
The user would need to confirm the installation, but in theory it would work right? Any other tecniques that I haven't thought of?
In case you're wondering, I'm interested in injecting different strings and other resources into existing apps to provide translations or other modifications (ex: cheats in games), without changing the source of original apps.
You are right, you can do this on a device. Smali/Baksmali can be used on Android, also the apktool should be callable (I have only tried smali).
A year ago or so I have tried to use smali on a device and autopatch the source output. There was some information on the net (which I'm currently unable to find, sorry) but it was very limited, at least someone showed how to use smali/baksmali correctly. I have abandoned this approach because I'm not that good at java and the resources on a phone are rather limited.
Another approach I thought of was to offload the actual work to a server somewhere in the net. But this has its very own problem as you need to transfer the files, you may need the framework.apks, and so on.
This is interesting but hard stuff, you need to decode/parse/patch/rebuild apks and this has to be reliable. When you fail, the worst thing is that the users phone is broken (I wanted to modify critical system apks, bad idea ;)).
Better if the reinstall is seamless and for that you need: INSTALL_PACKAGES permission.
Now, INSTALL_PACKAGES android:protectionLevel is "signatureOrSystem" which means the app needs to be signed with the same certificate that was used to sign the system image.
Now to sign one's app with the same certificate as the one used to sign the system image might seem like a difficult if not impossible task since vendors may not be to willing to let other's use their certificate. Then again, some might want your app included in their system image. In any case it doesn't matter per sey since it's Android and Android has a ROM market.
Android ROMS are more and more synonymous with the general 'workings' or 'features' of Android. It is something that Android users come to expect. There are ROM manager apps available on the Android market that will list and install ROMs etc..
So in essense for an app to gain the INSTALL_PACKAGES permission one can make their own ROM, OR, work with the people who make ROMS and either have the app included with the ROM or use the certificate used to sign the ROM's system image to sign the app.
Again it is entirely possible that a vendor include the app in their "firmware" (system image). You would have to approach them.
:)
if both are your app use .content provider to share data between apps.and if other app is from another developer then you simply can't modify the app.
Is there any reason to forward lock a free app? If the user copies the app from the phone, is it protected in any way from decompilation, etc?
By "forward lock" I'm assuming you mean "prevent a user from forwarding the app to another person", and by "free" I'm assuming you mean "available for zero money". If that is the case, then yes, there are reasons to do so. First and foremost, this will ensure that the app is only available from a single source and that users don't have to worry about whether the app is genuine or a tampered version. It is not unheard of for someone to take a freely available app, add their own ads or malicious code, and re-distribute the app as if it was the original version. Unsuspecting users end up running adware/malware without knowing it. This also (unfairly) gives the original app a bad reputation. Therefore, many free apps prevent forwarding/copying for the sole reason of ensuring authenticity.
Also, just because an app does not cost anything doesn't mean that there aren't trademarked/copyrighted materials (or other types of protected intellectual property) inside it that aren't legally copy-able. Being able to easily copy or dis-assemble the app could open the creator to legal issues (especially if they licensed some of their content from a third party), so a free app isn't necessarily able to be taken apart. That being said, binary code is always viewable in a hex editor, and anything can be dis-assembled if you have the time and patience...
No, because the implementation that the Android Market offers is multiply broken:
It does not stop piracy, as people with rooted phones can still go in and grab the APKs, as they do all the time (and, AFAIK, it does nothing to stop decompilation)
Using Android Market copy protection has a tendency to keep your app out of the Market on occasion, such as when new devices are being rolled out
If you want copy protection, that's your call, but use something other than the one supplied by the Android Market.
While consumers bypassing the marketplace and copying a free app will obviously not directly affect profits, keeping track of the number of people using your app can be very important in terms of building the reputation both of the app itself and of your company / you as an indie developer.
If your app communicates with a server or central database as part of its natural functionality, then usage tracking can be implemented through that channel. But if not, then download information on the marketplace is the next best way to get a rough estimate of its popularity.
As for security, I'm not aware of any way forward locking directly makes your app more secure, preventing illicit copying could certainly serve to discourage untoward manipulation of the package files.
No, but it isn't particularly protected either way - it's possible to copy all the data off most android phones regardless of what the application developer would prefer, and once you have the bytes you can disassemble to your hearts' content. (Whether any of that is likely to happen to your particular application is an entirely different question).
There are other reasons to lock it - more accurate counting of userbase, etc. - but they're generally not worth the impact to the overall user experience. If your app phones home occasionally to count installed handsets, that's a much better plan than trying to enforce some way to trust the Marketplace count.
There's no way to protect anything from decompilation. Except if there's no platform that can run it.
But you can make it harder, with obfuscation and stuff.
But fo a free app it is probably not worth the effort.