This is more like general knowledge to understanding Android Market. So, first and foremost, I am sorry I has to ask here. I search for quite a while and still don't understand it. So, here we go.
As far as my knowledge is concerned, packageInstaller does install applications on Android. It does ask for user permission before it carries out installation.
So my question is "Does android market use packageInstaller or it does installation by itself?"
If it does not, there are a few things that I am not clear about.
I am almost certain that permissions are extracted from AndroidManifest.xml file. Before downloading, how does Android Market knows what are permissions required from the app? (My guess is that Android Market Web-end has recorded permissions when apk is uploaded)
Android Market asks user to agree permissions before it downloads apk. If user agrees and downloads, installation is carried out straight away after downloading (i.e. without launching packageInstaller). How is that possible?
As a third party application, can any app does the same job as Android Market?
So, I think I can ask to some your questions.
Package installer is not used for installing applications from Android Market - it does installation by itself.
I do not know precisely but I think for the first question you are
right. Android Market knows about the permission that the app
requires. It also can simply parse the AndroidManifest file of the
application.
This is done with the help of GTalkService. You can read more here
about it.
In general case no. But yes, if your app is signed with the system
signature.
Related
I am curious to know the technology behind automatic installation.
Apps from google playstore get installed automatically.
Moreover, 3rd party app store Aptoide also has this feature of automatic installation where the apk file needs not to be manually installed.
How does this happen?
Is there any certain API function or back end code for this?
Thanks
The play store does download the APK file. It just has a permission that allows it to install apps without asking permission. Any system app can get that permission- INSTALL_PACKAGES.
I want to access the apk file of any app before installation.
In more details: in google play store when the user clicks on Install button I want my application to access the apk file of the application that the user wants to download, and analyze this apk file and be able to whether allow the installation or stop it.
is that possible and if so how to approach this
On Android this functionality was introduced in Android 4.2. It is usually used by anti-malware products like Google Play Protect is known as a "Package Verifier". There is a good blog post on it here.
The short answer is this has to be done as part of the phone manufacturing process as it is so critical to security. So the answer is it can be done, but if you write this code you will need to get a phone manufacturer to include your code as part of a phone system image.
Most third party anti-malware products instead rely on analyzing the APK after the install happens by listening to the package added notification.
Definitely not possible in the way that you want. Android's OS is pretty well locked down. You might be able to do something if the device was rooted but at that point you may as well write your own OS fork. You can attempt to do someting with https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_ADDED broadcast but you will not be able to analyze the apk freely nor will you be able to stop the installation of it.
My question may look strange but I'll try to explain somehow. Let's imagine there is an Android device with software that adjusts some settings based on application package name - it's a real-life scenario. This software may provide better performance for listed applications and there is no way to add my application to that list. What I'm capable of doing is to release my application under one of listed package names (not to Google Play, just provide APK on GitHub so that anyone who wants to use it will install it manually). And there comes my question:
is it legal to use some company's existing package name for my own application? Is it protected legally? My app is free & open source application.
Just to be clear: I'm not doing this to impersonate "real" application with bad intentions. I just want my application to use full range of device capabilities... And download page will state it clearly & visibly :)
In other words: can I release app with package name e.g. com.google.android.talk? I know that it won't override existing app if someone has it installed etc. (it's not my goal to override some application). I'm just talking about such possibility and legality.
This is totally legal, as you can use whatever String you want for your app/package name.
However, just doing this will most probably be not enough to "impersonate" the other app, as this would be a serious security flaw. First of all, there can never be two apps with the same package name installed.
If the app you speak about is created by a "serious" developer, say Google or one of the OEMs, it will check both package and signature of the app and will therefore know your app is not the same as the replaced app.
Also, when the user tries to install your app, a package conflict will happen, followed by the signature conflict. There are two scenarios here:
If the app you are replacing is a standard app, the user will be able to install your app from adb, but only after thay accept to completely wipe the data of the original app. You have probably seen this dialog while developing stuff.
If the app is provided by the OEM and has system permissions, the installation will simply fail, with no possibility to "overwrite" the app. This can be dodged by having the devices rooted, replacing the .apk file in the system directory and restarting the phone.
Please mind that none of the above will work by just uploading the .apk to the phone. This needs to be done from adb. On-phone installer will just fail.
The device my Android app is running does not have Playstore on it. The plan is to pre-install the software when shipping the device. I am now looking for a strategy to upgrade the application.
I found this useful link to install an Android app from the apk file:
Android: install .apk programmatically
I am thinking I will use this logic to auto-upgrade my app. I am wondering if it is even possible. I am thinking the upgrade will first try to uninstall existing version but will fail as the executable is still running and the file may be locked. Is there a better way? Regards.
Peter, we've just implemented the same thing.
Users have the software pre-installed on their device and we host update APK's on the companies servers.
From the app they can then check for updates where we have a WCF service which extracts the APK file (essentially a .zip) and returns the manifest details. From there we have the version of the APK and can compare it against the local version.
If the user decides to upgrade they can download the APK and you can automatically launch it. At which point the user will be told the application is going to be updated. There are no file locks etc, the app will just close and restart using the new version.
Note: Downgrading is not "automatic". The user would have to first uninstall the app. For upgrades, however, it's a simple case of downloading and launching the APK version (the user will be told they need to allow installations from unknown sources if this is not checked).
You have a couple of options, depending upon your target system.
Use the link you posted. This will provide the user with a traditional install dialog, whereby the user can choose to install or not. You should avoid doing that automatically, as APKs can be large and you might irritate the user if they don't want updates.
You can install updates magically, but you will require the firmware signing key (or possibly root, but I haven't tested that). That will not ask for consent from the user. You will need to add additional code using reflection to access the installation methods of Android. If you go this way, you should build an opt-out/in mechanism.
If your app is open-source, F-Droid would solve the problem for you.
F-Droid is an installable catalogue of FOSS (Free and Open Source
Software) applications for the Android platform. The client makes it
easy to browse, install, and keep track of updates on your device.
Mainly, it updates your app when necessary. (Or just have a look at its source code for inspiration on how to do it).
Yes but as far as I remember only if you had Root privileges in order to have access to the INSTALL_PACKAGES permission.
I'm writing an app and would like users to be able to download the apk and install it from my website. However, I would like the app to still be able to update through the market, is this possible?
I don't believe that it is possible.
You are better off to link them to the market from your website rather than hosting the APK file.
market://search?q=pname:your.package.name
That will open the market on the users phone. It is safer and easier than plugging in the phone and installing over USB.
As far as I know and tested, applications installed using .apk files, will be recognized from the android market. Some games though like Angry Birds, do not appear on my list of installed applications and unfortunately I can't find out why.
But for what is worth the following link will help you more.
http://androidforums.com/application-development/65282-can-you-keep-your-paid-app-updating-illegally-installed-apk.html
This is not possible without apps like Titanium Backup. Titanium Backup can link apps to their market counter-parts but you cannot do it without an app like that (which requires Root).
As i know - it's not possible.
Even if you'll use the same package names and signing certificates.