I'm sure this is a dumb question but Googling got me nowhere.
Does each device vendor do its own Android build? More to the point, does each device vendor sign its build with its (the vendor's) own system signature key, such that we should not expect any two Android devices (at least, devices from different vendors) to utilize the same system signature key?
Example: I know I'm not the first person to want to run an app with sharedUserId="android.uid.phone" and process="com.android.phone". But this requires my app to have been signed with the system signature key. If, by some miracle, I were able to obtain the system singnature key for my Acer device and sign my app with it, would this restrict my app to run on Acer devices (or perhaps just my particular model), since other vendors' devices would have their own Android builds and their own system signature keys?
More to the point, does each device vendor sign its build with its (the vendor's) own system signature key, such that we should not expect any two Android devices (at least, devices from different vendors) to utilize the same system signature key?
Generally, yes. At least, all the serious vendors do.
If, by some miracle, I were able to obtain the system singnature key for my Acer device and sign my app with it, would this restrict my app to run on Acer devices (or perhaps just my particular model), since other vendors' devices would have their own Android builds and their own system signature keys?
Well, your app probably would run on other devices, but it will not be able to obtain that shared user ID.
Related
I am working with some devices that happen to use Android as the OS. One runs Android L, the other, N. We run a custom NDK app as the launcher. The devices are manufactured for us, and we sell them. The devices drive displays in meeting rooms and allow users to wirelessly share their content. They can also provide digital signage.
I need for administrators to be able to remotely upload an in-house CA certificate that the device will then honor. The problem is that I've been googling and still don't understand what to do with the CA certificate once I get it on device. The install technique cannot require user interaction with the device.
These are not certificates that can be pre-installed. They must be installable dynamically by owners of the devices who have their own in-house certificate authority.
Our app is predominantly C++ NDK. It doesn't run as a system app, but it can run shell commands as root. Of course, we can call Java code.
So, what do I do to make the device use an uploaded CA certificate?
As per Android 8.0 Behavior Changes,
For apps installed on a device running Android 8.0, the value of ANDROID_ID is now scoped per app signing key, as well as per user. The value of ANDROID_ID is unique for each combination of app-signing key, user, and device. As a result, apps with different signing keys running on the same device no longer see the same Android ID (even for the same user).
To test above changes, I made two test APK and found below behavior (tested on Nexus 5X, OS 8.0.0):
In case when targetSdkVersion 26, compileSdkVersion 26, buildToolsVersion 26.0.0, The two different apk (along with different package name) generated from the same windows machine is displaying same ANDROID_ID. When APK is generated with same package name from the different machine, is displaying the different ANDROID_ID.
Below is my query:
Is this correct behaviour ? Why is two different APK showing the same ANDROID_ID?
Any change if my application's ANDROID_ID may get changed (without un-install/ re-install)?
Getting same behaviour on Nexus 5x, OS 6.0.1,
targetSdkVersion 23, compileSdkVersion 23, buildToolsVersion 25.0.0 . I don't see any specific behaviour change in Android O. What I am missing ? Why getting same behaviour ?
As other answers explain why you are getting same id for different apks, they are correct.
Best way to check this behaviour with creating two different certificates and sign your apk using these two certificate.
Summarizing to all your confusion, [From Changes to Device Identifiers in Android O]
The ANDROID_ID value won't change on package uninstall/reinstall, as long as the package name and signing key are the same. Apps can rely on this value to maintain state across reinstalls.
If an app was installed on a device running an earlier version of Android, the Android ID remains the same when the device is updated to Android O, unless the app is uninstalled and reinstalled.
The Android ID value only changes if the device is factory reset or if the signing key rotates between uninstall and reinstall events.
This change is only required for device manufacturers shipping with Google Play services and Advertising ID. Other device manufacturers may provide an alternative resettable ID or continue to provide ANDROID ID.
Its behaving as intended.
As highlighted by you in the question:
As a result, apps with different signing keys running on the same
device no longer see the same Android ID
When you use Android studio to build different APKs the debug signing key is same. As a consequence you would see same Android_ID
But when you use different PC, the debug signing key is different. Hence you see different Android_ID.
I need to develop a android and ios app for a customer and need to quote how long time it takes to lock the apk file to only install in their devices to be manufactured, but not sure how and the time consuming (hence the cost to do so..) to come up with this request.
Wondering what are the steps to proceed with that, how complex is that process and how long time it takes.
Any information is appreciated.
There is only one manufacturer of iOS devices. In all likelihood, it is not your customer.
On the Android side, what you want is not possible — you cannot, on your own, create an APK that can only be installed on devices from one manufacturer. An APK can be installed on any compatible device.
The manufacturer could make changes to their Android build that you could leverage, such as the manufacturer adding some custom feature string (e.g., com.manufacturer.hardware.this.is.so.fake), which your APK requires via a <uses-feature> element. Since other conventional hardware will not have that feature string, your APK will not be able to be installed on that hardware. Custom ROM developers and people who root their devices could add that custom feature string to their own devices, though, and still install your app. But, again, this sort of thing requires the manufacturer to take certain steps (e.g., add this custom feature string).
I recently switched mobile phone operator and I brought my number with me. However, the number stored in the SIM, which is visible to Android, is incorrect (it is the number that was given to me before the switch over).
Somebody wrote a little app a few years ago that allows changing the number on the SIM:
https://github.com/fommil/MyPhoneNumber/blob/master/src/org/lytsing/myphonenumber/MyPhoneNumber.java
I have no idea how the original author ever got it to compile, I've needed to use reflection (as others have discovered).
But there is an additional problem: apparently this must be run by an app signed with the "system signature key": https://stackoverflow.com/a/6029410/1041691
There is IntelliJ documentation for signing Android apps, but I am failing to interpret/translate the (Eclipse) instructions for dealing with this fabled "system" key: https://stackoverflow.com/a/3651653/1041691
How do I run an app on my Nexus 5 with full access? (which is physically connected by USB)
How do I run an app on my Nexus 5 with full access?
You don't, except perhaps by compiling your own version of the Android OS from source, rolling that into a ROM mod, and installing that ROM mod. Then, the signing key will be your own generated one, and you can sign other SDK apps with that key to grant them access to system-level permissions.
You might be able to install some off-the-shelf ROM, if they publish their signing key, and I have no idea if any of them do. I certainly wouldn't.
I'm developing a system app in android. However, I will need system certificates for that purpose. I wanted to know, if I sign my app with AOSP system certificate, will it work on Nexus devices?
I know manufacturers like samsung and HTC have their own system certificates, so I cannot run my system app on their devices. Just want to know, will my app work on Nexus devices?
You won't be able to sign your app to make it a system app on Nexus devices. The key used by Google is private. It would be a big security issue allowing "random developers" to create system apps.
But there are some "androids" using the android debug key as system signature (e.g. most custom roms (newer cm versions won't work because they have other security mechanisms implemented to avoid misuse of system apps) or a lot of "low-budget" china manufacturers)