I was wondering if it's even possible. Let's say I separated my app into "Library loader" and "Library" where library piece can be downloaded by "Library loader" from my server.
This way I don't need to rely on users to install updates to my app.
I understand it's probably not possible, but stillw wonder what you all know :)
This is internal business app and updates always pain. I do throw notifications to user, etc and there is still problem forcing user to upgrade.
Yes, I believe this is possible. Swype / the Swype Installer work this way. You might investigate it.
From what I remember:
You install the Swype Installer from an APK, then run it.
The installer downloads the Swype APK, and chaperones you through the system dialogs to install and enable Swype.
When Swype decides your beta key has expired, or whatever, it disables itself and then you use the installer to update.
This isn't dynamic linking at all though but it is a system to support forced updates.
Update:
Blog post from Google talks about dynamic class loading here:
http://android-developers.blogspot.com/2011/07/custom-class-loading-in-dalvik.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+blogspot%2FhsDu+%28Android+Developers+Blog%29
Possibly, and if you have root access, certainly, although what I'm thinking of would require the NDK. When you load data with the NDK, it is done dynamically. So if you replace that library, it would obviously update the functionality.
However, I do see many possible issues with this. The largest of which is I'm not sure if you have write access to where your library is stored (once the app is installed anyway). But I'm not sure of this. The folder is /data/data/(package name)/lib. I do know you have some limited access to the parent of that folder though (as that's where your database is stored).
Related
The device my Android app is running does not have Playstore on it. The plan is to pre-install the software when shipping the device. I am now looking for a strategy to upgrade the application.
I found this useful link to install an Android app from the apk file:
Android: install .apk programmatically
I am thinking I will use this logic to auto-upgrade my app. I am wondering if it is even possible. I am thinking the upgrade will first try to uninstall existing version but will fail as the executable is still running and the file may be locked. Is there a better way? Regards.
Peter, we've just implemented the same thing.
Users have the software pre-installed on their device and we host update APK's on the companies servers.
From the app they can then check for updates where we have a WCF service which extracts the APK file (essentially a .zip) and returns the manifest details. From there we have the version of the APK and can compare it against the local version.
If the user decides to upgrade they can download the APK and you can automatically launch it. At which point the user will be told the application is going to be updated. There are no file locks etc, the app will just close and restart using the new version.
Note: Downgrading is not "automatic". The user would have to first uninstall the app. For upgrades, however, it's a simple case of downloading and launching the APK version (the user will be told they need to allow installations from unknown sources if this is not checked).
You have a couple of options, depending upon your target system.
Use the link you posted. This will provide the user with a traditional install dialog, whereby the user can choose to install or not. You should avoid doing that automatically, as APKs can be large and you might irritate the user if they don't want updates.
You can install updates magically, but you will require the firmware signing key (or possibly root, but I haven't tested that). That will not ask for consent from the user. You will need to add additional code using reflection to access the installation methods of Android. If you go this way, you should build an opt-out/in mechanism.
If your app is open-source, F-Droid would solve the problem for you.
F-Droid is an installable catalogue of FOSS (Free and Open Source
Software) applications for the Android platform. The client makes it
easy to browse, install, and keep track of updates on your device.
Mainly, it updates your app when necessary. (Or just have a look at its source code for inspiration on how to do it).
Yes but as far as I remember only if you had Root privileges in order to have access to the INSTALL_PACKAGES permission.
I port my android apps for making bb10 builds . Since now from bb10.2.1 update blackberry has introduced a new concept wherein apk's can be directly installed and can be installed in BB10 devices if the manage apps in settings menu of the phone is made ON. My question is that I wanna restrict my users from doing so and not installing the apk's into bb10 . And take download my app only from appworld.
Has anyone faced and has fixed this issue kindly tell me on how to solve the same.
Based on the Android behaviour, I don't think you can restrict users from doing so.
I haven't tried it on BlackBerry but from what you say, that option sounds analogue to the Unknown sources setting under Security settings on Android. If the user enables the installation of applications from unknown sources on their phone, there is now way to prevent the direct install of the apk (by adding something to your apk or any other way).
There is no way to restrict it to BlackBerry World only. If they get the APK, they can load it directly this way. There may be other ways around it though.
If, for example, your app is for sale and people are side loading a pirated copy, you could change your app to be free, and put some advanced functionality in your app behind an in-app purchase. That way they'll be forced to go through the storefront at some point to pay. This takes bigger changes to your app though, and the IAP implementation is likely different between BBW and GPlay.
You could also put in a version check: when your app launches, it checks a special file on your web server to see what the latest version of the app is. If they don't have the latest version, it doesn't let them use the app until they upgrade. This won't prevent side loading or piracy outright, but you can put out updates often enough to make side loading very annoying. When they are roadblocked and told to get the new version, you can link directly to the storefront to encourage them to get the latest version there.
Thirdly, and lastly, if you port your app to a BlackBerry 10 native, cascades, or WebWorks app, the app file is fully protected and can't be pirated or extracted from BlackBerry World (since the platform is secure). That will 100% protect you from piracy on BlackBerry 10.
I hope this helps!
I'm building an MDM application for Android devices and I want to be able to silently update the MDM app in order to patch security holes, add new features, etc. I know it is possible to achieve this by accessing the Android Package Manager Installer but from what I can tell this requires the application to be signed with the same signature from a specific OEM.
Is it possible to do a silent update for an MDM application without rooting the device?
You cannot, and this is viewed as a Good Thing from the point of view of the user, because the code that I install cannot be changed by anybody except software signed by a trusted key (such as Google's Play), or with manual approval.
I can think of two workarounds:
Check if there's an update, download it, then refuse to do anything until the user updates the app.
Dynamically load most of your app's functionality at runtime from a JAR that your app downloads. You could silently update this at will.
Heck, you could even combine the two options, so that if the wrapper needs updating, it will bother the user. The second method will make the nags very infrequent.
You should probably let the user know that this is happening, at least in an initial info-screen. I know I would uninstall any app that tried to go behind my back in this manner, if I found out about it.
I'm experimenting with Android and I want to know if the following is possible: can I modify/patch an installed APP using another APP?
I know it's possible with root access, but I was wondering about non-rooted phones.
The only solution that comes to mind is the following:
-Create copy of original APK from data/app/ folder
-Patch/rebuild it
-Launch installation of the patched APK
The user would need to confirm the installation, but in theory it would work right? Any other tecniques that I haven't thought of?
In case you're wondering, I'm interested in injecting different strings and other resources into existing apps to provide translations or other modifications (ex: cheats in games), without changing the source of original apps.
You are right, you can do this on a device. Smali/Baksmali can be used on Android, also the apktool should be callable (I have only tried smali).
A year ago or so I have tried to use smali on a device and autopatch the source output. There was some information on the net (which I'm currently unable to find, sorry) but it was very limited, at least someone showed how to use smali/baksmali correctly. I have abandoned this approach because I'm not that good at java and the resources on a phone are rather limited.
Another approach I thought of was to offload the actual work to a server somewhere in the net. But this has its very own problem as you need to transfer the files, you may need the framework.apks, and so on.
This is interesting but hard stuff, you need to decode/parse/patch/rebuild apks and this has to be reliable. When you fail, the worst thing is that the users phone is broken (I wanted to modify critical system apks, bad idea ;)).
Better if the reinstall is seamless and for that you need: INSTALL_PACKAGES permission.
Now, INSTALL_PACKAGES android:protectionLevel is "signatureOrSystem" which means the app needs to be signed with the same certificate that was used to sign the system image.
Now to sign one's app with the same certificate as the one used to sign the system image might seem like a difficult if not impossible task since vendors may not be to willing to let other's use their certificate. Then again, some might want your app included in their system image. In any case it doesn't matter per sey since it's Android and Android has a ROM market.
Android ROMS are more and more synonymous with the general 'workings' or 'features' of Android. It is something that Android users come to expect. There are ROM manager apps available on the Android market that will list and install ROMs etc..
So in essense for an app to gain the INSTALL_PACKAGES permission one can make their own ROM, OR, work with the people who make ROMS and either have the app included with the ROM or use the certificate used to sign the ROM's system image to sign the app.
Again it is entirely possible that a vendor include the app in their "firmware" (system image). You would have to approach them.
:)
if both are your app use .content provider to share data between apps.and if other app is from another developer then you simply can't modify the app.
For the next version of our application, I want to change the sharedUserId since we now use an internal control dashboard app which must write to the other app's settings files.
But since the app is already installed on many phones, will this be a problem? I ran a little test on the emulator, and I'm seeing exceptions in the device logs that *.bak versions of the preference files cannot be written. Not sure how critical that is. Curiously, safing settings still seems to work, even though the shared_prefs folder had been created using another Linux user ID.
Did anyone try this before?
And to answer my own question again:
No, it's not safe. Since updating an app via Android Market will not remove the database and preference files, the new version will not be able to read or write these files (since they were created under a different Linux user ID), and the app will crash after the update. You would have to ask your users to completely uninstall and reinstall the app, which is certainly not recommended.
As a general rule I conclude from this:
Whenever you start out developing a new app, make sure to set a manual android:process and android:sharedUserId attribute! It doesn't hurt in case you don't need it, but it gives you full control over which apps have access to this app's private resources.
No solution as of now, but starring at registered issues might get Google to fix this:
http://code.google.com/p/android/issues/detail?id=1227
http://code.google.com/p/android/issues/detail?id=14074