I'm getting more and more requests about being able to use an App to SD feature that must be part of Android 2.2, but I really have no experience with it. I also don't know where to find any documentation regarding how to make my apps compatible with this feature. People have told me my apps cannot be moved to the SD card.
My mind is also telling me that this is a really bad idea for paid apps that don't have license protection of any kind.
Has anyone had any experience with this, know of any documentation, or have any tips regarding what would stop an app from being compatible with this feature?
Note: I do not use copy protection on my apps.
You can allow your app to be installed to the SD card using the android:installLocation manifest attribute. This can be set to preferExternal or auto, depending on whether you would like to recommend that it be installed on the SD card, or simply allow it. By default, applications cannot be installed to the SD card for backwards-compatibility reasons, so you must opt-in to this feature if you want your users to be able to use it.
From the documentation:
When your application is installed on the external storage:
There is no effect on the application performance so long as the external storage is mounted on the device.
The .apk file is saved on the external storage, but all private user data, databases, optimized .dex files, and extracted native code are saved on the internal device memory.
The unique container in which your application is stored is encrypted with a randomly generated key that can be decrypted only by the device that originally installed it. Thus, an application installed on an SD card works for only one device.
The user can move your application to the internal storage through the system settings.
Thus, you shouldn't worry about license protection too much; there is encryption built into the feature. You also generally shouldn't worry about license protection because any form of copy protection or DRM tends to be more harmful to honest users than to pirates. As long as someone is able to use your app, someone will be able to pirate it; it is well nigh impossible to create an unbreakable DRM scheme. If your app is already in internal storage, it's likely already pirated. Most users are honest, however, and will buy the app from the Market, so you won't really gain much from stopping piracy (most people who download pirated apps are those who don't have access to paid apps in the Market; it's still not available in many countries).
Anyhow, the upshot is that this should be about as secure as your app already is, and just allows users more flexibility in where to store their app. It's not enabled by default in case of bugs that cause applications that aren't expecting it to break, but it should be perfectly safe to enable.
Here you go.
And documented here.
The Android platform now allows
applications to request installation
onto the device's external storage
media (such as the SD card), as an
alternative to installation onto the
device's internal memory.
Application developers can express the
preferred installation location for
their applications by means of a new
attribute of in the
manifest file,
android:installLocation. The attribute
supports three values: "internalOnly",
"preferExternal", and"auto". At
install time, the system checks the
value of android:installLocation and
installs the application .apk
according to the preferred location,
if possible. If the application has
requested external installation, the
system installs it into a private,
encrypted partition in the external
media. Once an application .apk is
installed externally, the system lets
the user change the storage location
of the .apk and move it onto the
device's internal memory if needed
(and vice versa), through Manage
Applications in the user settings.
By default, the system installs all
applications onto the device's
internal memory, except for those that
explicitly request external
installation. This means that the
system will always install legacy
applications onto internal memory,
since they do not have access to
theandroid:installLocation attribute.
However, it is possible to configure
and compile a legacy application such
that it is installed internally on
older versions of the platform and
externally on Android 2.2 and later
platforms, if necessary.
Note that requesting installation onto
the device's external media is not
suitable for all applications,
particularly because the external
media may be removable and
unmounting/remounting may disrupt the
user experience and system settings.
For more information about setting a
preferred install location for your
application, including a discussion of
what types of applications should and
should not request external
installation, please read the App
Install Location document.Install Location document.
Related
Is it possible to read/write/delete the data present in files or folders created by other applications? I am 99% sure that Android OS does not give such permission but to be 100% sure, I want to know this. The whole context is that if I download an Android app from an external source, what kind of security threats I may have?
Is it possible to read/write/delete the data present in files or folders created by other applications?
That depends on where the "files or folders created by other applications" reside.
Files written by an app to its portion of internal storage are not accessible by third-party apps in general. Users who root their devices can arrange to access those files.
Files written by an app to external storage are accessible by other apps and by the user, though the apps will need READ_EXTERNAL_STORAGE or WRITE_EXTERNAL_STORAGE permissions.
Files written by an app to its portion of removable storage, on Android 4.4+, are not accessible by third-party apps in general. Users will have access to these files, if not through Android apps, then by moving the media to some other hardware (e.g., notebook PC).
Files written by an app to removable media prior to Android 4.4 -- through undocumented and unsupported means -- are accessible by other apps, in addition to being accessible by the user.
background
Starting with version 4.2 , Android supports multi-user (link here and here).
Each user has its apps and their private data is visible just for the user.
The question
How does the encapsulation of the data per user work in terms of paths and accessing files?
I mean, what will be the paths per each user for:
the private, internal storage.
the emulated external storage (built in external storage)
the "real" external storage (sd cards)
?
I guess users can see the data stored on the sd cards that belong to other users, but what about the emulated external storage? And can they also write other users' files or just read them?
Does each user get its own special path automatically? or should the developer handle this?
If the developer needs to handle it, what should be used as the ID of the user?
The documentation says:
No matter which of these APIs you use to save data for a given user,
the data will not be accessible while running as a different user.
But that's all assuming you use the APIs for your own path. Could apps somehow bypass this by going to other paths?
What can an app query about each installation of itself on the same device? Can they get the size of apps of other users? Can they even get the list of apps of other users?
Does multiple installation of the same app also take multiple size?
what will be the paths per each user
If you care, you're doing it wrong. Use the Android SDK APIs for determining base directories, and work from there. So, for example:
getFilesDir() will return the right location for internal storage for the current user
getExternalFilesDir() and the methods on Environment will return the right locations for external storage for the current user
I guess users can see the data stored on the sd cards that belong to other users
That is outside the bounds of the Android SDK, generally.
but what about the emulated external storage?
Each user gets their own space.
And can they also write other users' files or just read them?
Neither, barring bugs in the device.
Does each user get its own special path automatically?
Yes, if you are using the Android SDK APIs for determining base directories.
Could apps somehow bypass this by going to other paths?
No, because they will have neither read nor write access, barring bugs.
What can an app query about each installation of itself on the same device?
AFAIK, nothing. From the app's standpoint, the fact that there are several installations on one device is indistinguishable from being installed on several devices.
Can they get the size of apps of other users?
I do not know what you mean by "size of apps", sorry.
Can they even get the list of apps of other users?
That's a fine question. I have not experimented with PackageManager to see what it exposes when used by apps run by secondary users. In theory, it should only report things that are available to the current user, particularly given Android's restricted profiles.
Does multiple installation of the same app also take multiple size?
The APK and the pieces of it that are unpacked (e.g., DEX files) are shared, as I understand it.
I am making a small database of ttyUSB devices plugged in on an android device. To that extent, I made android ueventd write into a file to save some information like: vid, pid, serial and device path (e.g. /dev/ttyUSB0). I would like this file to be accessible by any android apps.
Is there a directory in android FS accessible/readable by any app? Preferrably one that does not need special permissions. In which I could put my file?
Is there a security risk in making a usb device's serial number accessible this way to android apps?
I would like this file to be accessible by any android apps.
Why? Do you think the user wants this data "to be accessible by any android apps"? What does the user gain by your disclosing this data?
Is there a directory in android FS accessible/readable by any app? Preferrably one that does not need special permissions. In which I could put my file?
External storage is accessible by all apps, but it will require a permission to read from in future versions of Android. There is no other place accessible by all apps.
Is there a security risk in making a usb device's serial number accessible this way to android apps?
Possibly. There may be a privacy risk.
Please keep the file protected, and create a ContentProvider that you secure via a permission. That way, when users install apps that wish to access your data, the user gets to decide if that can happen or not.
Also, bear in mind that the ueventd stuff that you are doing is beyond the scope of the Android SDK. If you are doing this in some ROM mod that you are creating, fine. If you are trying to play games with ueventd on arbitrary hardware, bear in mind that ueventd behavior may vary by device.
My code logic needs an SD card installed in the device. I have added a check for this case in the application's splash screen, but would like to inform users before they download/install this app. Is there a way to achieve this ?
Thanks !
There is no way to do this before the app installs, as the only way to limit such things is by using the <uses-feature> tag. However, that tag has no options for storage requirements. The best warning you can give is to prominently include it in your app description.
On the other hand, every device I've ever heard of an encountered has some form of external storage, be it a SD Card or inbuilt memory mounted as external storage. What you're doing by using the Splash Screen to check for the external storage is the best way to do this, as there is no other option.
There's no way to do that. Your app have to be installed to be able to check user's environment. You could try to to enforce SD card installation of your app, so if there's none Google Play might (not tested) simply not allow app installation at all, but it will not solve your problem as user will still do not know why. Solution is to clearly state in product description that SD card is mandatory. But note, that requiring SD card is risky as many devices does not have any while still offer external storage. My suggestion - just add note about storage requirements and let system deal with it.
I think it is NOT POSSIBLE . You are checking the sdcard on splash screen and prevent user for next process is the right solution or Use android:installLocation for install android application on sdcard.
Beginning with API Level 8, you can allow your application to be
installed on the external storage (for example, the device's SD card).
This is an optional feature you can declare for your application with
the android:installLocation manifest attribute.
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
android:installLocation="preferExternal"
... >
If you declare "preferExternal", you request that your application be
installed on the external storage, but the system does not guarantee
that your application will be installed on the external storage. If
the external storage is full, the system will install it on the
internal storage. The user can also move your application between the
two locations.
When your application is installed on the external storage:
There is no effect on the application performance so long as the
external storage is mounted on the device.
The .apk file is saved on the external storage, but all private user
data, databases, optimized .dex files, and extracted native code are
saved on the internal device memory.
The unique container in which your application is stored is encrypted
with a randomly generated key that can be decrypted only by the
device that originally installed it. Thus, an application installed
on an SD card works for only one device.
The user can move your application to the internal storage through
the system settings.
Look Here for more details .
MY app on Android has a new major module added to it which changes the app size from ~10Mb to ~100Mb. The plan is to implement "Application Licensing" and allow app to a) be installed on SD card, b) download heavy bits (video) from inside the app when needed after installation. My question is: what will happen to previous users? On their devices the app is installed in internal memory from the start due to Copy Protection. Will an update automatically move the app to SD?
If you are downloading the bits after installation, you can allow the user to continue to choose where to put the application (I assume it remains 10MB for the base application?), and any additional content is downloaded to the SD card by you in-app. As long as you hold a reference to the location of the video, so as you know whether it exists or not (by doing a check of the file system at the expected location), you can determine whether it needs downloading or not.
Might also be worth, for complete understanding, to have a look at the features that the Play Store offers for large applications - you can set applications to require additional downloads hosted by Google Play, with the user being informed of the total application size.
Of course, if you are going to increase the size of the main application and have it left on the internal memory, some users may have problems with the new file size. They will be informed that it couldn't be installed when it updates, and will have to move it to SD card.