I'm wondering whether the official google Android Marketplace application has access to some restricted functionality in the OS, or if it just uses the standard APIs available. Anyone up to date on this matter?
Update
Would it be possible to get an application signed by the manufacturer so that you can access these functionalities, or does google have to do this?
Market does a few things that third party applications can't do -- most notable is being able to install apps without going through the permission screen (allowing it to verify permissions before downloading the app).
This is not a matter of signing -- Market is signed with Google's cert, not with a device's cert. The special things it does are features available to apps that are bundled as part of the system image. If Market were made available as a third party app, it would not be able to do these things. Likewise a third party app that is included by a manufacturer in their system image will have access to some additional functionality by virtue of being there.
Historically Market has also used a number of private APIs, which it could live with because it is always bundled with the device, so if one of those APIs changes the manufacturer will just need to make sure that they fix that to be able to run Market. Over time we have been cleaning that up to have it use many fewer private APIs.
The Android Market is part of the signed firmware of the device, and it is not an SDK application. Hence, it "has access to some restricted functionality in the OS". So, for example, while an SDK application can request to install an app, it can't uninstall an app.
Related
I was looking for an answer whether Google allows to install externall C++ applications together with Android Apps on Google Play. I found some information on this site: Developer Policy Center - Malicious Behavior.
They say, that the following sentence is explicitly prohibited:
Apps that install other apps on a device without the user's prior consent.
Now my question is, what exactly does mean other apps? It is about other apps in Google play or any apps like my external C++ program that I want to execute in Android app? Does I have to inform users that some C++ app will be installed in the device?
first i you want to execute an c/c++ application in android , the only right and best way is to convert that app to a static or shared library using android NDK and after that you can use it by Java Native Interface (JNI).
second , "other apps" in the sentence that you mentioned in your question , some application can install some applications in system without user permission. for example in a rooted device we can simply install application without showing any windows or getting permission. in android old release because of some security issue in non-root device we was able to install an application without asking permission.
see this link for more information :
https://paulononaka.wordpress.com/2011/07/02/how-to-install-a-application-in-background-on-android/
Update
google wont allow developers to do that because android system cannot track this executive and it could be virus or dangerous tool that may harm android system
Several years ago, Android allowed you to set a permission that lets you install apps from a third party location other than Google's own app store Google Play. Eventually they deprecated that permission and only allowed hardware manufacturers to set that permission. I haven't checked since then whether that is still the case.
What I am wondering though is how I would handle a situation where a company wants to install an APK file on to their own devices but not host the APK file in Google Play. How would they provision this?
Android does allow users to install APK files on to their devices that don't come from Google Play, although that feature has to be enabled. Can that feature be enabled programmatically?
The solution that I can think of to installing company apps is to upload an installer app to Google Play that has been developed specifically by the company and used only for the company, even if it's available to everyone in Google Play. Employees would install this app as they do any app from Google Play. When this installer runs, it would prompt for a username/password. Upon authentication, the app would retrieve the company's apps from its own server and install them.
Is this the solution enterprises are currently using or is there something built into Jelly Bean / KitKat / Lollipop that provides provisioning?
EDIT:
Google states on their Android site:
The application is installed on users' devices. Android does not
currently have an automated provisioning solution. Some of the ways a
sysadmin might distribute the application to users are as follows:
Google Play. Enabling installation from another store. Distributing
the application through other means, such as email or websites.
http://developer.android.com/guide/topics/admin/device-admin.html
Aside from those suggestions, they don't offer anything else. Those solutions wouldn't be acceptable in many organizations.
The solution that I can think of to installing company apps is to upload an installer app to Google Play that has been developed specifically by the company and used only for the company, even if it's available to everyone in Google Play.
I'm pretty certain that only the Play Store app has the authority/permissions to programmatically install apps. Those permissions are not available externally to third-party apps. It would be a lot easier to use one of the following options and simply let the OS handle the installation process.
For enterprise apps, the APK file can be
hosted on a public URL. When downloaded, it installs automatically on the user's phone.
sent as an email attachment. Again, when downloaded, it installs automatically on the user's phone.
In both these cases, the user is asked whether they would like to install an APK that originates from a third-party source.
Also, it is not possible to programmatically change the permission for installing third-party apps. That choice has to be made by the user, and the user is confronted with that choice when they access an APK file in the two ways described above.
There is one more option - using Google Play's private channel:
1. Distribute Android apps in your organization.
2. Use a Private Channel to distribute apps in your organization.
3. Deploy app through Google Play Store in a private channel without Google Apps?.
I'm developing a remote-control application for Android.
I want to be able to lock/unlock the screen.
To do this there are two ways:
Making the app a Device Administrator.
Using PowerManager.goToSleep(), which requires the DEVICE_POWER permission, which is a system permission.
So eclipse tells me "this permission is only granted to system apps".
I really need this and some other system permissions in my app, as it's a remote control app that must be able to control system features.
From the support page:
Uploading System Applications
Most developers will not need to upload system applications and may ignore this section. System applications may come pre-installed on certain devices and may or may not already be published in the Play store.
If you need to upload a system application and encounter an error message when doing so, please contact us. Please be sure to select the Publishing issues and distribution option.
If I'm understanding it right, It's possible to make a system application. how?
I'm developing a remote-control application for Android
Fortunately, this is not possible, except perhaps if you run as root, or you download the Android source code, modify it, and roll it into your own ROM mod.
If I'm understanding it right, It's possible to make a system application. how?
Build your own ROM mod. Sign the app with the same signing key as is used to sign your ROM mod. Put your app in your ROM mod. Install your ROM mod on your device.
This, of course, will limit your app's distribution to those devices running your ROM mod.
A lot of “system” permissions are really SIGNATURE_OR_SYSTEM permissions. For those, you need to do one of the following:
After building the APK, install it as a system app.
Sign the app with the same key as the Android distribution on your device.
For the first option, you would need to be root on your device. Regular APKs reside in /data/app, while system APKs need to be placed in a different folder (on Android 6 and 7 it’s /system/priv-app, earlier versions may differ). However, this is not very suitable for an app to be distributed to end users, especially if your target audience is not very tech-savvy.
For the second option, you need to build Android from source for your target device. If you sign the app with the same key as your Android build, then users running that build of Android can install it in the usual manner.
I have added the Android Licensing to my Application. to check for the application licensing.
There is also one option like copy protection during uploading the application on Android Market.
So if i have Implemented the Android Licensing to My apps, then should i have to give it to copy protection ?
Is it necessary to give copy protection ?
If i have not given copy protection and have given Android Licensing to My Application, then user can be able to copy it to anoter device. But should it be able to install in to another device ? I have to know about it..
So Please let me know what steps i have to take ?
Should i have to give copy protection on if i have given Licensing or not ?
Thanks in advance.
Taken from here:
Replacement for Copy Protection
Android Market Licensing is a flexible, secure mechanism for controlling access to your applications. It effectively replaces the Copy Protection mechanism offered on Android Market and gives you wider distribution potential for your applications.
A limitation of the legacy Copy Protection mechanism on Android Market is that applications using it can be installed only on compatible devices that provide a secure internal storage environment. For example, a copy-protected application cannot be downloaded from Market to a device that provides root access, and the application cannot be installed to a device's SD card.
With Android Market licensing, you can move to a license-based model in which access is not bound to the characteristics of the host device, but to your publisher account on Android Market and the licensing policy that you define. Your application can be installed and controlled on any compatible device on any storage, including SD card.
Although no license mechanism can completely prevent all unauthorized use, the licensing service lets you control access for most types of normal usage, across all compatible devices, locked or unlocked, that run Android 1.5 or higher version of the platform.
Google's "app filtering" is VERY buggy... and getting worse.
Many of our apps are listed "not available on this device"... even when the OS version is ok... the device is NOT on our "exclude list"... the device has absolutely NO screen-size or screen-resolution limits. Google still claims "not available on this device".
I'm RUNNING the apps... as we speak... right on several of the "forbidden devices". They install and run 100% fine. But they are forever listed as "not for this device" in the store.
Great way to sell apps. Users can't download them on 100 different fully legal devices.
Can somebody explain to me what are the benefits of Android System App over a "normal" app
(besides that fact that a system app cannot be uninstalled)?
Special permissions?
There is some confusion here.
First, if you are talking about "system app" as just being one with FLAG_SYSTEM set, all this means is that the app is located on the /system partition, which is the read-only partition that is basically the firmware of the device. (It can only be modified as part of an OTA firmware update.) These apps can't be removed simply because they are on a partition that can't be modified.
The only thing special about a system application beyond this is that there are a handful of signature permissions that can also be granted to any app on the system image. For example there is a permission to directly talk with the package manager to install an app (without going through the system UI) that such an app can have; this is useful for any app store / market pre-loaded on a device.
Being signed with the platform certificate is an orthogonal concept -- such an app can be either on the system image or installed as a third party app (though obviously in almost all cases these come pre-installed). Such apps have access to a whole suite of low-level permissions for interacting with the platform. Very few apps are signed with this certificate; it is only for core platform applications. Unless you are working with a hardware vendor on a device, you won't have access to this.
All of the platform's certificates (whether they be available to all apps, require an app be signed with the platform cert, or are available to apps installed on the system partition) are declared by the platforms manifest, just like any other app:
https://android.googlesource.com/platform/frameworks/base/+/master/core/res/AndroidManifest.xml
There are permissions that can only be obtained by systems apps. For example the permission brick can be requested by every app but it is only granted to apps that are signed as system apps. There are some other features that make more sense I think directly installing and removing apps would be a system only permission too.
From your explanation I guess you mean the the pre-installed applications (like the Browser or the Messages app). You can take a look in these apps at https://android.googlesource.com. (search for platform/packages/apps/...).
You will find that these application are no difference to your own custom developed Apps, except you can't remove them. They cannot be removed as they provide the basic functionality to operate your phone / device. So, same security constraints apply there.