The problem is this:
I make an internet connection to some url
and receive an HttpResponse with an app_example.apk.
Then I want to create a file (an .apk) in the sdcard with this data
so that this downloaded application can be installed later.
How can I convert the HttpResponse to an .apk file?
Be aware of that you need the WRITE_EXTERNAL_STORAGE permission in your application, but you can just write to the sdcard then. Every content, every filename you wish. Installing is, however, another thing.
If you are trying to install another application (like an add-on or additional data), you should publish the add-on on the market, and use intents to ask the market to take over the download and install process of the additional data.
Installing to the SD card can't be done via the API's, as far as I am aware, you can only install applications to the device's internal memory. Downloading additional data should either be done via the market as an APK, or just download a zip with your App and install the additional data to the SD card that way.
You will need the WRITE_EXTERNAL_STORAGE permission like moritz suggests if you are writing to the SD card in any way.
Related
I'm working on an internal app for ~500 users, so I don't want to publish it in the Play Store.
I've built an auto-update mechanism where I check for updates by calling my server and initiate the download using DownloadManager and then a BroadcastReceiver.
The storage directory where I download the new version of the App is important to me as I don't want to ask my users for WRITE_EXTERNAL_STORAGE permission.
I've investigated getFilesDir(), getExternalFilesDir() and getExternalPublicDir() but I'm confused what are the pros and cons of each when compared to other, and will there be any blocker that I may face if I choose a particular destination? Any help regarding that will be very much appreciated.
It is better to use getFilesDir() and store the code in your app's private area which is not accessible by other apps, to avoid security risks. The other two options return a directory that is accessible by other apps. You do not need WRITE_EXTERNAL_STORAGE permission to write files in the directory returned by getFilesDir().
From an Android app, I like to install an apk file from a web server. This apk file contains an update for the app.
All tutorials do this in two steps:
1 Download the file and save it to the phone's sd card memory.
2 Create a new Intent(Intent.ACTION_VIEW) and run the method setDataAndType(Uri.fromFile(new File(".... of this intent.
However, since Android Nougat, you get into trouble with permission to access the SD card memory. There are (complicated) solutions for this problem.
My question: is there a way to create an Intent, which gets a web URL as source for the apk file. Something like intent.setDataAndType(new URL("http://....")
This is easy for the programmer and it provides as clear interface from the program to the Android system
is there a way to create an Intent, which gets a web URL as source for the apk file. Something like intent.setDataAndType(new URL("http://....")
Not as part of standard Android. The app installer knows about the file scheme, and on Android 7.0+ it knows about the content scheme. It does not know about the http scheme.
All tutorials do this in two steps... Download the file and save it to the phone's sd card memory.
Few tutorials do that. Most download the file to external storage, which is not the same as removable storage. On Android 7.0+, you also have the option of downloading to internal storage and using FileProvider (or the equivalent) to make it available via a content Uri.
For my app I want to send the user a text file of data on an e-mail which they save in the download folder on their Android device.
The app will then pull the data from that file and use it in the app. In the desktop version URLLoader works fine with the file copied into the app source directory, but that method does not work on an Android device.
Storage permission is set.
I have tried using the Filestream method and manually copying the file into the app directory on the device, but that does not seem to work.
Ideally I want to be able to set path for the file to the device's download folder so that the user experience is as simple as it can be.
And before you ask, usage will be on wifi only tablets with questionable wifi access - sending e-mails with the file upfront is the only reliable way to handle this.
Thanks for any suggestions.
Adam
In mobile devices the File.applicationDirectory , is a read only folder, try to use File.applicationStorageDirectory
https://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/filesystem/File.html#applicationDirectory
https://help.adobe.com/en_US/as3/dev/WS5b3ccc516d4fbf351e63e3d118666ade46-7fe4.html
I was wondering, when we download an app which is very cool but before you install it ask to give permission for almost everything you have on the phone. Even that app can make call without your permission to your contacts. Given this scenario, how do we say an unrooted device where app data is secured from other app access? if I have an app which stores data on the device memory then would that be accessed by one of those app which takes all permission before installed?
Thanks in advance for your response.
Apps are still sandboxed, they can't access each others internal storage even with requested permissions.
I'm not sure this is the correct forum for your question though as it's not related to developing. This isn't the right site for IT support.
Edit
As mentioned in the comments - anything put somewhere insecure location such as the SD card would be readable, but the default file storage is a bit more secure.
From the android docs (http://developer.android.com/training/basics/data-storage/files.html)
Note: Your app's internal storage directory is specified by your app's
package name in a special location of the Android file system.
Technically, another app can read your internal files if you set the
file mode to be readable. However, the other app would also need to
know your app package name and file names. Other apps cannot browse your internal directories and do not have read or write access unless you explicitly set the files to be readable or writable.
From my android app, I'm downloading an apk from the web, storing it in application's private storage (openFileOutput(FILENAME, Context.MODE_PRIVATE))
and trying to call the android package installer for this downloaded apk by,
intent.setDataAndType(Uri.fromFile(f), "application/vnd.android.package-archive");
startActivity(intent);
but I'm getting an error which says
Unable to open zip: /data/data/com.test/files/abc.apk : Permission denied
in the LogCat
and,
Parse Error: There is a problem parsing the package
on the phone screen.
Is it happening because the apk file is in application's private storage so the Android package installer can't access it? If yes, is it somehow possible to still get the apk installed (with user's permission of course.) or Am I doing something wrong?
PS: Please don't assume the phone to be rooted.
In addition to Mark Allisons comment, my GUESS is that since you have the file saved to private storage with mode_private, only your application has read/write permission. But you are trying to have the package installer read it which means that the file must be accessed by an External application and therefore should either be MODE_WORLD_READABLE or MODE_WORLD_WRITEABLE.
Or you could save it to external storage where it is world readable by default.
Ok, for now I've figured out a workaround (and which helped me confirming the exact problem also- the problem was that installer couldn't access the apk file). Now, I'm using MODE_WORLD_READABLE instead of MODE_PRIVATE while saving the file in internal storage, and the android installer is able to access the apk and can install it without any error.
Actually, for me the main purpose of using internal storage was that users shouldn't be able to copy the apk file directly (assuming a simple threat model in which a user doesn't have rooted phone, but can browse through the SD card to find the apk and copy it). Though I'm still not sure whether the file is visible to a user now or not? I mean I'm (almost) fine if the downloaded apk can be accessed from an app in the phone, but can't be copied directly by the user.
Would be helpful if someone knowing the exact scope of MODE_WORLD_READABLE could elaborate on the same, specifically whether a file saved in this mode can be browsed in the (unrooted) phone. Also, is it possible to have a better strategy to safeguard the apk while still allowing the installer to access it?
MODE_WORLD_READABLE does say that it can be accessed by whole "world on the phone" so other apps can get it including file explorers. Some programs like es-file manager let you see contents on device private storage even if you are not rooted but don't let you change those files. Why don't you just delete apk file immediately after installation ? Also since you are downloading apk file in your application I am guessing you don't want to use play store but if that is not an issue see Licensing options for your app on: http://developer.android.com/google/play/licensing/overview.html since there is probably use case that covers your requirements.