17

Why the same question again

This question has been asked around 100 times on SO. I am asking it again because all the answers say this is not possible but at least one of the app in Market is doing it NQ Mobile Security. I started a bounty of 100 points on the similar question but it did not get enough attention. If community does not accept I will remove the question.

What is the App doing

The app shows an activity when user tries to uninstall it

enter image description here

and does some processing before it is uninstalled

enter image description here

What is my Question

How to start an Activity or an IntentService before an application in uninstalled by the user who has earlier installed the app on her device?

casperOne
  • 73,706
  • 19
  • 184
  • 253
Gaurav Agarwal
  • 18,754
  • 29
  • 105
  • 166
  • I don't think it's clear what you are asking. How are you initiating the uninstall process? From the system application management activity? – D-Dᴙum Jun 16 '12 at 10:59
  • @user370305 I have only one application, where does Second application come from!! – Gaurav Agarwal Jun 16 '12 at 11:04
  • Perhaps in the example you gave above they have an uninstall Activity? – D-Dᴙum Jun 16 '12 at 11:08
  • To clarify: This happens on a non-rooted device? –  Jun 16 '12 at 11:15
  • @user370305 What I ask is: Does this screen pop up on non-rooted devices too? I just want to exclude the possibility that this happens on root-phones only, because the app could hook into more system-events, such as the uninstall event, easily. Given it had root permission at least once. –  Jun 16 '12 at 11:20
  • 7
    The techniques used by NQ Mobile Security have been reported to the Android Security group, and they are working on a fix to stop this behavior from occurring. – CommonsWare Jun 17 '12 at 23:05
  • @CommonsWare Thanks, a link to the report will be most helpful in tracking the updated by Android Security Group. – Gaurav Agarwal Jun 18 '12 at 09:45
  • @darkcrow: No, sorry, you cannot have a link to my Gmail account. – CommonsWare Jun 18 '12 at 09:57
  • 1
    @CommonsWare :)...i didn't mean tht...i thought you have raised an issue at Android Security Group https://groups.google.com/forum/?fromgroups#!forum/android-security-discuss. I also feel there should be some way for apps to remove registered users from their Servers. It is really disappointing that no such feature exists in Android. – Gaurav Agarwal Jun 18 '12 at 10:09
  • @darkcrow: "I also feel there should be some way for apps to remove registered users from their Servers" -- that could be added by some facility with fewer security implications than preventing the user from uninstalling the app. Unfortunately, nothing for that exists at the moment, though. – CommonsWare Jun 18 '12 at 10:26
  • 1
    @CommonsWare I should raise a feature report. Could you please keep up informed about any steps taken by Android Security group? – Gaurav Agarwal Jun 18 '12 at 10:37
  • @darkcrow: I have a theory. It is possible that there is a *broadcast receiver* named exactly ``com.android.packageinstaller.UninstallerActivity`` (i.e. package spoofing) that listens to the ``android.intent.action.DELETE`` intent and intents out to another activity (com.sec.android.app.twlauncher.Launcher in this case which then intents over to com.nqmobile.antivirus20.dol/com.netqin.antivirus.uninstall.UninstallProtectActivity). Can you test this out with your own version of ``com.android.packageinstaller.UninstallerActivity``? If this works, this is a NASTY security hole. – scorpiodawg Jun 18 '12 at 20:52
  • BTW - I would love to try out my own suggestion above but am tied upright now :( – scorpiodawg Jun 18 '12 at 20:53
  • Please place your "progress" in an answer. If the progress is intended to be an answer, then you should make it an answer. I'm rolling back the edits and you can look at the revision history to get the content to place in the answers. – casperOne Jun 18 '12 at 21:07
  • @casperOne "progress" is not intended to be a answer. If it is a convention, I will follow it otherwise I would wish it to be included as part of question. – Gaurav Agarwal Jun 18 '12 at 21:34
  • @darkcrow Then I'll have to shut it down as "Not A Real Question", as we are very strict about the Q&A format here. If you're not *actually* asking a question and providing an answer, then it's not suitable for SO. – casperOne Jun 18 '12 at 21:35
  • @casperOne Ok, I will put the progess in an Answer. – Gaurav Agarwal Jun 18 '12 at 21:37
  • @scorpiodawg I don't think a broadcast receiver will do because it is `Activity` intent. I/ActivityManager(171): **Starting activity**: Intent { act=android.intent.action.DELETE dat=package:com.nqmobile.antivirus20.dol flg=0x10800000 cmp=com.android.packageinstaller/.UninstallerActivity } – Gaurav Agarwal Jun 18 '12 at 21:53
  • @darkcrow I implied that there is a broadcast receiver listening to the android.intent.action.DELETE intent which then issues an intent to start the Activity I mentioned. – scorpiodawg Jun 19 '12 at 16:46
  • @scorpiodawg From Android documentation `In each case, the Android system finds the appropriate activity, service, or set of broadcast receivers to respond to the intent, instantiating them if necessary. There is no overlap within these messaging systems: Broadcast intents are delivered only to broadcast receivers, never to activities or services. An intent passed to startActivity() is delivered only to an activity, never to a service or broadcast receiver, and so on.`http://developer.android.com/guide/topics/intents/intents-filters.html – Gaurav Agarwal Jun 19 '12 at 17:11
  • I have submitted a feature request to Android http://code.google.com/p/android/issues/detail?can=2&q=33315&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars&id=33315 – Gaurav Agarwal Jun 20 '12 at 09:57
  • @Gaurav Agarwal NQ removed this feature in 4.3.But dolphin is able to do so.http://stackoverflow.com/questions/19475765/androidlisten-to-own-application-uninstall-event u found something on this? – NitZRobotKoder Oct 20 '13 at 16:19
  • @NitZRobotKoder The issue is still open. No more info. – Gaurav Agarwal Oct 20 '13 at 17:47
  • Why don't you guys just reverse engineer the app and check what its doing and what its exploiting? – Skynet Jan 16 '14 at 07:22
  • @AstralProjection Would you want to collaborate doing that. I like what you have written on you profile wall. Would like to talk to you! – Gaurav Agarwal Jan 16 '14 at 09:41
  • Sure I am all in, in everything that is Android. Drop me a mail, xredhatx@gmail.com – Skynet Jan 16 '14 at 11:28

4 Answers4

2

As @CommonsWare said The techniques used by NQ Mobile Security have been reported to the Android Security group, and they are working on a fix to stop this behavior from occurring. and have raised a feature request with Google hopefully they may listen to it.

http://code.google.com/p/android/issues/detail?can=2&q=33315&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars&id=33315

Gaurav Agarwal
  • 18,754
  • 29
  • 105
  • 166
  • 1
    I think this will never be even answered by Google... if you allow an activity to be called before the app is uninstalled, this could allow a app to create a loop to prevent itself from being deleted... and, how do you call and activity after the app has been deleted (and no files are there anymore)? – bruno.braga Sep 21 '13 at 22:57
1

I think that you can track logcat, where all activities, events, intents are registered and and find when an Intent is sent to uninstall this app.

Then you could possibly perform an action, i.e. launch an Activity, but I am not sure for this step.

Hope this helps!

Dimitris Makris
  • 5,183
  • 2
  • 34
  • 54
  • If you have Eclipse open and your phone connected, you can see in the Logcat all logs related to the phone operations. Thus, when you go your Settings to uninstall an app, an Intent is sent in order this action to be performed. It is possible to read the logcat and when this Intent is fired, identify the event and perform an action. Hope it is more clear now.. – Dimitris Makris Jun 16 '12 at 11:05
  • I have added the Logcat as suggested by you, now it is clear that the app is displaying an activity. Can you make out some thing what is happening? – Gaurav Agarwal Jun 17 '12 at 20:00
1

I don't know how it happen in NQ Mobile Security application,

But in general case I found it not possible (Or may be possible but I couldn't find the way),

Because,

When you register BroadcastReceiver for android.intent.action.PACKAGE_REMOVED in your own app and when the app is uninstalled, the registered BroadcastReceiver has been uninstalled before the app gets uninstalled,so its own uninstallation event won't be received by that BroadcastReceiver.

user370305
  • 108,599
  • 23
  • 164
  • 151
  • 2
    Even if it can be done by one application that means it can be done and we should be humble to accept that we don't know! – Gaurav Agarwal Jun 16 '12 at 11:18
  • Just check the application uninstall process.. How it goes.. like first which component removed, or any directories or files, – user370305 Jun 16 '12 at 11:33
  • Just go through the source code of uninstall application. I will also look into it. – user370305 Jun 16 '12 at 19:59
  • This needs to tried out. One thing which I can think off is when an application is uninstalled. All the services are also destroyed along with it. – Gaurav Agarwal Jun 16 '12 at 20:31
-1

I know this is old but I want to provide this answer. Listening on your own uninstall is pretty easy. You just need to use a binary which you execute and runs in background(with nohup command).

This binary can either listen on PACKAGE_REMOVED broadcast or you can regulary check if the file still exists in /data/app/ (these files are world readable, directory listing is disabled, but u know your own package name :) ) I dunno if the second solution can be done without draining battery.

M1cha
  • 19
  • 1
  • 1