Create System Application

Question

What I should to do to create a system app (to obtain rights to use android:sharedUserId="android.uid.system"in manifest file without receiving an error from package manager about certification problem?

I use rooted phone with stock firmware.

You can't. You would have to sign the app with the system certificate, or build a custom ROM. — Simon, Jun 20 '13 at 19:58
But some guys edit stock apps, prepare zip file which user can update system apps by recovery. I don't believe, that these developers have ie. Samsung certs. — Michał Rowicki, Jun 20 '13 at 20:03

score 33 · Accepted Answer · answered Jun 20 '13 at 21:04

33

Ok, I think that I find sollution from great xda developers: http://forum.xda-developers.com/showthread.php?t=1776095 here is full description how to obtain access to apps signed by platform keys. Do you apply with this approach?
PS it is interesting that users from stack instead of investigating hard problem immediately say that you can not solve it, then reduce novice user's reputation...

answered Jun 20 '13 at 21:04

Michał Rowicki

1,372
1
16
28

1

What they are doing is resigning the firmware with their own signing key. – CommonsWare Jun 20 '13 at 21:11
In fact, they remove all digital signatures from apks. They also delete all odex files. So this new set of applications should be slower than the standard software, but it give me opportunity to create app which have full access to all phone functions. – Michał Rowicki Jun 20 '13 at 21:14
3

All APKs have to be digitally signed, otherwise they cannot run. – CommonsWare Jun 20 '13 at 21:18
In which step they are re-signed? – Michał Rowicki Jun 20 '13 at 21:25
You'll have to ask them. They wrote that recipe, not me. – CommonsWare Jun 20 '13 at 21:27
Where in that xda solution does it make mention of sharedUserId? – IgorGanapolsky Jan 01 '14 at 23:41
1

@MichałRowicki: Were you able to successfully make your app as the system app? I want to do the same and need your assistance.Did you do anything as mentioned in this link(answer by natez0r) : "http://stackoverflow.com/questions/9475576/resigning-system-img-on-a-device" ? – Basher51 Aug 07 '14 at 13:09

score 27 · Answer 2 · answered Jun 20 '13 at 20:32

27

What I should to do to create a system app

There are two types of system apps:

Apps installed on the system partition, which can be accomplished by users with root privileges
Apps signed by the same signing key that signed the firmware

to obtain rights to use android:sharedUserId="android.uid.system"

That definitely would require your app to be signed by the same signing key that signed the firmware. That's true for any android:sharedUserId.

But some guys edit stock apps, prepare zip file which user can update system apps by recovery.

You are welcome to provide any evidence that what they do somehow involves android:sharedUserId="android.uid.system".

answered Jun 20 '13 at 20:32

CommonsWare

986,068
189
2,389
2,491

Let see http://forum.xda-developers.com/showthread.php?t=2001564 here you have example of modificated stock caller application which uses android:sharedUserId="android.uid.phone". Maybe it is possible to download all system aps with framework.apk resign by my certs/keys and reupload to stock ROM? – Michał Rowicki Jun 20 '13 at 20:50
@MichałRowicki: "here you have example of modificated stock caller application which uses android:sharedUserId="android.uid.phone"" -- that means that the app needs to be signed by the same signing key that signed all other apps using `android.uid.phone`. I have no idea what apps all use that. – CommonsWare Jun 20 '13 at 20:57
this sharedUserID use for example com.android.providers.telephony package so this package should be sign with the same keys as created by this developer, I doubt that Samsung released your certs to open community because it would be harmful for ordinary peoples using their phones. – Michał Rowicki Jun 20 '13 at 21:07
can i obtain admin privilege like this app ==> https://play.google.com/store/apps/details?id=com.plexnor.gravityscreenofffree&hl=en – Hardik Dec 19 '13 at 08:50
2

Can somebody tell me the difference between app installed on system app vs an actual system app? As far as access privileges are concerned? If my apk has same signature as the system ROM then can i install it as a normal app or in system partition? – Utsav Gupta Aug 30 '14 at 04:04
1

Your term "system partition" is too vague. It should be either `/system/priv-app` or `/system/app` while the latter seems only preventing its uninstall but doesn't seem to have the right to gain any signatureOrSystem permission. – OneWorld Feb 08 '18 at 16:54
So what are the differences between these two types of system app? – navylover May 07 '20 at 09:31

Brent K. · Answer 3 · 2022-07-06T18:41:49.057

13

A system app must be signed with the platform key. This is done by developers deploying an android platform on their own device, or mobile carriers.

If that is your case, the easiest way is to add this to your Android.mk:

LOCAL_CERTIFICATE := platform
LOCAL_PRIVILEGED_MODULE := true

or this to your Android.bp:

certificate: "platform",
privileged: true,

If you add those lines without adding android:sharedUserId="android.uid.system" to your manifest, you will be a platform_app. A system app is more privileged than a platform app. That uses the platform key and runs as the system user.

If you are not the platform vendor, the platform vendor would need to sign your application using their platform key. Some vendors, including my company, will do this for 3rd parties demonstrating a valid reason for doing so.

Without the signature, your application can only be used on rooted devices.

edited Jul 06 '22 at 18:41

answered Oct 16 '19 at 18:38

Brent K.

927
1
11
16

Thanks for your most recent answer on this. Can you please provide some examples of vendors. If I need to publish a system app for all Samsung mobiles, is it possible to take a single signature and do it ? And should I request it from Samsung? – Keshan Fernando Oct 18 '19 at 02:27
@KeshanFernando I cannot speak to other vendors. You would need to ask Samsung through their technical support. This technique is often used by Mobile Device Manager (MDM) applications and virus scanners. Most vendors will use a different signature for each handset. If Samsung does this, you would need to create and release a different version of your app for each handset. – Brent K. Nov 19 '19 at 13:11

OneWorld · Answer 4 · 2018-04-17T12:20:02.267

2

I did not need to sign my app with the firmware signature! I have a rooted device. Therefore I can grant myself rights to write to certain directories using adb.

I moved my app to /system/priv-app instead of /system/app using those steps: Push my apk to /system/app

Now, I can access system permissions like android.permission.SHUTDOWN

edited Apr 17 '18 at 12:20

answered Feb 08 '18 at 16:46

OneWorld

17,512
21
86
136

that's for rooted devices now. – M D P Apr 17 '18 at 12:09
1

So you just installed your app in /system/priv-app and the system automatically granted you the SHUTDOWN permission? Or you had to do something else? Because it doesn't work with me. It's installed there (I've root permissions too), I asked for it on the manifest and it still says I don't have it. If if helps, I installed it after that as an "update" for it to install files on the SD card to use. Is this the problem? Because it needs to get files from the SD card. If it's not this, no idea what could be. Would you know a possible problem here? – Edw590 Feb 01 '20 at 23:15

Stephan John · Answer 5 · 2019-09-13T06:20:05.940

0

There is two types of system apps.

Type 1: The App which is in the same signature of the Device ROM .

Type 2: The Signed app which is in system/priv-app ( Might differ based on adnroid version ) in your device storage location .

Visit this link -> http://www.archive.ricston.com/blog/explaining-behavior-android-application-system-apps-nonsystem-apps/

edited Sep 13 '19 at 06:20

answered Sep 13 '19 at 06:14

Stephan John

331
1
2
11

Create System Application

5 Answers5

Linked