4

I'm Jaemoon.

My system app located in /system/app was running well until Android 4.3 Jelly Bean but it started having some problems which was security problem in Android 4.4 KitKat.

In other words, My system app needed permissions such as android.permission.WRITE_APN_SETTINGS and android.permission.CONNECTIVITY_INTERNAL and did well until Jelly Bean but from KitKat, there were security problems as follows. I don't understand the reason why my system app doing well in Jelly Bean started to have security problems from KitKat.

I am doubting that KitKat needs new setting in some script files for system permission. Could anyone help me or guide me ?

---------------------------------------------------------------------
java.lang.SecurityException: No permission to write APN settings: Neither user 10146 nor current process has android.permission.WRITE_APN_SETTINGS.
...
---------------------------------------------------------------------
java.lang.SecurityException: ConnectivityService: Neither user 10097 nor current process has android.permission.CONNECTIVITY_INTERNAL.
---------------------------------------------------------------------

Thanks in advance..

Kristof Degrave
  • 4,142
  • 22
  • 32
Jaemoon Hwang
  • 692
  • 1
  • 9
  • 12

3 Answers3

14

In Android 4.4 just apps located at /system/priv-app have the "system" level permission.

Google did this so that manufacturers like Samsung can have better control of the permissions the bundled apps have.

So administrative apps goes to /system/priv-app. Games, freemium apps and other garbages goes to /system/app

Thanks!

Paulo Giron
  • 161
  • 1
  • 5
  • can you please elaborate the term bundled apps ? Is there any web reference that explains what bundled apps are and the difference between bundled apps and administrative apps ? Thanks. – Jake Feb 23 '14 at 11:28
  • 1
    Starting Android 8.0, putting app into /system/priva-app is not enough. Implementors has to explicitly whitelist privileged apps in the system configuration XML files in the /etc/permissions directory. Apps not explicitly listed in these XML files are not granted privileged permissions. – Vinayak Bevinakatti May 01 '18 at 20:51
7

In 4.4, use /system/priv-app instead.

jspurlock
  • 1,466
  • 10
  • 7
  • When I tried using /system/priv-app with jspurlock's comment, my system apps did well and there were no security exceptions in Android 4.4 KitKat thanks to jspurlock.. – Jaemoon Hwang Nov 07 '13 at 11:49
  • Dear jspurlock, could you let me know why /system/priv-app was made in Android 4.4 and what the difference between /system/app and /system/priv-app ? – Jaemoon Hwang Nov 11 '13 at 06:51
  • 3
    @jaemoon.hwang I dug up the commit message and logic behind the migration from system/app to priv-app if you are interested. http://stackoverflow.com/a/20104400/1306452 – Andrew T. Jan 28 '14 at 20:23
2

It will go to priv-app folder now. Before kitkat, all apps in system partition had "system"-level permissions. Now only apps in priv-app can get system permissions.

Roh_mish
  • 121
  • 1
  • 4