29

I've accepted for a while now that it's impossible to silently install an application on Android - that is, to have a program install an application bundled as an APK without providing the standard OS installation prompt and going through the app installer activity. But now I've picked up a copy of the Appbrain fast web installer, and it does exactly this.

How on earth is this possible? :D

Adrian
  • 1,652
  • 2
  • 22
  • 32
  • Because AppBrain is doing something that will probably get them sued by Google. – CommonsWare Aug 09 '10 at 12:12
  • Ah yes, but *what* are they doing that will probably get them sued by Google? :D – Adrian Aug 10 '10 at 11:33
  • Why? Are you eager to be sued as well? – CaseyB Aug 12 '10 at 06:39
  • I would also like to know how it works. Not to use it but to enlighten me ;) Hiding information is not helping in security issues. – Janusz Aug 12 '10 at 07:14
  • 3
    Why would a non hacker broadcast a method of writing potentially malicious code. Even if I knew I wouldn't post it up. – Mike Aug 12 '10 at 15:43
  • 10
    @Mike: Security through obscurity? You must be a MS-dev ;-) – Stefan Hoth Aug 12 '10 at 17:04
  • 1
    @stefan haha you get an up vote for that. No I am not a MS dev but I do fancy myself as an ethical dev and sometimes that means keeping some security knowledge between yourself and the devs that will fix it. – Mike Aug 12 '10 at 19:10
  • 5
    @Mike When in doubt, assume that the "black hats" already know about the exploit and how to use it, and thus it should be made public so that normal users and "white hats" can attempt to avert it. There may be reason to hold back information for a couple weeks, but no longer. – Mark B Aug 12 '10 at 19:51
  • @Mark B: I disagree; updating the Android platform on all phones can take a significant amount of time, and considering that not all phones can even update to the latest version, there's no sense in publishing security holes publicly. – Paul Lammertsma Aug 16 '10 at 15:07
  • I have noticed the app seems to be using the chrome browser for this. Can you confirm whether you application works with other applications? – Shouvik Aug 17 '10 at 04:42
  • This works (for me, at least) with Firefox and Froyo on an HTC Desire. – Adrian Aug 17 '10 at 14:31
  • Yeah my bad! I read the last link I posted after I asked the question. Very sure I have a decent idea how to do it, hope Google is reading this. At the moment, I have ceased installing any new application on my phone... Gonna experiment some stuff today... :) – Shouvik Aug 18 '10 at 04:45

3 Answers3

13

I think the clue is pretty much in this statement I found here in the FAQ.

The fast web install worked for me yesterday, but it doesn't work anymore today. What's wrong?

The permission to install apps directly on your phone needs to be refreshed once every few days. Go back to the "Fast Web Install" app on your phone and click the button to give us the permission again. We are working on a future update that will optionally automatically refresh this setting.

I presume this is very similar to what Google does in the kill switch. I am assuming that the kill switch is an application on my device, just hidden from me. When Google wants to remove an application, it silently uninstalls it without asking for our permission. I am very sure this security hole is of their making. Now we just need to figure that out... =D

Community
  • 1
  • 1
Shouvik
  • 11,350
  • 16
  • 58
  • 89
  • 2
    Yes, that seems likely. There's an informative article on the kill/install functionality here: http://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/ – Adrian Aug 17 '10 at 11:36
  • Ha ha, I see another remote kill of AppBrain in the near feature.. =D – Shouvik Aug 17 '10 at 11:48
  • 1
    Another link on the same lines. This I think clinches the deal... http://jon.oberheide.org/blog/2010/06/28/a-peek-inside-the-gtalkservice-connection/ – Shouvik Aug 17 '10 at 12:48
2

You can ( in a very hackish way ) install apps silently using adb. You have to enable USB Debugging, but just push the APK to /data/app. ie:

adb push MyApp.apk /data/app

  • or -

adb install MyApp.apk (cleaner way)

The second command MAY prompt for an installation, I don't remember off the top of my head.

ChrisSoyars
  • 51
  • 5
0

IF you can work out what the standard installer does when it installs, you can replicate that behaviour in your app, however yours would need quite extensive permissions to do everything properly.

Seriously, don't even try.

Emyr
  • 2,351
  • 18
  • 38
  • I can work out what the standard installer does when it installs, and replicate that behaviour so that it would theoretically work with the appropriate privileges. The issue here is that I've *seen* an application that works just fine without those privileges, that doesn't seem to be taking that approach. This is behaviour that I'd like to be able to duplicate if possible. – Adrian Aug 16 '10 at 08:37