5

So, I found this answer here by #CommonsWare about allowing an app to install apps silently to the phone like Google Play does. There, it is mentioned that the app should be either signed with the firmware-signing certificate or so, or add the app to System folder. What I need to know is, if I add the app to system\app\ or system\priv-app\, then is it possible to install app silently to an Android device? Or do I need to utilize INSTALL_PACKAGES permission? If so, how?

I'm asking this question because I've only 10 reputations so I cannot comment there.

I found an answer by #inazaruk here, but it's complicated and the provided links are dead.

Community
  • 1
  • 1
TroublingCushion
  • 41
  • 2
  • 9

1 Answers1

2

It's the app doing the installation that needs to be system signed or reside in system/app system/priv-app, for those you do need to hold the correct permission in order to install an app (even if you're system signed), the difference is that you are able to get the necessary permission to do so at all. The fact that you use a permission is not the same as that the user gets a pop-up asking if it's OK.

In order to install a package you can call (ApplicationPackageManager.installPackage): http://androidxref.com/7.1.1_r6/xref/frameworks/base/core/java/android/app/ApplicationPackageManager.java#1561

public void installPackage(Uri packageURI, PackageInstallObserver observer,
        int flags, String installerPackageName) {

Since the ApplicationPackageManager has @hide on it you're going to have to use something like reflection to access it. You get an ApplicationPackageManager when you call "Context.getPackageManager".

JohanShogun
  • 2,956
  • 21
  • 30
  • I think you said it is to be done from the app-side itself. Does it mean we don't need a firmware-signing certificate for the app to get complete installation privilege on a device? Can you be more clear? – TroublingCushion Feb 13 '17 at 11:15
  • 1
    Check first sentence :) "It's the app doing the installation that needs to be system signed or reside in system/app system/priv-app", i.e. your installer application needs to be system signed. – JohanShogun Feb 13 '17 at 11:16
  • So, if I am giving my app to a phone manufacturer (to make it a system app in their device), then they should do the system signing, right? – TroublingCushion Feb 13 '17 at 11:23
  • Yes the OEM makes does the system signing, they shouldn't share their keys for system signing with anyone. :) – JohanShogun Feb 13 '17 at 11:54
  • That was something helpful. One last thing I need to know. Do you know any process on how this is done (the OEM system signing), or any references to the same? I've been searching all day till now. – TroublingCushion Feb 13 '17 at 12:08
  • It's up to each OEM, and something your sales / legal department would have to contact each manufacturer for, as far as I know there are no services available to make platform signing available to the public (which it shouldn't be). – JohanShogun Feb 13 '17 at 12:25