Can somebody explain to me what are the benefits of Android System App over a "normal" app (besides that fact that a system app cannot be uninstalled)? Special permissions?
Asked
Active
Viewed 7,788 times
3 Answers
22
There is some confusion here.
First, if you are talking about "system app" as just being one with FLAG_SYSTEM set, all this means is that the app is located on the /system partition, which is the read-only partition that is basically the firmware of the device. (It can only be modified as part of an OTA firmware update.) These apps can't be removed simply because they are on a partition that can't be modified.
The only thing special about a system application beyond this is that there are a handful of signature permissions that can also be granted to any app on the system image. For example there is a permission to directly talk with the package manager to install an app (without going through the system UI) that such an app can have; this is useful for any app store / market pre-loaded on a device.
Being signed with the platform certificate is an orthogonal concept -- such an app can be either on the system image or installed as a third party app (though obviously in almost all cases these come pre-installed). Such apps have access to a whole suite of low-level permissions for interacting with the platform. Very few apps are signed with this certificate; it is only for core platform applications. Unless you are working with a hardware vendor on a device, you won't have access to this.
All of the platform's certificates (whether they be available to all apps, require an app be signed with the platform cert, or are available to apps installed on the system partition) are declared by the platforms manifest, just like any other app:
https://android.googlesource.com/platform/frameworks/base/+/master/core/res/AndroidManifest.xml
Vadim Kotov
- 8,084
- 8
- 48
- 62
hackbod
- 90,665
- 16
- 140
- 154
-
It seems to me like this answer is outdated. When building a custom rom you should be able to sign stuff with the platform certificate. And are there lists of the mentioned "low level functions" and the special permissions available to system apps? – Matthias Weiler Aug 08 '12 at 17:56
-
you might also want to check out http://stackoverflow.com/questions/7707889/android-system-permissions-through-root – Matthias Weiler Aug 08 '12 at 18:09
1
There are permissions that can only be obtained by systems apps. For example the permission brick can be requested by every app but it is only granted to apps that are signed as system apps. There are some other features that make more sense I think directly installing and removing apps would be a system only permission too.
Janusz
- 187,060
- 113
- 301
- 369
-
Do you know on a list of such permissions (that only system apps can use?) – m88m Nov 24 '10 at 10:09
0
From your explanation I guess you mean the the pre-installed applications (like the Browser or the Messages app). You can take a look in these apps at https://android.googlesource.com. (search for platform/packages/apps/...).
You will find that these application are no difference to your own custom developed Apps, except you can't remove them. They cannot be removed as they provide the basic functionality to operate your phone / device. So, same security constraints apply there.
Vadim Kotov
- 8,084
- 8
- 48
- 62
Sebastian Roth
- 11,344
- 14
- 61
- 110
-
And you can only be a system app if you came with the firmware right? (signed with the "platform key") – m88m Nov 24 '10 at 10:13
-
I think you are talking from a manufacturer point of view. I know certain tablet manufacturers ship with pre-installed skype and others due to market restrictions. But those could be removed again, something worth to research. I have never seen a system app for download in the market, would be quite a security risk. Think of the BRICK permission Janusz mentioned below. – Sebastian Roth Nov 24 '10 at 11:16
-
Hey! The MobileDefense app is working on something like that (I Guess!) see here http://support.mobiledefense.com/viewtopic.php?id=569 read the statement (topper): "We'll be releasing a new APK soon that automates the entire system app install process." I think there is a way.... – m88m Nov 24 '10 at 11:18