-7

I am installing security software/hardware into a couple different school districts. The application is at it's final stage, however I will need to send updates to users periodically. For example, a general password will be changed for the application every 6 months.

Installing an .apk is considered an "update" after the initial application is installed, correct?

I just have a feeling that there should be some easy way of doing this. I don't really want to give people an .apk. Someone could get smart and tear it apart to find the contents. That, and some others might not understand how to install files on their phone.

What are your ideas? Maybe a web link a user can go to that starts the install for them?

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
  • 1
    How is this related to coding? – Rishav Aug 19 '17 at 12:32
  • 2
    for periodic updates, APK file is the only way.. But you can set some sort of flags if you are using server APIs to call web services..then you can set/check **update flag** from response..and redirect/download it to/from private server(ex dropbox)..or call web API to update any field... – Ritesh Bhavsar Aug 19 '17 at 12:33
  • 4
    `I don't really want to give people an .apk. Someone could get smart and tear it apart to find the contents.`Downloading an app is just the same as giving the apk. – Enzokie Aug 19 '17 at 12:33

1 Answers1

1

You have multiple misconceptions how updating, APKs and keeping keys secure work.

You have to host your APKs somewhere. Github releases is a pretty common way (but slow), but you could also use google drive, dropbox or your own server.

Your app has to fetch the server regularly and check if a new APK is available (pull-based). Second option is to use push notification in some kind e.g. FCM (push-based). Then you download the APK and let the user install it. Your app cannot start a installation by itself, it has to be done by the user.

But you can redirect the user to the installation menu with that APK, so he just has to click "Install". "Install from unknown sources" has to be enabled for that, if not the user will get an information about that from the OS with a way to enable.

There are apps like "APK extractor" which get you the APKs from google play without root, so there's nothing wrong about giving out the APK. Your APK should never contain secure keys which the user isn't allowed to see. It's easy to reverse engineer those keys, it's just a matter of time.

Thomas
  • 483
  • 7
  • 22