2

I have an application that requires the DELETE_PACKAGES and INSTALL_PACKAGES permissions. The app is NOT being distributed through the market and requires "unknown sources" to be enabled. When I install this application the install page presents the user with a list of permission categories that include the categories:

  1. Your location
  2. Network communication
  3. Storage
  4. Services that cost you money
  5. Phone Calls

Are the permissions DELETE_PACKAGES and INSTALL_PACKAGES included in one of these categories? If so, which? If not, is the user not warned about this permission request?

For some background see List of android application categories and permissions

Community
  • 1
  • 1
Michael Levy
  • 13,097
  • 15
  • 66
  • 100

1 Answers1

4

I have an application that requires the DELETE_PACKAGES and INSTALL_PACKAGES permissions.

SDK applications cannot hold these permissions, unless they are part of the firmware.

Are the permissions DELETE_PACKAGES and INSTALL_PACKAGES included in one of these categories?

Probably not, but the user isn't installing your application, as it will be part of the firmware, so the point is presumably moot.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • "SDK applications cannot hold these permissions, unless they are part of the firmware" can you point me to something to document this? The app I have is NOT being distributed through the market and requires "unknown sources" to be enabled. Does that change your answer? – Michael Levy Sep 23 '11 at 16:18
  • @Michael Levy: "can you point me to something to document this?" -- http://www.google.com/codesearch#cZwlSNS7aEw/frameworks/base/core/res/AndroidManifest.xml You will see that this permission is `android:protectionLevel="signatureOrSystem"`. "Does that change your answer?" -- no. – CommonsWare Sep 23 '11 at 16:26
  • Perhaps I'm in over my head here. I see from your link INSTALL_PACKAGES has protectionLevel="signatureOrSystem" so, I think I see your point. However, I'm confused. How do applications like the Amazon Appstore install packages if they are not in the firmware and don't have the system image signature? Also, our application with its own out-of-market network install mechanism works great and has been tested on dozens of devices (not rooted). Also, http://stackoverflow.com/questions/5803999/install-apps-silently-with-granted-install-packages-permission/5805299#5805299 seems to present an approach – Michael Levy Sep 23 '11 at 16:44
  • 2
    @Michael Levy: "However, I'm confused. How do applications like the Amazon Appstore install packages if they are not in the firmware and don't have the system image signature?" -- just call `ACTION_VIEW` with the APK MIME type and a `Uri` pointing to the APK. The user will be presented with the standard permissions screen; if they proceed, the app will be installed. The approach outlined by the other post you link to is for script kiddies and, AFAIK, is now blocked. – CommonsWare Sep 23 '11 at 16:46
  • Wow. This has been quite helpful. Thank you. I think we are asking for INSTALL_PACKAGES and DELETE_PACKAGES but it is unnecessary because we are using the exact technique you describe above. So, if our install mechanism does what you say, we don't need those permissions in our manifest. Great news. I'll change the manifest and test. – Michael Levy Sep 23 '11 at 16:55
  • Removed the INSTALL_PACKAGES and DELETE_PACKAGES from my manifest and everything worked fine! Thanks again. – Michael Levy Sep 23 '11 at 17:23
  • 1
    how do apps like "Batch Uninstaller" work without the need to be system apps? do they actually do the same operations needed for uninsalling, instead of using "adb uninstall"? – android developer Mar 21 '13 at 20:26