Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Update of Android system app, with/without platform signature

I have a system app that the OEM installs with the system image, but is signed by me. If I upload an updated apk to the market, will the market app silently install this update automatically?

If my system app is instead signed with the platform signature instead of mine, this means any updates also have to be signed with the platform signature, correct? Can a platform-signed apk be updated from the market?

like image 392
Android QS Avatar asked Feb 07 '13 20:02

Android QS


People also ask

Do Android apps require signing?

Every application that is run on the Android platform must be signed by the developer. Applications that attempt to install without being signed will be rejected by either Google Play or the package installer on the Android device.

What is the use of system update in phone?

Updating your smartphone's operating system when notified to do so helps patch security gaps and improve your device's overall performance. However, there are steps to take beforehand to protect your device and any photos or other personal files that are stored on it.


1 Answers

Lets first of all clarify the difference between all types of apps.

System apps are those that are located in the /system/app folder. These applications have a flag ApplicationInfo.FLAG_SYSTEM set. In an ordinary device the partition /system is mounted for read-only access. Thus, a system application cannot be updated because it is located in the read-only location. These applications can be updated only as a part of OTA update.

Ordinary apps are located on the /data partition which is read-write. Thus, these applications can be updated by a system.

Now lets talk about signatures. Some Android components are protected with permissions of signature type. This means that if you want to have access to a component protected with this type of permission, your application must be signed with the same certificate as a protected component. This is true not only for Android system, but also for Android applications, i.e. in your application you can have a component that is protected with a signature permission, thus, only applications that have the same signature will have access to this component.

The third thesis which we require to answer your question is that Android prohibits the installation of the packages that have the same package name but different signatures.

Thus,

I have a system app that the OEM installs with the system image, but is signed by me. If I upload an updated apk to the market, will the market app silently install this update automatically?

If my system app is instead signed with the platform signature instead of mine, this means any updates also have to be signed with the platform signature, correct? Can a platform-signed apk be updated from the market?

The answer is no. Although the apps that are located in /system/app can be signed with a certificate that differs from the platform one, the update of these applications is possible only with system update.

To solve your problem you can change the packagename of your application, sign it with your (if the application does not require to have access to protected Android components) or platform (if the application should have access to protected components and if you have access to this signature) and put this application into market. Then, you'll receive the updates of your application through the market.

like image 169
Yury Avatar answered Oct 18 '22 11:10

Yury