Don't do this. This is not a security issue at all; it just makes an app that will likely break itself.
On Wed, Jun 16, 2010 at 12:47 PM, Greg Giacovelli <miyamo...@gmail.com>wrote: > Hi, > So I came across this today and was wondering does this work in > production app or does it merely work because my phone allows non > market apks. > > Here is an example, > Take a class like, android.view.IWindow, and copy it's source into > your project and recompile it after changing a few things. (Don't > rename or repackage it). > > Now when your APK loads in the VM, something odd happens. > > 06-15 23:30:32.148: DEBUG/installd(555): DexInv: --- BEGIN '/data/app/ > vmdl22987.tmp' --- > 06-15 23:30:32.818: DEBUG/dalvikvm(1062): DexOpt: 'Landroid/view/ > IWindow;' has an earlier definition; blocking out > 06-15 23:30:32.818: DEBUG/dalvikvm(1062): DexOpt: 'Landroid/view/ > IWindowSession;' has an earlier definition; blocking out > 06-15 23:30:33.218: DEBUG/dalvikvm(1062): DexOpt: not verifying > 'Landroid/view/IWindow;': multiple definitions > 06-15 23:30:33.218: DEBUG/dalvikvm(1062): DexOpt: not verifying > 'Landroid/view/IWindowSession;': multiple definitions > > > > So the logging is a little ambiguous, but is it saying that the > classes in this APK are blocking out previous versions and that these > new classes aren't being verified. If so I hope this is only > succeeding because as developers most targets are in development mode > when allowing non market apks (non rooted phones). However does this > work in market released apps as well? This seems like a really nasty > security exploit if I can override system interfaces just for my > application. > > -Greg > > -Greg > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com<android-developers%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en