Upgrading system apks through market and retaining permissions Hi,
I tried to test the android ability of upgrading a system app with a new version, but I am facing some permission problems. It seems that, after the app is upgraded, it looses the capability of accessing permissions that are systemOrSignature. I am testing this on an engineering build that is signed with a debug certificate. Below is a description of my test: Setup: 1) Three apps: APP_1 - signed with CERT_1 - provides some functionality that is protected by PERM_1 permission, that is systemOrSignature APP_2_V1 - signed with CERT_2 - version one that goes inside the system partition APP_2_V2 - signed with CERT_2 - version that is going to be installed to upgrade APP_2_V1 APP_2_* (V1 and V2) use the PERM_1 permission to do some stuff ============= Test 1 ============= Objective: - Validate that APP_2_V1 is able to use the permission PERM_1. Setup: - Put APP_1 and APP_2_V1 on the system partition. Test: - execute APP_2_V1 and test the scenario that uses the PERM_1 permission. Result: - APP_2_V1 was able to access it fine. ============= Test 2 ============= Objective: - Validate that APP_2_V2 is able to use the permission PERM_1. Setup: - Put APP_1 and APP_2_V2 on the system partition. Test: - execute APP_2_V2 and test the scenario that uses the PERM_1 permission. Result: - APP_2_V2 was able to access it fine. ============= Test 3 ============= Objective: - Validate that when APP_2_V1 is upgraded from market with APP_2_V2, the new version will be able to use the PERM_1. Setup: - Put APP_1 and APP_2_V1 on the system partition Test: a - Get the APP_2_V2 apk and do a adb install -r b - Test the APP_2_V2 and see if it works Result: a - APP_2_V1 was correctly upgraded to APP_2_V2 after the adb install -r b - During the APP_2_V2 execution, the app was not able to use PERM_1 anymore c - If upgrade is uninstalled, PERM_1 works again on the APP_2_V1 Questions: 1) Shouldn't the system still give permission PERM_1 to APP_2_V2 after it is installed in a phone with a system partition that contains APP_2_V1? 2) If yes on question 1, is there any page that explains how to test this upgrade? Does market upgrade do anything different from "adb install -r"? Thanks and Regards Felipe ---------- Forwarded message ---------- From: Dan Zhang <[email protected]> Date: Oct 20 2010, 3:53 pm Subject: signatureOrSystem premissions To: Android Security Discussions Are there any known flaws or hacks that can install native apps on devices without formal approval by Android? In other words, what protections make the process to prevent unapproved self-installation of native apps like Maps, Youtube robust? thanks > ---------- Forwarded message ---------- > From: Dianne Hackborn <[email protected]> > Date: Jul 7, 1:50 am > Subject: signatureOrSystem premissions > To: Android Security Discussions > Correct, for signatureOrSystem, if you are installed in the system > image, > then you will be granted the permission regardless of your signing > cert. > On Wed, Jul 7, 2010 at 12:38 AM, Dan Hein <[email protected]> wrote: > > A clarifying question, just to make sure I understand completely. > > So in the scenario described above, the developer would sign the > > pre-installed app with his or her own developer certificate, correct? > > Likewise, updates to the pre-installed app would be signed with the same > > certificate? In other words, the developer's certificate never changes. > > The app derives special privilege as a by-product of originally being > > included in /system by the handset manufacturer; not because of the > > particular certificate used to sign said app. > > Is my understanding correct? > > Thanks, > > Dan > > On Thu, Jun 10, 2010 at 7:43 PM, Dianne Hackborn <[email protected] > >wrote: > >> A new application needs to be signed with the same certificate as the > old > >> one to be able to update it. > >> On Thu, Jun 10, 2010 at 3:43 PM, Pragati Ogal Rai < > [email protected]>wrote: > >>> Consider a scenario where an app is pre-installed by the manufacturer. > >>> Now the developer can create an updated app and puts it on the market > >>> signed with developer's own certificate. The users of the pre- > >>> installed app can upgrade it. This is all good. But what if someone > >>> else besides the original developer (read hacker) place their app with > >>> the same name in Android Market. Can users still upgrade their pre- > >>> installed app and get around SystemOrSignature permissions. > >>> On Jun 4, 4:14 pm, Dianne Hackborn <[email protected]> wrote: > >>> > An application signed with a platform cert can't be placed on Market, > >>> > because each device has its own platform cert. > >>> > An application developer that wants to use these permissions needs to > >>> be > >>> > working with a device manufacturer to have the app pre-installed; > given > >>> > that, you can just be pre-installed on the system image and thus be > >>> granted > >>> > this type of permission without needing to be signed with a special > >>> cert. > >>> > (This also means you can place your app, signed with your own cert, > on > >>> > Market, and deliver updates to it even to devices that are > >>> pre-installed, > >>> > like Google Maps does. When the update is applied, you can continue > to > >>> have > >>> > whatever permissions you were originally granted as an app > >>> pre-installed in > >>> > the system. Of course users could still install your app on a device > >>> where > >>> > it wasn't pre-installed, so such an app needs to be able to run in > some > >>> way > >>> > in situations where it doesn't get the permission.) > >>> > On Fri, Jun 4, 2010 at 1:45 PM, ivan <[email protected]> wrote: > >>> > > Hello, > >>> > > I'm writing an extensive application that's going to require the > >>> > > downloading of media content. > >>> > > I've learned a little about the DownloadProvider that requires > >>> > > signatureOrSystem permissions. > >>> > > I'm assuming to be signed by the system signature one must > negotiate > >>> > > with Google and the OEM (or something like that). > >>> > > Is this correct? > >>> > > Can someone please explain the process of creating an application > >>> with > >>> > > signatureOrSystem permissions that can access the DownloadProvider? > >>> > > Please note that this is an application meant for Google Market. > >>> > > Thanks. > >>> > -- > >>> > Dianne Hackborn > >>> > Android framework engineer > >>> > [email protected] > >>> > Note: please don't send private questions to me, as I don't have time > >>> to > >>> > provide private support, and so won't reply to such e-mails. All > such > >>> > questions should be posted on public forums, where I and others can > see > >>> and > >>> > answer them.- Hide quoted text - > >>> > - Show quoted text - > >> -- > >> Dianne Hackborn > >> Android framework engineer > >> [email protected] > >> Note: please don't send private questions to me, as I don't have time to > >> provide private support, and so won't reply to such e-mails. All such > >> questions should be posted on public forums, where I and others can see > and > >> answer them. > -- > Dianne Hackborn > Android framework engineer > [email protected] > Note: please don't send private questions to me, as I don't have time > to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can > see and > answer them. -- regards Dan Zhang -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
