Hi Nate, Yes, two packages can share a user ID only if their signatures match, and the current Android framework implementation for checking whether two packages have matching signatures requires the full set of signatures of both packages to match.
Regards, Jose On 25 jun, 09:20, Nate <[email protected]> wrote: > After reading the documentation on shared UIDs and APK signing, I > concluded that using multiple signatures for an application I am > writing would be a good solution. First, I'll explain the problem I'm > attempting to solve, and next I'll explain how I imagined multiply > signed APKs would solve it. > > I'm writing an application that will allow users/developers to freely > contribute content to. The contributable content is functionality; > not simply images, sounds, data, or other resources. Let's say for > example, the content is an implementation of an interface that > contains a controller for an interactive character in a video game. > The users/developers should be able to package this content and > distribute, for money if they wish, on the Android Market, in the same > manner that the application itself was. > > By having the application and the content packages use the same > sharedUserId, the Java classes contained in the content packages are > available to be directly used by the application. However, in order > to be able to install two APKs wishing to use the same sharedUserId, > they must have common signatures. This could be achieved by sharing > the applications signing key with the contributors, but this has > serious implications, and should not be done. The logical thing to do > would be to sign the application with a truly private key, in addition > to a key that is publicly available to the contributors of the > application. The contributors would sign their packages with their > own private key, and the previously mentioned shared key. > > This solution, however, does not work in the current implementation. > Or at least I haven't managed to make it work. From my testing, and > likely soon to be confirmed by code inspection, the APKs can only > share a UID if and only if the sets of signatures are identical across > APKs. I'm curious, is this truly the case? If so, is the use case > above not enough to warrant the functionality sought? Finally, if the > solution presented will not work, may you suggest an alternative that > will? > > As an aside, an alternative I was brainstorming involved: > 1) getting the list of all installed packages > 2) checking for the existence of a class (or perhaps meta-data from > the manifest) (or some other suitable convention) > 3) creating a DexClassLoader for the packages that match > > I'm not sure of the security of this method; perhaps it's not possible > to use the DexClassLoader for packages for which you don't share > signatures. Perhaps no security exists at all, in which case I could > perform the signature check myself if I deemed it necessary. > > I appreciate any advice. Thanks in advance! > > -- > Nate -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
