Geek Answers Handbook

Famous Android Sources

When you install the apk file from an unknown source, Android will complain and verify that you want to install this apk file. This file must be checked in the list of known sources.

I am interested to know where the list of known sources on Android AOSP is located.

Edit: Sorry if my question is confusing, but let me clarify. When you install the APK from usb or via email, Android will tell you that you are installing the application from an unknown source. At this stage, you can either deny or accept this fact and move on. To determine if the application is installed from an unknown source, I assume that there is a list of known sources included in AOSP. Maybe I'm wrong, as one comment indicates that these are all applications that are not installed from the Google Play store.

I would like to see where this check is done. Where in AOSP this check is performed if there is no list, or where this list of known sources if there is a list.

+8
android apk
source share
2 answers

So, I looked at the AOSP source code to find out how Unknown Sources validation is performed. This is more complicated than the known source = android.

So, first of all, for the background, the verification and reporting of Unknown sources are generated by INSTALL_NON_MARKET_APP . This flag appears in several places, but PackageInstallerActivity takes the main place. Infact, this is the only place in AOSP where it appears and is used for some effective degree. Let's look at this here:

String callerPackage = getCallingPackage(); if (callerPackage != null && intent.getBooleanExtra( Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)) { try { mSourceInfo = mPm.getApplicationInfo(callerPackage, 0); if (mSourceInfo != null) { if ((mSourceInfo.flags&ApplicationInfo.FLAG_SYSTEM) != 0) { // System apps don't need to be approved. initiateInstall(); return; } } } catch (NameNotFoundException e) { } } if (!isInstallingUnknownAppsAllowed()) { //ask user to enable setting first showDialogInner(DLG_UNKNOWN_APPS); return; } initiateInstall();

So PackageInstaller is a package included with AOSP that understands how to handle the ACTION_VIEW intent for APK files. PackageInstaller checks two things before it can install the application.

  • That application is a system application. If the application is a system application, it doesn’t care, it tells the package manager to install your application. This means that if Samsung places its Samsung store as a system application on Samsung devices, it will automatically become a reliable source. Infact, he will skip step 2 here.

  • If this system flag is not set. If this flag is not set, and therefore you are not a system application, then you are not a reliable source. At the same time, system applications can also skip the package installer and just go to the call to the hidden installPackage function, which can be found in PackageManagerService . This seems to be what GooglePlayStore does, since when I turn off the installation options in PackageInstallerActivity, I can still just install apks.

So, to summarize: Well-known sources are SYSTEM APPS not only applications downloaded from a Google game. Google play completely bypasses the INSTALL_NON_MARKET_APP flag, since it does not use PackageInstaller. If you are creating an application that is not a system application, the only method for installing the APK is to use PackageInstaller. Since your application is not a system application, it checks if unknown sources are disabled.

+19
source share

As already noted, the word “sources” means “place of origin” (as in application package repositories), not “source code”. This is not completely related to AOSP.

This usually means "apps downloaded from Google Play" (and the previous Android Market).

I say “usually” because you could identify a different source in the custom fork - you didn’t come across this personally ”(I don’t know how this happens with the Samsung app store).

0
source share

More articles:


All Articles