Consider a scenario where an app is pre-installed by the manufacturer. Now the developer can create an updated app and puts it on the market signed with developer's own certificate. The users of the pre- installed app can upgrade it. This is all good. But what if someone else besides the original developer (read hacker) place their app with the same name in Android Market. Can users still upgrade their pre- installed app and get around SystemOrSignature permissions.
On Jun 4, 4:14 pm, Dianne Hackborn <[email protected]> wrote: > An application signed with a platform cert can't be placed on Market, > because each device has its own platform cert. > > An application developer that wants to use these permissions needs to be > working with a device manufacturer to have the app pre-installed; given > that, you can just be pre-installed on the system image and thus be granted > this type of permission without needing to be signed with a special cert. > (This also means you can place your app, signed with your own cert, on > Market, and deliver updates to it even to devices that are pre-installed, > like Google Maps does. When the update is applied, you can continue to have > whatever permissions you were originally granted as an app pre-installed in > the system. Of course users could still install your app on a device where > it wasn't pre-installed, so such an app needs to be able to run in some way > in situations where it doesn't get the permission.) > > > > > > On Fri, Jun 4, 2010 at 1:45 PM, ivan <[email protected]> wrote: > > Hello, > > > I'm writing an extensive application that's going to require the > > downloading of media content. > > > I've learned a little about the DownloadProvider that requires > > signatureOrSystem permissions. > > > I'm assuming to be signed by the system signature one must negotiate > > with Google and the OEM (or something like that). > > > Is this correct? > > > Can someone please explain the process of creating an application with > > signatureOrSystem permissions that can access the DownloadProvider? > > Please note that this is an application meant for Google Market. > > > Thanks. > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them.- Hide quoted text - > > - Show quoted text -
