A clarifying question, just to make sure I understand completely. So in the scenario described above, the developer would sign the pre-installed app with his or her own developer certificate, correct? Likewise, updates to the pre-installed app would be signed with the same certificate? In other words, the developer's certificate never changes.
The app derives special privilege as a by-product of originally being included in /system by the handset manufacturer; not because of the particular certificate used to sign said app. Is my understanding correct? Thanks, Dan On Thu, Jun 10, 2010 at 7:43 PM, Dianne Hackborn <[email protected]>wrote: > A new application needs to be signed with the same certificate as the old > one to be able to update it. > > > On Thu, Jun 10, 2010 at 3:43 PM, Pragati Ogal Rai > <[email protected]>wrote: > >> Consider a scenario where an app is pre-installed by the manufacturer. >> Now the developer can create an updated app and puts it on the market >> signed with developer's own certificate. The users of the pre- >> installed app can upgrade it. This is all good. But what if someone >> else besides the original developer (read hacker) place their app with >> the same name in Android Market. Can users still upgrade their pre- >> installed app and get around SystemOrSignature permissions. >> >> >> >> On Jun 4, 4:14 pm, Dianne Hackborn <[email protected]> wrote: >> > An application signed with a platform cert can't be placed on Market, >> > because each device has its own platform cert. >> > >> > An application developer that wants to use these permissions needs to be >> > working with a device manufacturer to have the app pre-installed; given >> > that, you can just be pre-installed on the system image and thus be >> granted >> > this type of permission without needing to be signed with a special >> cert. >> > (This also means you can place your app, signed with your own cert, on >> > Market, and deliver updates to it even to devices that are >> pre-installed, >> > like Google Maps does. When the update is applied, you can continue to >> have >> > whatever permissions you were originally granted as an app pre-installed >> in >> > the system. Of course users could still install your app on a device >> where >> > it wasn't pre-installed, so such an app needs to be able to run in some >> way >> > in situations where it doesn't get the permission.) >> > >> > >> > >> > >> > >> > On Fri, Jun 4, 2010 at 1:45 PM, ivan <[email protected]> wrote: >> > > Hello, >> > >> > > I'm writing an extensive application that's going to require the >> > > downloading of media content. >> > >> > > I've learned a little about the DownloadProvider that requires >> > > signatureOrSystem permissions. >> > >> > > I'm assuming to be signed by the system signature one must negotiate >> > > with Google and the OEM (or something like that). >> > >> > > Is this correct? >> > >> > > Can someone please explain the process of creating an application with >> > > signatureOrSystem permissions that can access the DownloadProvider? >> > > Please note that this is an application meant for Google Market. >> > >> > > Thanks. >> > >> > -- >> > Dianne Hackborn >> > Android framework engineer >> > [email protected] >> > >> > Note: please don't send private questions to me, as I don't have time to >> > provide private support, and so won't reply to such e-mails. All such >> > questions should be posted on public forums, where I and others can see >> and >> > answer them.- Hide quoted text - >> > >> > - Show quoted text - >> > > > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > >
