Correct, for signatureOrSystem, if you are installed in the system image, then you will be granted the permission regardless of your signing cert.
On Wed, Jul 7, 2010 at 12:38 AM, Dan Hein <[email protected]> wrote: > A clarifying question, just to make sure I understand completely. > > So in the scenario described above, the developer would sign the > pre-installed app with his or her own developer certificate, correct? > Likewise, updates to the pre-installed app would be signed with the same > certificate? In other words, the developer's certificate never changes. > > The app derives special privilege as a by-product of originally being > included in /system by the handset manufacturer; not because of the > particular certificate used to sign said app. > > Is my understanding correct? > > Thanks, > Dan > > > On Thu, Jun 10, 2010 at 7:43 PM, Dianne Hackborn <[email protected]>wrote: > >> A new application needs to be signed with the same certificate as the old >> one to be able to update it. >> >> >> On Thu, Jun 10, 2010 at 3:43 PM, Pragati Ogal Rai >> <[email protected]>wrote: >> >>> Consider a scenario where an app is pre-installed by the manufacturer. >>> Now the developer can create an updated app and puts it on the market >>> signed with developer's own certificate. The users of the pre- >>> installed app can upgrade it. This is all good. But what if someone >>> else besides the original developer (read hacker) place their app with >>> the same name in Android Market. Can users still upgrade their pre- >>> installed app and get around SystemOrSignature permissions. >>> >>> >>> >>> On Jun 4, 4:14 pm, Dianne Hackborn <[email protected]> wrote: >>> > An application signed with a platform cert can't be placed on Market, >>> > because each device has its own platform cert. >>> > >>> > An application developer that wants to use these permissions needs to >>> be >>> > working with a device manufacturer to have the app pre-installed; given >>> > that, you can just be pre-installed on the system image and thus be >>> granted >>> > this type of permission without needing to be signed with a special >>> cert. >>> > (This also means you can place your app, signed with your own cert, on >>> > Market, and deliver updates to it even to devices that are >>> pre-installed, >>> > like Google Maps does. When the update is applied, you can continue to >>> have >>> > whatever permissions you were originally granted as an app >>> pre-installed in >>> > the system. Of course users could still install your app on a device >>> where >>> > it wasn't pre-installed, so such an app needs to be able to run in some >>> way >>> > in situations where it doesn't get the permission.) >>> > >>> > >>> > >>> > >>> > >>> > On Fri, Jun 4, 2010 at 1:45 PM, ivan <[email protected]> wrote: >>> > > Hello, >>> > >>> > > I'm writing an extensive application that's going to require the >>> > > downloading of media content. >>> > >>> > > I've learned a little about the DownloadProvider that requires >>> > > signatureOrSystem permissions. >>> > >>> > > I'm assuming to be signed by the system signature one must negotiate >>> > > with Google and the OEM (or something like that). >>> > >>> > > Is this correct? >>> > >>> > > Can someone please explain the process of creating an application >>> with >>> > > signatureOrSystem permissions that can access the DownloadProvider? >>> > > Please note that this is an application meant for Google Market. >>> > >>> > > Thanks. >>> > >>> > -- >>> > Dianne Hackborn >>> > Android framework engineer >>> > [email protected] >>> > >>> > Note: please don't send private questions to me, as I don't have time >>> to >>> > provide private support, and so won't reply to such e-mails. All such >>> > questions should be posted on public forums, where I and others can see >>> and >>> > answer them.- Hide quoted text - >>> > >>> > - Show quoted text - >>> >> >> >> >> -- >> Dianne Hackborn >> Android framework engineer >> [email protected] >> >> >> Note: please don't send private questions to me, as I don't have time to >> provide private support, and so won't reply to such e-mails. All such >> questions should be posted on public forums, where I and others can see and >> answer them. >> >> > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them.
