2

In one of my apps, I would like to detect if the user has got another app of mine installed.

This code works:

    PackageManager pm = mAppContext.getPackageManager();
    try {
        pm.getPackageInfo("com.example.packagename", PackageManager.GET_ACTIVITIES);
        // do something
    } catch (PackageManager.NameNotFoundException e) {
        // nothing to do
    }

But I wonder how I can verify that the user has genuinely downloaded the app from Google Play. I guess it would be possible to install a non genuine package with the same package name, right?

Daniele B
  • 19,801
  • 29
  • 115
  • 173

1 Answers1

1

PackageManager has a method getInstallerPackageName that for given package name gives you name of the installer. For pre-loaded(unless they are not installed from other 'market' like SamsungApps) and self-installed applications will return null. For applications originating from Google Play you should get com.android.vending. And I don't think that you are able to install two applications with the same package names declared in the manifest.

Albert Sadowski
  • 642
  • 5
  • 8
  • what about if the genuine app has never been installed, and the non-genuine app is faking the installer information? – Daniele B Jun 02 '14 at 10:20
  • What do you mean by 'faking installer information'? The value returned by getInstallerPackageName is being handled by PackageManager, so I suppose, there is no way to hack this. – Albert Sadowski Jun 02 '14 at 10:27
  • I guess it would be possible to maliciously hardcode whichever string in that? or maybe not? – Daniele B Jun 02 '14 at 10:36
  • The is no way to specify the installer name from the manifest. The installer package name is being set during the installation by the package manager. – Albert Sadowski Jun 02 '14 at 10:42
  • OK, I see, it sounds promising. I am targetting Android devices 4.0 and higher. Can I assume that all genuine apps dowloaded by Android 4.0 devices report the string "com.android.vending" in it? – Daniele B Jun 02 '14 at 10:45
  • And what about on rooted devices. Are we sure the getInstallerPackageName return value cannot be altered there? – Daniele B Jun 02 '14 at 10:47
  • 1
    Either previous 'Android Market' or 'Google Play' have the 'com.android.vending' package name. But I don't know what Google is planning for the future. Considering the rooted device, I think that you should assume that someone might change this. You should describe your problem from the other perspective, maybe there's other solution. – Albert Sadowski Jun 02 '14 at 10:50