5

What are the preconditions to get following behaviour:

  • app can't be uninstalled NOR disabled
  • app runs as system app

What I know so far:

  • rooted phone => actually, not necessary if app is a system app

What I tried:

  • install app under /system/app => this makes it uninstallable but it still is deactivateable
  • install app under /system/app-priv => does not change anything compared to installing it under /system/app
  • install app under /system/app-priv/<app_name> => this breaks the app

Ideas

  • To correctly make an app an system app it must be signed as a system app? Could this be? Then I can move it to /system/app-priv/<app_name>? Just a guess, but I think I've already read something like this when reading about something else... If this is true, how do I sign my app as system app?
  • am I wrong or missing something?

I'm open to alternate solutions, all I want is that my app can't be deinstalled nor disabled

prom85
  • 16,896
  • 17
  • 122
  • 242
  • 1
    I like your question. I am working in the same but didn't get proper solution – M D Aug 01 '17 at 07:08
  • 1
    You can't achieve this without making your own android distribution, in that case, you can simply disallow deactivation. – Leandros Aug 01 '17 at 07:11
  • what's with keys like those: https://github.com/android/platform_build/tree/master/target/product/security Do I need the phone distributors key or some public available android key to sign an app as system app? – prom85 Aug 01 '17 at 07:17
  • 1
    Actually i tried it long back and it worked for me.But i don't remember exaclty what i did.By simply making it as system app, the app can't be uninstalled but if you want app not to be disabled then you should try signing it with platform signature and to do that go to ~/build/target/product and look for security folder there you will find platform.x509.pem platform.pk8 & sign it using signapk.jar – Gautam Aug 01 '17 at 07:19
  • @Gautam the `~/build/target/product` folder should be on the device and contain the manufactures signature key, do I undertand that correct? Or where should this path be? – prom85 Aug 01 '17 at 07:21
  • 1
    no the path is for the AOSP build or sources you can say from where you are making the android build. You won't find the key anywhere in the mobile ecosystem. Its provided externally like for normals apps how we create a keystore. – Gautam Aug 01 '17 at 07:22
  • I thought so. So it's not possible to make this for a manufactures build android system? They allow unlocking bootloader but they don't provide their signature key I think... – prom85 Aug 01 '17 at 07:26
  • 1
    it depends on the business you are doing.Generally they don't provide signature key, you can ask them to sign it with signature key ( they won't share it with you) and then use it but major drawback in this approach is, for each and every update you need to ask them to sign and release the update which won't be feasible in any case. – Gautam Aug 01 '17 at 07:33
  • What is `app-priv` folder? Do you mean `priv-app`? And really, what do you mean about breaks the app? You can't load it after put it to system dir? It's only a folder, it can't broke something) Which permissions do you set to your apk in `/system/priv-app/your-app.apk`? It must be 664 – Acuna Jan 27 '18 at 18:55
  • Could you please see this? @MD https://stackoverflow.com/questions/53415804/pre-install-some-apps-so-they-can-be-uninstalled-without-root-by-user – Saleh Nov 21 '18 at 15:52

0 Answers0