Understand apk files and android libraries

You will see here 

research
links
sampel code
predicates on packages and libraries

Gathered information typically is found towards the end.

what are android apk files?

Search for: what are android apk files?

How do you make an apk file from an android eclipse project?

Search for: How do you make an apk file from an android eclipse project?

Given an android apk file, how can I load it on an emulator?

Search for: Given an android apk file, how can I load it on an emulator?

How can you upload an apk file to the marketplace?

Search for: How can you upload an apk file to the marketplace?

How can I get an apk file from a titanium project?

Search for: How can I get an apk file from a titanium project?

Read packaging documentation from titanium project


Book
Android online
Titanium online

article: How to install apk file on emulator

And how to uninstall

Here is the link

aapt (asset packaging tool) is the internal tool that understands "apk" file

You will use the adb install command to install an apk file

How can I use eclipse to create an android apk file?

Search for: How can I use eclipse to create an android apk file?

Eclipse creates the apk file for your project under bin\ directory


adb install [-l] [-r] <file> 
- push this package file to the device and instal it
      ('-l' means forward-lock the app)
      ('-r' means reinstall the app, keeping its dat)

adb uninstall [-k] <package> 
- remove this app package from the device
      ('-k' means keep the data and cache directorie)

apk package name conflicts

Search for: apk package name conflicts

what is the nature of android application apk data directory?

Search for: what is the nature of android application apk data directory?

android apk forward-lock the app

Search for: android apk forward-lock the app

Structure of an android apk file

Search for: Structure of an android apk file

Directory structure of an android application on the device

Search for: Directory structure of an android application on the device

a topic on apk

according to the pervious thread.

Checkout ringdroid: http://code.google.com/p/ringdroid/


<manifest xmlns:android="....."
      package="com.ai.android.OpenGL"
      android:versionCode="1"
      android:versionName="1.0.0">
.....
.....
</>


1.Run the emulator 
2.Go To the Menu and click the Dev Tools 
3.Then open the prefered pacakage 
4.Then select the package which u want to delete 
5.Then click delete the package

Taken from the following discussion 


adb install [-l] [-r] <file> 
- push this package file to the device and instal it
      ('-l' means forward-lock the app)
      ('-r' means reinstall the app, keeping its dat)

adb uninstall [-k] <package> 
- remove this app package from the device
      ('-k' means keep the data and cache directorie)

Should be rewritten as 


adb install [-l] [-r] <apk file name> 
- push this package file to the device and instal it
      ('-l' means forward-lock the app)
      ('-r' means reinstall the app, keeping its dat)

adb uninstall [-k] <complete java like package name> 
- remove this app package from the device
      ('-k' means keep the data and cache directorie)


//install an apk file
adb install c:\somedir\OpenGL.apk

and

//uninstall the corresponding application
//based on its fully qualified package name
adb uninstall com.ai.android.OpenGL

what is android emulator.exe -wipe-data?

Search for: what is android emulator.exe -wipe-data?


1. use /jre/bin/keytool to create a key in a key store
2. use jarsigner to sign the apk file


keytool
  -genkey //generate a public/private key
  -alias mykey //name of the key
  -keystore c:\somekeystore.store //location of a store
  -storepass abc //password
  -keypass abc //password
  -keyalg RSA //key algorithm
  -validaty 14000 //how many days


firstname
lastname
organization unit
organization
city
state
country code


jarsigner 
  -keystore c:\somestore
  -storepass abc
  -keypass abc
  -myfile.apk 
  keyname


Highlight project in eclipse
right click
Android Tools
Export Unsigned Application Package
Choose a filename.apk

You can use the same path for signed package as well


keystore
keystor password
keyname (alias)
validity in years
first and last name
org unit
org
city
state
country code

A very similar approach to the command line tools.


Keystore name ? "debug.keystore" 
Keystore password ? "android" 
Key alias ? "androiddebugkey" 
Key password ? "android" 
CN ? "CN=Android Debug,O=Android,C=US"

If you are developing in Eclipse/ADT and have set up Keytool as described above, signing in debug mode is enabled by default. When you run or debug your application, ADT signs the .apk with the debug certificate and installs it on the emulator. No specific action on your part is needed, provided ADT has access to Keytool.

How to sign your applications

One must read the article above


1. sendign updates/reinstall
2. provide access to other apps with the same key etc.

So keep the store and key passwords in a safe place. Android recommends to use the same key for the same class of applications. Also it is recommended that you don't pass passwords on command lines as they can be stored in the shell.

The default storage location for AVDs is in ~/.android/avd on OS X and Linux, in C:\Documents and Settings\\.android\ on Windows XP, and in C:\Users\\.android\ on Windows Vista.

The default debug keystore/keys expire in a year

Search for: keytool list

More on keytool. A real good read from sun


\tools\android list avd // lists avds available
\tools\emulator @avdname // start a specific avd

You will have three things in the delivered package. a) the actual data b) the public key c) the signature generated by the private key and the actual data.

Only this public key can verify the signature created by the private key and the data. This means even if someone is to get hold of the public key, they cannot put together a package with this copied public key and deliver you that package. Because when that package is opened and the public key is used to decipher the signature it will fail.

In other words that public key is useless without the private key that you safe guard.

If android comes across two packages with the same public key and it is able to decipher the signature as the same Android assumes that they came from the same organization and allows you to update software etc.

When two public keys match Android assumes you are the same person.

So each valid public key is treated as a real owner. when someone produces a package that publickey can decipher they are deemed the same owner.

However when they are self signed like this, you can put any name you want as your organization.

Also if you were to generate two separate public keys then you are two different organizations as far as Android is concerned even if you have the same name name and address.

exercise: prove that you can use keytool to generate multiple orgs in the same keystore

exercise: sign two packages with the same public key

exercise: sign two packages with two keys but the sameorg

Can I use jar signer to list the org, public key etc

Search for: Can I use jar signer to list the org, public key etc

A public key seem to be tied to the package for which it is originally created for.

Same package definition cannot have two different public keys.

In otherwords if you want to install with a publickey that is not in the system, it must come with a unique package name

exercise: verify you cannot have two packages with the same qualifier

This is fine but not the other way around. This should be possible because a public key belongs to an institution and that institution should be able to release any number of distinct applications under their own packages

However going backwards. A given application cannot be shared by two institutions.

each apk file runs in its own process and gets its own linux userid (typicallly)

An interesting take on apk files

The article suggests command line utilities to explore the package structure. 


<package name="com.google.android.home" userId="10004" />
<package name="com.google.android.fallback" userId="10003" />
<package name="com.google.android.contacts" userId="10001" />
<package name="com.google.android.hello" userId="10006" />
<shared-user name="android.uid.system" 
    dummy-signature="android.signature.system" userId="1000" />
<shared-user name="android.uid.phone" 
    dummy-signature="android.signature.system" userId="1001" />
<shared-user name="com.google.android.core" 
    dummy-signature="com.google" userId="10002" />

How is apk user id allocated

Search for: How is apk user id allocated

Here is a clue in the manifest file. no answer yet

The package name is unique and is a java package name

The package name is the default process name for the package to run

The name of a Linux user ID that will be shared with other applications. By default, Android assigns each application its own unique user ID. However, if this attribute is set to the same value for two or more applications, they will all share the same ID ? provided that they are also signed by the same certificate. Application with the same user ID can access each other's data and, if desired, run in the same process.

apk shared user id

Search for: apk shared user id

How to share code between two projects

shared user id needs to be probably qualified so as not to duplicate

share user id

Search Google for: share user id

Search Android Developers Group for: share user id

Search Android Beginers Group for: share user id

Search Google Code for: share user id

Search Android Issues Database for: share user id

How to use resources from another package


Context currentCtx = ...; 
Context otherCtx = currentCtx.createPackageContext(<package_name>, 
Context.CONTENT_INCLUDE_CODE); 
Resources otherRes = otherCtx.getResources();

Another example of shared contexts

Looks like you dont have to have the share userid to share data

quoting Dianne from that note

Actually you can do it with Context.createContextForPackage(), which will return a Context containing the resources and pointing to the data directories of the requested package. However, unless the other application has explicitly made some files in there world accessible or you are sharing the same user ID as it, there is no way for you to touch anything in that directory

sdcard seem to be another solution for data sharing

Understand self signed jar files better

From the docs...

The name of a Linux user ID that will be shared with other applications. By default, Android assigns each application its own unique user ID. However, if this attribute is set to the same value for two or more applications, they will all share the same ID ? provided that they are also signed by the same certificate. Application with the same user ID can access each other's data and, if desired, run in the same process.

sharedUserId

Search for: sharedUserId

Issues with changing sharedUseId between releases

Problems with adding a sharedUserId afterwards

sharedUserId

Search Google for: sharedUserId

Search Android Developers Group for: sharedUserId

Search Android Beginers Group for: sharedUserId

Search Google Code for: sharedUserId

Search Android Issues Database for: sharedUserId

From docs...

A user-readable label for the shared user ID. The label must be set as a reference to a string resource; it cannot be a raw string. This attribute was introduced in API Level 3. It is meaningful only if the sharedUserId attribute is also set.

CONTEXT_RESTRICTED

Search Google for: CONTEXT_RESTRICTED

Search Android Developers Group for: CONTEXT_RESTRICTED

Search Android Beginers Group for: CONTEXT_RESTRICTED

Search Google Code for: CONTEXT_RESTRICTED

Search Android Issues Database for: CONTEXT_RESTRICTED

This seems to be a better question

CONTEXT_INCLUDE_CODE

Search Google for: CONTEXT_INCLUDE_CODE

Search Android Developers Group for: CONTEXT_INCLUDE_CODE

Search Android Beginers Group for: CONTEXT_INCLUDE_CODE

Search Google Code for: CONTEXT_INCLUDE_CODE

Search Android Issues Database for: CONTEXT_INCLUDE_CODE

Um, I am pretty sure this does not work. If the two apps do not have a shared user ID, then the system is going to assign them different user IDs, and from most perspectives -- certainly filesystem access -- they are two unrelated applications. The only way one could access files in another is if the other makes those files world readable (and in that case it doesn't matter what the apps are signed with, -anyone- can access those files).

What the call you show here does let you do is load one application's coe into another's process. In this case certificates are ignored (it is VERY VERY dangerous to do), and the other application's code will be running in your own process, as you. It thus can now access your own files... but it can't access its files, because it isn't running as itself, it is running as you.

The quote is taken from the following discussion

context getClassLoader

Search Google for: context getClassLoader

Search Android Developers Group for: context getClassLoader

Search Android Beginers Group for: context getClassLoader

Search Google Code for: context getClassLoader

Search Android Issues Database for: context getClassLoader

content provider life cycle

Search Google for: content provider life cycle

Search Android Developers Group for: content provider life cycle

Search Android Beginers Group for: content provider life cycle

Search Google Code for: content provider life cycle

Search Android Issues Database for: content provider life cycle

Couple of answers here

Interactin with content providers is synchronous

Uses a pool of threads

They have no lifecycle

For external clients they will not run on the main thread

Most likely process will come to life with the first call and gets closed when no clients are around

stopping content provider

Search Google for: stopping content provider

Search Android Developers Group for: stopping content provider

Search Android Beginers Group for: stopping content provider

Search Google Code for: stopping content provider

Search Android Issues Database for: stopping content provider

starting content provider

Search Google for: starting content provider

Search Android Developers Group for: starting content provider

Search Android Beginers Group for: starting content provider

Search Google Code for: starting content provider

Search Android Issues Database for: starting content provider

createPackageContext

PKI stands for Public Key Infrastructure

How to uninstall or remove packages through UI

To understand CONTEXT_RESTRICTED see the method isRestricted() in your android sources


case R.styleable.View_onClick:
   if (context.isRestricted()) {
     throw new IllegalStateException("The android:onClick attribute cannot "
         + "be used within a restricted context");


if (itemListenerMethodName != null) {
   if (mContext.isRestricted()) {
      throw new IllegalStateException("The android:onClick attribute cannot "
                     + "be used within a restricted context");
   }

you can inflate the resources in a new context but the target context may restrict whatever including, as in this case those xml attributes that may require code to be executed from the source context.

I suppose if this flag is not set then the including code should remove this restriction...

android apk package name and java root package

Search for: android apk package name and java root package