|
|
|
|
|
|
by cesarb
838 days ago
|
|
|
One unstated part of that "if I don't have root on my device" statement is "...and someone else does have root on my device". On normal Android, Google does have root on your device, while you don't. For instance, whenever you tell the Android Market app (nowadays caled "Google Play Store", but internally it's still the same app) to install an application, it doesn't actually install the application; it tells the Google servers to ask your device to install the application, and a highly privileged service on your device does the actual download and installation. Said service is highly privileged because it's signed with a key only Google has; several system services have special access (root-equivalent, or even actual root) to your device, and these are signed by the Google key. Some of these can be remotely updated, and this update is silent (I had long ago written a small app found at https://github.com/cesarb/packageaddedremovednotifier to notify me about these silent installs, but it depended on a notification which is no longer broadcast on more recent Android versions; it was instructive for me to notice how often Android Market and one other app were silently updated). It's true that you don't have root on your hard disk (until you connect to its serial console pins and notice that it doesn't even ask for a password before giving you full access to all its low-level commands), but neither does anyone else. |
|
|
Root access is meaningless on a user build of Android. Android is designed such that the root account is not needed and it is locked down using SELinux.
> to notify me about these silent installs, but it depended on a notification which is no longer broadcast on more recent Android versions
I built a test app on Android 14 and I was able to get the broadcast you are referring to. The changes which the app you linked has not adapted to is that since Android 8 you need to use Context.registerReceiver() to register an implicit broadcast receiver for those actions [1] and since Android 11 you need to use a <queries> tag (or query all permission) in order to get visibility of other apps on the system [2].
[1] https://developer.android.com/about/versions/oreo/background...
[2] https://developer.android.com/training/package-visibility