I was wondering if it was possible to have an android app which is already installed go and download another app and install it? I figure there could be security problems with this, but is it possible for the Android OS to do this?
+4
A:
Strictly speaking no, it is not possible: each Android package (.apk) file installed on the device is given its own unique Linux user ID, creating a sandbox for it and preventing it from touching other applications.
If an application would "install" another one, it couldn't give to the target a new user ID. Only the system applet, running at root level, can do that.
What the application can do is to indirectly invoke the package installer with the ACTION_VIEW intent and the application/vnd.android.package-archive MIME type: the system will launch the appropriate "viewer", which of course is the package installer.
Nice link about that topic: http://android.amberfog.com/?p=98
Lorenzo
2010-06-22 18:00:41
Just for completeness, I want to point out that your answer precludes a rooted device.
Caleb Thompson
2010-06-22 18:02:29
Is there no way to get the system to ask the user for permission like Rpond suggested?
Anton
2010-06-22 18:13:08
@Chapso: of course, on rooted devices you can do whatever you want, but in this case why asking if there is a "legitimate" way?
Lorenzo
2010-06-22 18:17:09
@Anton: sure, you have just to view the file, the system will detect the file type and launch the appropriate viewer, the installer in our case!
Lorenzo
2010-06-22 18:20:06
By the way... this is how to invoke the viewer: http://stackoverflow.com/questions/2637957/automatic-install-of-apk
Lorenzo
2010-06-22 18:20:46
The link in the answer helped a lot.
Anton
2010-06-24 15:01:19
+3
A:
Yes. This is how the Swype beta works. What you basically do is download the new apk, and use some Intent (not sure which) to launch the Package Installer (and at this point it is a new activity and the user has to agree to install just like downloading from the Market).
BrennaSoft
2010-06-22 18:04:25