From "Eggplant Quick biography" See how the app gets the apk file for the phone's installed program

"Eggplant Fast Biography" is a close-range file sharing software developed by Lenovo. It passes files between different phones via wifi-direct (fast, no networking) or normal network (slow).

I don't know why. It was on fire, and the fire was swift. Of Shared transfer installed Program Files APK This feature has aroused my keen interest.

we know that Android has very strict control over the permissions of each application, each application has its own user ID, and each application is only able to access its own data, such as the program Com.android.calculator Calculator program is only agreed to interview/ The data under the Data/data/com.android.calculator folder. And all of the data for that program is also stored in that folder. at the same time, when the program is installed, the system will copy the installation file apk into the/data/app folder. The eggplant clippers. As a normal program, how does it have permission to read/data/app apk file? Assuming it is not reading the APK file under the folder, the installation file of the program apk where did it get it from?

So, I started to give full play to the initiative, began to constantly think about its implementation methods. And there are examples of the following ideas and practices.

Realization Principle Analysis and practice

1) Implementation method one:

At the beginning I was very determined to think that the eggplant Clippers are definitely not reading the installation files of the program in the phone apk. I think it just reads the information of all the installed programs of the system, then searches for the appropriate installation file (APK file) on the network server based on the package name of the program, and then sends it to the other phone via the network.

To verify this, I guess I just want to break the network. It is naturally impossible to do a program search, then it is certainly not able to transfer files. So, I did the following experiments for example:

I cut off all of my phone's network (2G/WIFI) and then use this feature to select a program and choose to send it to another phone. It turns out it still works.

So I went on to push. This apk file is very likely to be downloaded from the server to the Eggplant Clippers program folder when the program is installed. So it doesn't need a network anymore when it's sent. So I did another experiment:

I cut off all my internet. Then install a program through ADB, so during the installation process, eggplant Clippers must not be able to download the corresponding APK file from the network. But surprisingly, the eggplant Clippers still succeeded in transmitting the appropriate installation files for the program I just installed.

2) Finally I have to believe that it is really through reading the apk file under/data/app to transfer the installer.

So I started thinking, is it true that the files under the/data/app are actually readable.

I don't superstitious, I start to view the permissions information for these files.

So I started the following experiment. In order to simulate the permissions of the general program, I use the shell user to run the read file under/data/app/to verify that the normal program has the appropriate permissions.

[Email protected]/tmp$ adb shell1| [Email protected]:/$ ls/data-al                                                opendir failed, Permission denied[email protected]:/$ ls/data/app-alopendir fail Ed, Permission denied# No permissions 1| [Email protected]:/$

From the above can be seen that the general program should not be able to directly read the/data/app below the file AH. Not right? Just a good trick. I then use the root user to view the folder's detailed permissions:

1| [Email protected]:/$ su root[email protected]:/# ls/data-alls/data-aldrwxrwx--x System   System            2014-06-19 20: App

By this, I finally made it clear. The original/data/app folder has the-X permission for other users. This means that the normal program can access the folder. However, it is not possible to read the contents of the folder file, that is, there is no way to query the folder files. This is why we run the Ls/data/app–al failure because this command reads the folder file, which naturally requires the folder to open the-r permission to other users. Under-X permission, only the files under this folder are required to develop the-r permission for third-party programs, then the program can read the corresponding file of the folder through the detailed file name. So I can't wait to see the file permissions property under the folder.

[Email protected]:/# cd/data/appcd/data/app[email Protected]:/data/app # ls-alls-al-rw-r--r--system   System    5784942 2014-05-18 15:22 cn.lvye.hd-1.apk-rw-r--r--system   system   16056547 2014-05-16 21:11 cn.whonow.whonow-1.apk

Sure enough The APK in the folder has the-r permission for other users. So I once again simulated the permissions of the normal program user to start for example the following experiment.

[Email Protected]:/data/app # exitexit# back to Shell user [email protected]:/$ ls/data/appopendir failed, Permission denied[ Email protected]:/$ cd/data/app# Enter/data/app folder successfully [email Protected]:/data/app $ cd-/1| [Email protected]:/$ ls/data/app/cn.lvye.hd-1.apk-al-rw-r--r--System   System    5784942 2014-05-18 15:22 cn.lvye.hd-1.apk# Read APK file successfully

As can be seen from above, the shell user has successfully read the information to the cn.lvye.hd-1.apk file. But another problem, we just looked through the root user to see the name of the APK file under the/data/app folder. For ordinary users, it is impossible to know what/data/app under the file, then it is how to know the installation file name of a program? In fact, this is very easy. The Packageinfo.sourcedir information for the installed program indicates the program's installation program name and path. A detailed replacement code such as the following:

public class Mainactivity extends Activity {private static final String TAG = "Itleaks test"; @Overrideprotected void Oncre Ate (Bundle savedinstancestate) {super.oncreate (savedinstancestate); Setcontentview (R.layout.activity_main); Readfirstapkfile ();} private void Readfirstapkfile () {//TODO auto-generated method stub list<packageinfo> installedlist = This.ge        Tpackagemanager (). getinstalledpackages (0);        int installedlistsize = Installedlist.size ();        ApplicationInfo firstapplicationinfo = null;            for (int i = 0; i < installedlistsize; i++) {PackageInfo info = installedlist.get (i);            ApplicationInfo ainfo = Info.applicationinfo;             LOG.D (TAG, "application source dir" + ainfo.sourcedir);            if (Firstapplicationinfo = = null) {firstapplicationinfo = Ainfo;        }} File File = new file (Firstapplicationinfo.sourcedir); if (!file.exists ()) {LOG.E (TAG, "package:" + firstapplicationinFo.packagename + "APK file" + firstapplicationinfo.sourcedir + "doesn ' t exist");        } else {FileInputStream in = null;try {in = new FileInputStream (file); int size;try {size = in.available (); LOG.D (TAG, "Apk file" + Firstapplicationinfo.sourcedir + "size:" + size);} catch (IOException e) {//TODO auto-generated catch Blocke.printstacktrace ();}}        catch (FileNotFoundException e) {//TODO auto-generated catch Blocke.printstacktrace ();} }}}

For the Le Lvye this program, its sourcedir is/data/app/cn.lvye.hd-1.apk, with this file path, the normal program can be read through the normal file read the file.

Appendix:

You can download the source code and the apk file on GitHub:

Https://github.com/itleaks/apkfileshare

/********************************

* This article from the blog "Love Kick Door"

* Reprint Please indicate the source : Http://blog.csdn.net/itleaks

******************************************/

Appendix:

You can download the source code and the apk file on GitHub:

Https://github.com/itleaks/apkfileshare

/********************************

* This article from the blog "Love Kick Door"

* Reprint Please indicate the source : Http://blog.csdn.net/itleaks

******************************************/

From "Eggplant Quick biography" See how the app gets the apk file for the phone's installed program