关于android:APK的更新安装隐藏解除隐藏

一、用户装置的apk产生更新

public void registerReceiver(Context context) {        Slog.d("PMSdddd", "systemReady1");        IntentFilter filter = new IntentFilter();        filter.addAction(Intent.ACTION_PACKAGE_ADDED);        filter.addAction(Intent.ACTION_PACKAGE_CHANGED);        filter.addAction(Intent.ACTION_PACKAGE_REPLACED);        filter.addAction(Intent.ACTION_PACKAGE_REMOVED);        filter.addDataScheme("package");        BroadcastReceiver packgeMonitorReceiver = new BroadcastReceiver() {            @Override            public void onReceive(Context context, Intent intent) {                final String action = intent.getAction();                final String packageName =intent.getData().getSchemeSpecificPart();                final boolean replacing =intent.getBooleanExtra(Intent.EXTRA_REPLACING, false);                final boolean dataRemoved =intent.getBooleanExtra(Intent.EXTRA_DATA_REMOVED, false);                Slog.d("PMSdddd", "action: " + action + " packageName:"+ packageName + "  replacing:" + replacing                        + "  dataRemoved:" + dataRemoved);            }        };        context.registerReceiver(packgeMonitorReceiver, filter);    }

第1步，新装置apk

adb install apk

Line 52701: 02-01 21:26:23.213  1727  1727 D PMSdddd : action: android.intent.action.PACKAGE_ADDED  packageName:com.adobe.reader  replacing:false  dataRemoved:false

第2步，hide此 apk

adb shell pm hide apk

Line 53895: 02-01 21:28:22.043  1727  1727 D PMSdddd : action: android.intent.action.PACKAGE_REMOVED  packageName:com.adobe.reader  replacing:false  dataRemoved:false

第3步，adb install更新
adb install -r apk

Line 54477: 02-01 21:29:41.550  1727  1727 D PMSdddd : action: android.intent.action.PACKAGE_REMOVED  packageName:com.adobe.reader  replacing:true  dataRemoved:falseLine 54512: 02-01 21:29:41.648  1727  1727 D PMSdddd : action: android.intent.action.PACKAGE_ADDED  packageName:com.adobe.reader  replacing:true  dataRemoved:false

第4步，再unhide此apk

adb shell pm unhide apk

Line 55640: 02-01 21:32:25.651  1727  1727 D PMSdddd : action: android.intent.action.PACKAGE_ADDED  packageName:com.adobe.reader  replacing:false  dataRemoved:false

第5步，adb uninstall 卸载apk

Line 61310: 02-01 21:52:36.395  1727  1727 D PMSdddd : action: android.intent.action.PACKAGE_REMOVED  packageName:com.adobe.reader  replacing:false  dataRemoved:true

总结：
hide命令：零碎会发送播送 android.intent.action.PACKAGE_REMOVED，data数据并不会删除
unhide命令：零碎会发送播送android.intent.action.PACKAGE_ADDED，data数据不会删除

更新apk时：
零碎先发送播送 android.intent.action.PACKAGE_REMOVED，intent.getBooleanExtra(Intent.EXTRA_REPLACING, false) 获取的值为true

零碎随后发送播送android.intent.action.PACKAGE_ADDED，intent.getBooleanExtra(Intent.EXTRA_REPLACING, false) 获取的值也为true

卸载apk时：
零碎发送播送 android.intent.action.PACKAGE_REMOVED，intent.getBooleanExtra(Intent.EXTRA_DATA_REMOVED, false)获取的值为true

二、零碎apk（位于：system/app 目录）产生更新

第1步，预置apk(v1.0)到system/app

adb push apk system/app

再复原出厂设置
第2步，adb install-r更新apk到v2.0

Line 8118: 02-02 02:55:59.428  1130  1130 D PMSdddd : action: android.intent.action.PACKAGE_REMOVED  packageName:com.example.ddd  replacing:true  dataRemoved:falseLine 8134: 02-02 02:55:59.501  1130  1130 D PMSdddd : action: android.intent.action.PACKAGE_ADDED  packageName:com.example.ddd  replacing:true  dataRemoved:falseLine 8281: 02-02 02:55:59.903  1130  1130 D PMSdddd : action: android.intent.action.PACKAGE_REPLACED  packageName:com.example.ddd  replacing:true  dataRemoved:false

更新后的apk装置在 data/app目录：

    Line 8550: 02-02 05:12:10.806  1132  1228 I PackageManager: Update system package com.example.ddd code path from /system/operator/app/AndroidDemoV1.0.apk to /data/app/~~IYd549AfrGeHUc-lWfY8kg==/com.example.ddd-o9yTi7O1l3Cm3EhqTvf2Rw==; Retain data and using new    Line 8550: 02-02 05:12:10.806  1132  1228 I PackageManager: Update system package com.example.ddd code path from /system/operator/app/AndroidDemoV1.0.apk to /data/app/~~IYd549AfrGeHUc-lWfY8kg==/com.example.ddd-o9yTi7O1l3Cm3EhqTvf2Rw==; Retain data and using new    Line 8551: 02-02 05:12:10.808  1132  1228 I PackageManager: Update system package com.example.ddd resource path from /system/operator/app/AndroidDemoV1.0.apk to /data/app/~~IYd549AfrGeHUc-lWfY8kg==/com.example.ddd-o9yTi7O1l3Cm3EhqTvf2Rw==; Retain data and using new    Line 8551: 02-02 05:12:10.808  1132  1228 I PackageManager: Update system package com.example.ddd resource path from /system/operator/app/AndroidDemoV1.0.apk to /data/app/~~IYd549AfrGeHUc-lWfY8kg==/com.example.ddd-o9yTi7O1l3Cm3EhqTvf2Rw==; Retain data and using new

第3步，Settings“利用信息”界面无奈卸载，没有卸载按钮（关上、停用、强行进行三个按钮）

总结：

零碎apk产生更新时，零碎顺次发送播送：action: android.intent.action.PACKAGE_REMOVED、action: android.intent.action.PACKAGE_ADDED、action: android.intent.action.PACKAGE_REPLACED

且 intent.getBooleanExtra(Intent.EXTRA_REPLACING, false) 获取的值为true

Android 监听多用户切换，暗藏和禁用指定Apk

IntentFilter filter = new IntentFilter();        filter.addAction(Intent.ACTION_USER_SWITCHED);        filter.addAction(Intent.ACTION_USER_ADDED);        BroadcastReceiver mUserSwitchedReceiver = new BroadcastReceiver() {            @Override            public void onReceive(Context context, Intent intent) {                final String action = intent.getAction();                final int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);                if (userId == UserHandle.USER_NULL) {                    Slog.e("PMSdddd", "received an invalid EXTRA_USER_HANDLE");                    return;                }                if (Intent.ACTION_USER_SWITCHED.equals(action) && userId > 0) {                    Slog.d("PMSdddd", "User switched to userId " + userId);                    AsyncTask.execute(new Runnable() {                        @Override                        public void run() {                            Slog.d("PMSdddd", "install start11");                            Sbbbbbbbbbbb.hideOtherBrandAppWhenUserSwitched();                        }                    });                } else if (Intent.ACTION_USER_ADDED.equals(action) && userId > 0) {                    Slog.d("PMSdddd", "Added User  userId " + userId);                    AsyncTask.execute(new Runnable() {                        @Override                        public void run() {                            Slog.d("PMSdddd", "install start11");

Sbbbbbbbbbbb

.hideOtherBrandAppWhenUserSwitched(); } }); } } }; mContext.registerReceiver(mUserSwitchedReceiver, filter);

是否暗藏和禁用apk

/**     * only hide app but don't delete user data     *     * @param pkgName     */    private void hide(String pkgName) {        final PackageManager pm = mContext.getPackageManager();        int userId = ActivityManager.getCurrentUser();        pm.setApplicationHiddenSettingAsUser(pkgName, true, new UserHandle(userId));        disableApplication(pkgName);    }    private void unhide(String pkgName) {        final PackageManager pm = mContext.getPackageManager();        int userId = ActivityManager.getCurrentUser();        pm.setApplicationHiddenSettingAsUser(pkgName, false, new UserHandle(userId));        enableApplication(pkgName);    }    private void disableApplication(String pkgName) {        final PackageManager pm = mContext.getPackageManager();        try {            int state = pm.getApplicationEnabledSetting(pkgName);            Slog.d(TAG, "disableApplication state: " + state + " pkgName:" + pkgName);            if (state == PackageManager.COMPONENT_ENABLED_STATE_DISABLED)                return;            pm.setApplicationEnabledSetting(pkgName, PackageManager.COMPONENT_ENABLED_STATE_DISABLED, 0);        } catch (IllegalArgumentException exeption) {            Slog.w(TAG, "disableApplication error:" + exeption.getMessage());        }    }    private void enableApplication(String pkgName) {        final PackageManager pm = mContext.getPackageManager();        try {            int state = pm.getApplicationEnabledSetting(pkgName);            Slog.d(TAG, "enableApplication state: " + state + " pkgName:" + pkgName);            if (state == PackageManager.COMPONENT_ENABLED_STATE_ENABLED)                return;            pm.setApplicationEnabledSetting(pkgName, PackageManager.COMPONENT_ENABLED_STATE_ENABLED, 0);        } catch (IllegalArgumentException exeption) {            Slog.w(TAG, "enableApplication error:" + exeption.getMessage());        }    }

暗藏的apk或disable的apk，信息保留在 /data/system/users/0/package-restrictions.xml 文件内

<pkg name="com.google.android.apps.maps" ceDataInode="4439" enabled="3" enabledCaller="com.android.settings" domainVerificationStatus="2" app-link-generation="4"><pkg name="com.google.android.apps.maps" ceDataInode="4439" enabled="2" enabledCaller="android" domainVerificationStatus="2" app-link-generation="4">

<pkg name="com.amazon.appmanager" ceDataInode="4472" hidden="true" enabled="2" enabledCaller="android" /><pkg name="com.google.android.apps.maps" ceDataInode="4439" enabled="3" enabledCaller="com.android.settings" domainVerificationStatus="2" app-link-generation="4">

apk被hide后，保留的信息：hidden="true"

apk被disable后，依据 setApplicationEnabledSetting 传入的常量参数不同，enabled= 的值就会不同，如下介绍：

public static final int COMPONENT_ENABLED_STATE_DISABLED = 2;  // disable利用时，若传入此参数，则利用在桌面没有图标，且在设置界面、应用程序列表外面也没有图标 （利用齐全暗藏了）public static final int COMPONENT_ENABLED_STATE_DISABLED_USER = 3;  // disable利用时，若传入此参数，则利用在桌面没有图标，然而在设置界面、应用程序列表外面有图标 (只是桌面图标暗藏了，设置外面仍能够看到图标，用户能够再次enable此利用)

另外：adb shell pm disable-user 利用包名： 相当于传入的参数是 COMPONENT_ENABLED_STATE_DISABLED。

查看手机有哪些利用处于disable状态的办法:

办法1：adb shell pm list packages -d

C:\Users\zzz>adb shell pm list packages -d
package:com.facebook.services
package:com.google.android.videos
package:com.facebook.appmanager

办法2：adb shell pm dump packages > Desktop/log2.txt

enabled=2 ---->示意利用处于disable状态，对应的值：COMPONENT_ENABLED_STATE_DISABLED

Package [com.facebook.appmanager] (a926214):    userId=10098    pkg=Package{9ae0abd com.facebook.appmanager}    codePath=/system/app/appmanager    resourcePath=/system/app/appmanager    legacyNativeLibraryDir=/system/app/appmanager/lib    primaryCpuAbi=arm64-v8a    secondaryCpuAbi=null    versionCode=277606887 minSdk=21 targetSdk=30    versionName=67.3.0    splits=[base]    apkSigningVersion=2    applicationInfo=ApplicationInfo{9ae0abd com.facebook.appmanager}    flags=[ SYSTEM HAS_CODE ALLOW_CLEAR_USER_DATA ]    privateFlags=[ PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION ALLOW_AUDIO_PLAYBACK_CAPTURE HAS_DOMAIN_URLS PRIVATE_FLAG_ALLOW_NATIVE_HEAP_POINTER_TAGGING ]    forceQueryable=false    queriesIntents=[Intent { act=com.facebook.secure.packagefinder.intent.ACTION_QUERY_PACKAGES }]    dataDir=/data/user/0/com.facebook.appmanager    supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity]    timeStamp=2021-07-12 23:30:37    firstInstallTime=2021-07-12 23:30:37    lastUpdateTime=2021-07-12 23:30:37    signatures=PackageSignatures{18e58b2 version:2, signatures:[c4e416cc], past signatures:[]}    installPermissionsFixed=true    pkgFlags=[ SYSTEM HAS_CODE ALLOW_CLEAR_USER_DATA ]    declared permissions:      com.facebook.appmanager.ACCESS: prot=signature, INSTALLED      com.facebook.appmanager.API_ACCESS: prot=normal, INSTALLED    install permissions:      android.permission.DOWNLOAD_WITHOUT_NOTIFICATION: granted=true      android.permission.FOREGROUND_SERVICE: granted=true      android.permission.RECEIVE_BOOT_COMPLETED: granted=true      android.permission.INTERNET: granted=true      android.permission.GET_PACKAGE_SIZE: granted=true      com.facebook.appmanager.ACCESS: granted=true      android.permission.ACCESS_NETWORK_STATE: granted=true      android.permission.ACCESS_WIFI_STATE: granted=true      android.permission.WAKE_LOCK: granted=true    User 0: ceDataInode=4785 installed=true hidden=false suspended=false distractionFlags=0 stopped=false notLaunched=false enabled=2 instant=false virtual=false    overlay paths:      /product/overlay/NavigationBarModeGestural/NavigationBarModeGesturalOverlay.apk      lastDisabledCaller: android      gids=[3003]

查看哪些利用属于零碎签名？

办法：adb shell pm dump packages > Desktop/log2.txt

包名为"android"的apk属于平台apk，必定是零碎签名，首先看一下包名为"android"的apk的签名信息：

 Package [android] (ad28bfa):    userId=1000    sharedUser=SharedUserSetting{769a3df android.uid.system/1000}    pkg=Package{6103b22 android}    codePath=/system/framework/framework-res.apk    resourcePath=/system/framework/framework-res.apk    legacyNativeLibraryDir=/system/lib64/framework-res    primaryCpuAbi=arm64-v8a    secondaryCpuAbi=null    versionCode=30 minSdk=30 targetSdk=30    versionName=11    splits=[base]    apkSigningVersion=3    applicationInfo=ApplicationInfo{6103b22 android}    flags=[ SYSTEM PERSISTENT ALLOW_BACKUP ]    privateFlags=[ PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION ALLOW_AUDIO_PLAYBACK_CAPTURE DEFAULT_TO_DEVICE_PROTECTED_STORAGE DIRECT_BOOT_AWARE PRIVILEGED PRIVATE_FLAG_ALLOW_NATIVE_HEAP_POINTER_TAGGING ]    forceQueryable=true    queriesPackages=[]    dataDir=/data/system    supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity]    timeStamp=2021-07-12 23:27:41    firstInstallTime=2021-07-12 23:27:41    lastUpdateTime=2021-07-12 23:27:41    signatures=PackageSignatures{539b9b3 version:3, signatures:[a0521abc], past signatures:[]}    installPermissionsFixed=true    pkgFlags=[ SYSTEM PERSISTENT ALLOW_BACKUP ]    declared permissions:      android.permission.READ_CONTACTS: prot=dangerous, INSTALLED      android.permission.WRITE_CONTACTS: prot=dangerous, INSTALLED      ........    User 0: ceDataInode=4316 installed=true hidden=false suspended=false distractionFlags=0 stopped=false notLaunched=false enabled=0 instant=false virtual=false    overlay paths:      /product/overlay/NavigationBarModeGestural/NavigationBarModeGesturalOverlay.apk      

从下面信息能够看到，签名信息：signatures:[a0521abc] ，而后在 log2.txt 文件全局搜寻“a0521abc”，能够列出所有零碎签名的利用。

结语：后续会继续更新哦，喜爱的话点赞关注一下吧。
相干视频
【Android进阶】APK的加固优化