How does AppBrain's installation app work?

2019-02-01 15:19发布

问题:

AppBrain has a fantastic new app that lets you automatically install applications on your phone using your web browser. Similar to the Chrome push. In their case, they are using it to let you install apps without a prompt directly on the phone. Engadget has a good video demonstrating their system.

http://lifehacker.com/5582169/appbrain-upgrade-installs-android-apps-instantly-from-the-web

My question is: What mechanism are they using to avoid asking for a prompt on the phone and to do the installation directly?

The reason I'm asking is that have a couple hundred android phones that run some custom software, the users have to manually update the software by clicking through the install process. And ideally I'd prefer to be able to do push updates without having to prompt people (in exchange for a free phone+service you have to run the software, so 'you shouldn't do that' doesn't invalidate the question of how do you do that). The biggest problems are that if you're doing rapid development/testing it's a pain to get everyone up to the right versions and it's hassle for people.

What AppBrian does sounds like a perfect fix to this problem, but how does it work? The only permission the AppBrain fast installer asks for is access to your accounts and network access. Now, there was the interesting development about Jon Oberheide's REMOVE_ASSET and INSTALL_ASSET which he says uses the GTalk service to imitate prompt-less installs. The interesting this is that AppBrian's FastWeb installer works on a 2.01 Droid but does not work on a 2.2 Nexus One (maybe one of the last round of Froyo updates disables AppBrain's access to the INSTALL_ASSET intent). http://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/

Can anyone shed any light on this? I know auto update is coming for the Market but I'm not sure if this would be a usable workaround. I'm fine with saying 'you need to click to install this once', but having hundreds of people waste their time clicking 'ok' is a waste.

I personally think that this is something Google should support for Enterprise users in the future with the Device Administrator features. If I went with Android and could easily stage and keep people up to date with apps it wold be pretty useful.

回答1:

So I think I have a reasonably good idea on how app brain is able to work its magic. I have found a couple of links you might find interesting and then you can always refer to the discussion on this other question.

Link 1: Here is a link on how the first app that was built by a researcher shows how a person with malicious intent can easily use two commands that google has put in for "our" convenience for silent install and uninstall...!!

Link 2:Here is how the exploit works and you could use it...