Modifying installed APKs on an android device

Question

I'm experimenting with Android and I want to know if the following is possible: can I modify/patch an installed APP using another APP?

I know it's possible with root access, but I was wondering about non-rooted phones. The only solution that comes to mind is the following:

-Create copy of original APK from data/app/ folder -Patch/rebuild it -Launch installation of the patched APK

The user would need to confirm the installation, but in theory it would work right? Any other tecniques that I haven't thought of?

In case you're wondering, I'm interested in injecting different strings and other resources into existing apps to provide translations or other modifications (ex: cheats in games), without changing the source of original apps.

Answer 1

You are right, you can do this on a device. Smali/Baksmali can be used on Android, also the apktool should be callable (I have only tried smali).

A year ago or so I have tried to use smali on a device and autopatch the source output. There was some information on the net (which I'm currently unable to find, sorry) but it was very limited, at least someone showed how to use smali/baksmali correctly. I have abandoned this approach because I'm not that good at java and the resources on a phone are rather limited.

Another approach I thought of was to offload the actual work to a server somewhere in the net. But this has its very own problem as you need to transfer the files, you may need the framework.apks, and so on.

This is interesting but hard stuff, you need to decode/parse/patch/rebuild apks and this has to be reliable. When you fail, the worst thing is that the users phone is broken (I wanted to modify critical system apks, bad idea ;)).

Answer 2

Better if the reinstall is seamless and for that you need: INSTALL_PACKAGES permission.

Now, INSTALL_PACKAGES android:protectionLevel is "signatureOrSystem" which means the app needs to be signed with the same certificate that was used to sign the system image.

Now to sign one's app with the same certificate as the one used to sign the system image might seem like a difficult if not impossible task since vendors may not be to willing to let other's use their certificate. Then again, some might want your app included in their system image. In any case it doesn't matter per sey since it's Android and Android has a ROM market.

Android ROMS are more and more synonymous with the general 'workings' or 'features' of Android. It is something that Android users come to expect. There are ROM manager apps available on the Android market that will list and install ROMs etc..

So in essense for an app to gain the INSTALL_PACKAGES permission one can make their own ROM, OR, work with the people who make ROMS and either have the app included with the ROM or use the certificate used to sign the ROM's system image to sign the app.

Again it is entirely possible that a vendor include the app in their "firmware" (system image). You would have to approach them.

:)

Answer 3

if both are your app use . content provider to share data between apps.and if other app is from another developer then you simply can't modify the app.