Fix broken feature: bundling .APK with app and installing it is now broken with upgrade of Android security

JopSchaap / trustchain-superapp

Kotlin implementation of Trustchain and IPv8 with rich networking: multihoming of local Bluetooth+4G, decentral social networking, UDP hole punching, etc.

GNU General Public License v3.0

0 stars 0 forks source link

Fix broken feature: bundling .APK with app and installing it is now broken with upgrade of Android security #3

Closed JopSchaap closed 8 months ago

JopSchaap commented 8 months ago

Some extra information:

android team on dynamic code loading
android team on changes on dynamic code loading for java version 14
- I think this is the change that breaks the feature.

JopSchaap commented 8 months ago

@pbhaskaran and I were able to fix the bug, when the user downloads the apk whilst using the plus, so from an Https site. The solution was in making the apk file read only after creating the output stream. see this commit on how we did this. A similar solution should probably also exist for torrented APKs. However, we could not really find the location in the code were the APK were written in this case.

As as a temporary work around (or permanent if the writing of APK happens in the ipv8 sub-module) would be to copy the file to a read only file

JopSchaap commented 8 months ago

The app right now sets all files to be read only in the cache dir. When relaunching the app we get an error since the wallet.db.lck file also is read only and we try to recreate this file on app launch. I think the populateKnownTorrents needs to include a check that the file is actually one of the downloaded apks.