1,环境 事件
OS:ubuntu 9.04
eclipse:3.4.0
android API:1.5
一个app,在api 1.6的 AVD上跑没事,换到1.5的AVD上就不能安装上去了。
2,Log
console:
[2010-04-22 11:46:01 - AppStore] Installation error: INSTALL_FAILED_UPDATE_INCOMPATIBLE
[2010-04-22 11:46:01 - AppStore] Please check logcat output for more details.
[2010-04-22 11:46:01 - AppStore] Launch canceled!
DDMS.logcat:
04-22 03:45:54.835: ERROR/PackageManager(577): Package com.thunderst.android.appstore has no signatures that match those in shared user com.xxx.android.yyy; ignoring!
04-22 03:45:54.835: WARN/PackageManager(577): Package couldn't be installed in /data/app/com.xxx.android.yyy.apk
3,解决
涉及到2个关键词:signatures ,shared user
从INSTALL_FAILED_UPDATE_INCOMPATIBLE 和 signatures 判断可能是重复装载apk的问题,站内 http://xusaomaiss.iteye.com/blog/393296提了解决办法。
当然,不是这个原因。
焦点集中在shared user
后来在manifest.xml中找到
android:sharedUserId="com.xxx.android.yyy"
这么一个配置,就是它在捣乱!
在后来发现这个是android1.5R1的一个bug,已经在之后的版本中被修复了。
------
#2009-006 Android improper package verification when using shared uids
Description:
Android, an open source mobile phone platform, improperly checks developer certificates when installing packages that request the shared user identifier (uid) permission.
Normally, Android applications will be allowed to share a uid if the packages are all signed by the same developer certificate and request permission to do so at install-time. This allows for packages from the same author to share data. Without enforcement of that behavior, it is possible for any application to be installed in such a manner that it gains access to another (existing) application's data.
A patch has been made available by Android.
Affected version:
Android >= 1.5 CRB17 <= 1.5 CRB42
Fixed version:
Android >= 1.5 CRB43
(Android 1.0 and 1.1 are unaffected.)
Credit: Panasonic
CVE: CVE-2009-1754
Timeline:
2009-05-14: Panasonic reported the issue to the Android Security Team
2009-05-18: Android Security Team requested assistance from oCERT
2009-05-19: oCERT requested CVE assignment
2009-05-22: CVE assigned
2009-05-22: advisory release
References:
Patch
Permalink:
http://www.ocert.org/advisories/ocert-2009-006.html