How to show an Activity BEFORE my app is uninstalled (Android) [duplicate]

Asked 18/4, 2012 at 23:1 Answered 30/7, 2015 at 1:3

Solved android android-activity uninstallation

I though it was not possible but I noticed that NQ Mobile Security is able to show a message after I click on Uninstall and before the PackageUninstaller is called. I would like to replicate this behavior in my App.

I tried with an Activity listening to "android.intent.action.DELETE" Intent, as suggested here: How to know my app is uninstalled from the device...?

But as I'm about to uninstall my app, the chooser pops up asking to pick my application or the package uninstaller. How can I avoid this?

Is there a different way to intercept your application UNINSTALL event? (before answering that it is not possible, please try to uninstall NQ Mobile Security and see what happens. On my Android 2.3.4 it shows a nice screen saying that is not safe to go without a security app).

Sew answered 18/4, 2012 at 23:1 Comment(6)

Is your device rooted or is it just a stock/unmodified retail device? – Sommelier 15/6, 2012 at 18:46

By the way, what is the message that is shown when you click on uninstall for "NQ Mobile Security"? Does it have anything to do with "device policy" or "device admin"? – Sommelier 15/6, 2012 at 18:52

@Sommelier No not rooted. It is unmodified retail device. I have edited the question and added the images, how it uninstalls, can you accept the edits? – Oasis 15/6, 2012 at 19:2

Looks like I'm not able to accept the edits. The owner/original poster might have to do this... – Sommelier 15/6, 2012 at 19:5

You can see the uninstall image i.imgur.com/jJYRq.png, i.imgur.com/dTOT5.png and i.imgur.com/vPL2W.png – Oasis 15/6, 2012 at 19:50

Submitted a feature request to Android code.google.com/p/android/issues/… – Oasis 20/6, 2012 at 9:58

I noticed that NQ Mobile Security is able to show a message after I click on Uninstall and before the PackageUninstaller is called

They must be exploiting some security flaw in Android. I will research it and see if I can get it fixed. Apps are not supposed to get control at uninstall time.

Thanks for pointing this out!

Is there a different way to intercept your application UNINSTALL event?

I sure hope not.

Richel answered 18/4, 2012 at 23:7 Comment(12)

What are the concerns/security threat if an application launch a Activity or an IntentService while uninstalling? – Oasis 15/6, 2012 at 17:50

@darkcrow For one thing, the activity can simply re-install the app after it has been deleted. A malicious app, of course, would most likely do this without alerting the user that anything is going on. – Duarte 17/6, 2012 at 1:53

@TedHopp Most politely, a legitimate app will never do that and a app with malicious intention can do lot of other harms. But totally blocking such a feature can be very harmful some legitimate apps looking for a rich user experience. – Oasis 17/6, 2012 at 7:21

@TedHopp I have updated the question here #11063280 with more information, have a look. – Oasis 17/6, 2012 at 20:4

I have submitted a feature request to Android code.google.com/p/android/issues/… – Oasis 20/6, 2012 at 9:58

@Richel Is there progress in your research? – Pack 28/6, 2012 at 5:21

@AlexanderMironov: Yes. If you prove to me that you are a Google employee working on the Android project, I will be happy to supply you with details. I have already submitted those details to the Android Security team. – Richel 28/6, 2012 at 10:31

@Richel No, I'm not Google employee and I don't need details on this issue. I just want Android to be safer – Pack 29/6, 2012 at 17:43

@Richel Do you know where I can find a doc telling that is ilegal do search for the users who uninstalled my app? A customer is asking me and I need some kind of proof to show to him that this is ilegal. – Bennybenoit 2/9, 2014 at 18:31

There is a bit of magic in the whole process, see my answer, but i'm not sure if it's a security flaw. – Encumber 9/11, 2014 at 15:46

This isn't really even an answer; it seems more like a comment. And not only that, you're actually trying to make it harder for people to do this! And I don't see how preventing this is any more secure since apps can still run malicious code at various other points in time. It's annoying for users when they have to use a dedicated uninstall section in your app. – Elevate 30/3, 2015 at 8:40

@Richel If it isnt possible then how Firebase Analytics provides app_remove events automatically? – Branching 28/7, 2016 at 11:52

Opera Max is an app that does something similar - after being uninstalled opens a webpage.

How do they do this?

By using libevent, from native code, they watch /data/data/com.opera.max directory to be removed and then post good old action.VIEW broadcast when it happens.

Install their app, run it, and on rooted device from adb shell remove /data/data/com.opera.max directory

UPDATE: I created a sample app that shows how it works. BTW it doesn't work with recent (KitKat+ I think) Android versions: https://github.com/pelotasplus/ActionAfterUninstall

Encumber answered 9/11, 2014 at 15:44 Comment(3)

Hi, is it works on android 5? I can not make it work. – Scupper 9/12, 2015 at 14:12

no, it doesn't. see UPDATE at the end of my answer. it was just a hack. – Encumber 9/12, 2015 at 14:13

And no way to achieve this? I searched for two days, but didn't find answer. – Scupper 9/12, 2015 at 14:26

I'm pretty sure that they are monitoring the LogCat to intercept when the Activity Manager calls the PackageUninstaller. I think they kill the task and start their own Activity. It's pretty clever but it's definitely exploiting a security hole in Android.

Sew answered 20/6, 2012 at 19:56 Comment(1)

I can understand the threat potential for this. I have added a feature request here code.google.com/p/android/issues/… – Oasis 21/6, 2012 at 17:50

They are likely asking for a very critical permission that the user is granting them unknowingly. Look at the "Permissions" tab for this app (as of 6/15/2012): https://play.google.com/store/apps/details?id=com.nqmobile.antivirus20&hl=en.

The list of permissions this app gets is downright chilling. Among other things:

SYSTEM TOOLS RETRIEVE RUNNING APPS Allows the app to retrieve information about currently and recently running tasks. Malicious apps may discover private information about other apps.

CHANGE/INTERCEPT NETWORK SETTINGS AND TRAFFIC Allows the app to change network settings and to intercept and inspect all network traffic, for example to change the proxy and port of any APN. Malicious apps may monitor, redirect, or modify network packets without your knowledge.

PREVENT TABLET FROM SLEEPING PREVENT PHONE FROM SLEEPING Allows the app to prevent the tablet from going to sleep. Allows the app to prevent the phone from going to sleep.

CHANGE YOUR UI SETTINGS Allows the app to change the current configuration, such as the locale or overall font size. MODIFY GLOBAL SYSTEM SETTINGS Allows the app to modify the system's settings data. Malicious apps may corrupt your system's configuration.

DISPLAY SYSTEM-LEVEL ALERTS Allows the app to show system alert windows. Malicious apps may take over the entire screen.

MOUNT AND UNMOUNT FILESYSTEMS Allows the app to mount and unmount filesystems for removable storage.

CHANGE NETWORK CONNECTIVITY Allows the app to change the state of network connectivity.

CHANGE WI-FI STATE Allows the app to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks.

-- Update --

I also found that the Android Package Manager pretty much just deletes a package if it is asked to do so. The only check it performs prior to doing so is whether the package being deleted is currently registered as having an active device admin:

    try {
        if (dpm != null && dpm.packageHasActiveAdmins(packageName)) {
            Slog.w(TAG, "Not removing package " + packageName + ": has active device admin");
            return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER;
        }
    } catch (RemoteException e) {
    }

See line 6900 in PackageManagerService in the AOSP source here.

For this, the application must be explicitly registered as a device admin by the user. See notes on device administration here: http://developer.android.com/training/enterprise/device-management-policy.html.

Sommelier answered 15/6, 2012 at 18:38 Comment(5)

ok, you have given a great pointer to work on, Can user give permission to run an Activity while application is uninstalled? – Oasis 15/6, 2012 at 18:45

See my update above. I think if you register your app as a "device admin" then there is something here you can do. Otherwise it appears not (i.e. the OS has no such provision as far as I can tell) – Sommelier 15/6, 2012 at 19:1

Permission required for Device Administration is "android.permission.BIND_DEVICE_ADMIN. Does not look like application is asking for it? – Oasis 15/6, 2012 at 20:51

I have registered my application as the device administrator ... how can i use your above update to call an activity before uninstallation the application ?? – Lampblack 16/6, 2012 at 9:24

I have started a new question on the same topic, have a look #11063280 – Oasis 16/6, 2012 at 20:20

As per https://mcmap.net/q/89477/-how-to-show-an-activity-before-my-app-is-uninstalled-android-duplicate, here is some example code that does it: https://github.com/zzljob/android-uninstall-feedback/blob/master/library/jni/feedback-uninstall.c. This won't actually stop the uninstall from taking place, but does provide a way to catch it and take some action. I'm honestly surprised that this works in Android and the team may have plugged the gap in recent releases.

Loar answered 30/7, 2015 at 1:3 Comment(0)

Recommended topics

Hot tags