Android INSTALL_PACKAGES Permission and Non-PlayStore Apps

Question

I'm preparing my app for the play store and plan to deliver one component as separate install package (since my customer can't recover the source code, but the app is signed with his key). I thought about two ways of doing that. My needs are just these: Users with "unknown sources" deactivated should be able to install the 2nd app. And: The user should never be redirected to Google Play store.

Both apps are free.

1. I've looked up for solutions that would let me download an additional APK from Google Play and simply present the user an installation screen to acceppt the installation. I would like a solution, where I sent an intent to the PlayStore app and it displayed the app name, permissions and the install button. I've found nothing. Anyone any experience here?

2. I thought I could package this additional app into the assets of my enclosing app. I'd need to write it to the file system and send the system an intent to install the package. Problem: The App was not loaded from Google play and with that it's source is unknown. If I used the PackageManager and let it install the APK, does the permission INSTALL_PACKAGES allow my app installing this 2nd app on a user's device (since the user already accepted that my app may install packages)?

I hope someone may help. And thank you in advance.

Answer 1

My needs are just these: Users with "unknown sources" deactivated should be able to install the 2nd app. And: The user should never be redirected to Google Play store.

This combination is impossible, barring a major security flaw in Android and/or the Play Store. The only way to install apps through the Play Store is via the Play Store app.

I would like a solution, where I sent an intent to the PlayStore app and it displayed the app name, permissions and the install button.

That activity is not exported. You are welcome to use a market:// Uri to lead the user to the Play Store, where they can review this second app and decide, for themselves, whether or not to download and install it.

since the user already accepted that my app may install packages

Your app cannot install packages directly, unless it is signed with the firmware signing key or is installed on the system partition (e.g., by a rooted device user), as that is the only way that you can hold the INSTALL_PACKAGES permission. Ordinary SDK apps are welcome to create an ACTION_VIEW or ACTION_INSTALL_PACKAGE Intent to request that the app be installed, but the user will need "unknown sources" enabled.