Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

Please do not post bug reports, missing feature requests, or demo inquiries. If you have such an inquiry, submit a contact form.

0 votes

Hi! First of all, thank you for your great project! It works great but we encountered one issue which currently blocks us in further development.

Me and my team developed our own android launcher (device has no other launchers) and we used headwind open source solution to introduce automatic updates for it. The thing is when we marked our launcher as system app, signed it with device manufacturer key and pushed into priv-apps folder manually the update does not work anymore. Once I add new version of the apk into hmdm web panel our launcher properly detects that new version exists, downloads it but once installation starts I got:

Install failed: INVALID, extra: INSTALL_FAILED_INVALID_APK: Package com.marvelousLauncher is a persistent app. Persistent apps are not updateable.

It was working perfectly before our launcher became a system app. What should we do now when we set it as a system app? How to allow the update?

by (120 points)

1 Answer

0 votes
You made your app persistent (let me say, hardcoded in the ROM), so Headwind MDM cannot update it.

To make your app updateable but using system permissions, do not store it in the priv-app subdirectory of the ROM.

To grant system permissions to your app, sign it with device manufacturer keys, declare system permissions, add the property android:sharedUserId="android.uid.system" to AndroidManifest.xml.

But instead of preinstalling it in the priv-app ROM subdirectory, let Headwind MDM install the APK. This should keep system permissions but makes your app non-persistent.
by (35.6k points)
Okay, I got your idea. Although the problem is this is not some app, it is our default and the only launcher which resides in our device. So it has to be hardcoded in the ROM, thus the first installation cannot be done by Headwind MDM. The goal is that our launcher should be 100% secure and that users won't be able to unistall it because it controls the whole device and thanks to it we can manage devices remotly. Also, we need all system app privilages. Is there a way to achieve what I described with HMDM? Morover, what do you mean by "declare system pemissions"? Basically, we need our launcher to has all system app privilages (no permission popups e.g., access to device mac address and so on...)
By declaring system permissions, I mean specifying in AndroidManifest special permissions which are available to system apps only, for example, READ_PRIVILEGED_PHONE_STATE. I doubt that there's a way to update a persistent app. Probably using a "system" variant of Headwind MDM (available in the Enterprise package) would work. Please contact technical support for requesting a free trial: https://h-mdm.com/contact-us/