Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

in-app upgrade using the APK file is not possible for Advanced Protection accounts - needs ADB for each upgrade #1671

Closed
1 of 3 tasks
R-Adrian opened this issue Dec 27, 2024 · 9 comments
Closed
1 of 3 tasks

in-app upgrade using the APK file is not possible for Advanced Protection accounts - needs ADB for each upgrade #1671

R-Adrian opened this issue Dec 27, 2024 · 9 comments
Labels
Android Bug Something isn't working Core Edge Case This refers to specific setup or rare issue or similar

Comments

@R-Adrian
Copy link

R-Adrian commented Dec 27, 2024
edited
Loading

What happened?

  • Grayjay app detects that an update is available for the main app and shows a prompt to download / install it

  • but... the Google Account used on the device is configured as an Advanced Protection account (yes, with at least 2 WebAuthn / FIDO / FIDO2 hardware security keys)

  • even if Grayjay asks for rights to install APK files and the user tries to allow it, the device is not allowing APK installs by other apps because of the Advanced Protection account policy enforcement.

  • if the current user account on the Android device is an Advanced Protection account and the first (or second?) upgrade attempt from APK fails then Grayjay should not attempt to do upgrades via APK anymore and instead should show a message to do an upgrade via ADB instead.

This is because Android devices used with Advanced Protection accounts have these additional limits enforced;
https://support.google.com/accounts/answer/9764949

When you’re enrolled in Advanced Protection, the Google Play Protect app scans your Android devices automatically.

Limited installations outside the Play Store
When you’re enrolled in Advanced Protection, harmful software sources are blocked for your Android devices. You can’t download new app installations from most sources outside the Play Store.

You’ll still be able to install Android apps from:

Google Play
Android Debug Bridge (adb)
Preinstalled Android app stores

Tip: Any non-Google Play apps you've already installed won't be removed and will still be updated

Note: i think that last line is a bit misleading... non-Google Play apps "will still be updated" (???) but updating them is not possible directly from APK installers. I have to use ADB for Grayjay APK app updates.

Grayjay Version

268

What plugins are you seeing the problem on?

not applicable

When do you experience the issue?

  • While logged in
  • While logged out
  • N/A

Are you using a VPN?

No

Relevant log output

Device: Pixel 7a,
OS: Android 15, December 2024 update (latest currently available)
@R-Adrian R-Adrian added the Bug Something isn't working label Dec 27, 2024
@VoxelPrismatic
Copy link

VoxelPrismatic commented Dec 28, 2024
edited
Loading

possible fix with shizuku integration, which is basically a server where apps can call adb on your behalf

https://shizuku.rikka.app/

@R-Adrian
Copy link
Author

R-Adrian commented Dec 28, 2024
edited
Loading

would that work on stock Google Android 15 (or -insert latest monthly Pixel stock ROM update here-) with Advanced Protection accounts or does it need a custom ROM?

Also.. the latest release info from Shizuku (currently v13.5.4 from March 10th, 2024) only mentions Android 14 beta 2 as latest working OS, not 15.
It might probably work on 15 but looking at the code commits since then, they only touched some translation strings. Also, their list of issues is currently full of spam, as if nobody was in charge of the project anymore.
https://github.com/RikkaApps/Shizuku/releases

@VoxelPrismatic
Copy link

Not much needs to be changed. It connects to a wireless debugging port that you open, and asks for the 6-digit code generated. From there, it connects to ADB, and starts a small server so any app can make a request to ADB via Shizuku.

@Zvonimir-FUTO Zvonimir-FUTO added Edge Case This refers to specific setup or rare issue or similar Core Android labels Jan 14, 2025
@kaidelorenzo
Copy link
Member

What is the UI that appears for you? like what happens when Grayjay tries to ask for permission to install apps? I'm trying to figure out if there is an easy way to detect that the user is not capable of enabling that permission.

@VoxelPrismatic
Copy link

@kaidelorenzo according to this thread
BIldDjJ.png

@VoxelPrismatic
Copy link

I don't think there is a way to detect the Advanced Protection, but if I recall correctly, the APK install does return an error. If an error is returned, then you can show a prompt asking if the user wants to fall back to Shizuku.

Ideally, Shizuku would be the primary install method, and it uses the built-in package manager as a fallback. Then, if an error occurs with the package manager, there can be a popup prompting the user to install Shizuku.

@kaidelorenzo
Copy link
Member

a screenshot of the error message in Grayjay would also be helpful

@VoxelPrismatic
Copy link

It should be no different from hitting "cancel" normally, but @R-Adrian would know better.

@R-Adrian
Copy link
Author

i have re-tested the issue and attempted to obtain screenshots ... but it seems this issue is no longer applicable, it seems Google has fixed the error (if it was an error) that prevented updating non-Google apps.

TL;DR version = this issue probably needs to be closed, seems it was fixed by Google. (ROFL)

Test 1:
on my Pixel 7a with the january 2025 update of Android 15 i have downgraded Grayjay to release version 268 and then tried to reproduce the error by re-upgrading in-app to the current release 278...
... and to my amazement... the upgrade worked this time - Grayjay managed to update itself.

(well it was not exactly a proper downgrade because i was getting the dreaded failure message:
adb: failed to install grayjay-app-arm64-v8a-release-268.apk: Failure [INSTALL_FAILED_VERSION_DOWNGRADE: Downgrade detected: Update version code 268 is older than current 278]
...so i backed up the app settings, uninstalled it, installed the older 268 release via adb and then started the app and let it do the self-upgrade. I restored the backed up settings after the upgrade was finished)

Test 2:
Then i took an older phone, running Android 11 from 2023 - but with the November 2024 Google Play system update applied and tried the same steps (that phone is registered with an Advanced Protection Google Account too)
--installed version 268 of Grayjay via adb
--enabled settings to allow Grayjay the installation of unknown apps
--started Grayjay and let it update itself to version 278
--and the self-upgrade worked on this version too.

i think that the November 2024 Google Play system update is probably the common key here that allows in-app self-upgrades even on Advanced Protection accounts - when i had opened the issue i don't think that the November 2024 play system update was installed yet.

Also, i think the error will keep showing with F-Droid because that screenshot above seems to be for a fresh installation, not an update to an already-installed one. This is still blocked by Advanced Protection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Android Bug Something isn't working Core Edge Case This refers to specific setup or rare issue or similar
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@R-Adrian @kaidelorenzo @VoxelPrismatic @Zvonimir-FUTO