Question about the "Install Available Apps" feature for user profiles

bayesian

matchboxbananasynergy Furthermore, if you update an app in any profile, it will get updated in all profiles.

This is not clear, thanks for the clarification! I was worried about this.

wonder75

matchboxbananasynergy Furthermore, if you update an app in any profile, it will get updated in all profiles.

How does this work? I thought the profiles are completely seperated from eachother. Do they still share diskspace somehow?

matchboxbananasynergy

wonder75 Profiles are separate in the sense that they have separate app data, and in the sense where apps in one profile can't communicate with apps on another profile.

That said, the OS knows about all profiles, and which apps you have installed, I'm afraid that I'm not technically adept enough to fully explain how it works, but the bottom line is this: apps are updated across profiles, you can't install an older version if you have a newer version of an app in any profile, and you can't install an app with same same app ID but a different signature across profiles either.

ReadOnlyUser

Are there currently any known problems with this feature? Couldn't find something in the issue tracker nor in the forum.
I used it successfully once when it was released. A couple of days ago I tried it again but the list of available apps is just empty.
Both current and previous release for P7 seem to be affected.

matchboxbananasynergy

ReadOnlyUser Keep in mind that it only enumerates apps you have installed in the owner profile, not others.

Pixel 6 here, can see the list fine.

Edit: I also consulted various people in the Matrix community with Pixel 7 and 7 Pros just in case it was model specific, they could all see their apps.

ReadOnlyUser

Thanks for clarification, wasn't aware that it's restricted to the owner's apps. Was it like this all the time? My owner profile is empty but I'm sure I used it anyways.
The global app settings menu shows all apps in owner profile.

Would be great to have one secondary profile to collect whatever app is needed and share these apps on demand from the owner profile to other secondary profiles. These profiles would not need app installation permission.

rustybird

ReadOnlyUser Thanks for clarification, wasn't aware that it's restricted to the owner's apps. Was it like this all the time? My owner profile is empty but I'm sure I used it anyways.

There was one release (2023012500) without the restriction:

extend the install available apps feature (allows Owner user to install apps in other users) to apps only installed in secondary profiles

But since the following release (2023020200) the GUI has been restricted again:

drop our extension to the install available apps feature (which is still available, without this extension) making it work for apps not installed in Owner since this is risky in a situation where there are actually separate people using secondary users and while we want to provide this feature, we'd need to come up with a way to address this to add it back

ReadOnlyUser Would be great to have one secondary profile to collect whatever app is needed and share these apps on demand from the owner profile to other secondary profiles.

It's still possible with ADB: adb shell pm list users to get the numerical ID of the user for which to install the app, then adb shell pm install-existing --user ID com.example.app

ReadOnlyUser

rustybird
Thanks a lot for your detailed explanation!

dazinism

Its also possible (and safer) not to use adb. Use some app to extract the apk and plug in usb storage to transfer it between profiles. Or just download the app/apk again in the other user profile.

By connecting a PC to the phone via adb you give the PC highly elevated privileges over the phone and for the sake of the phones security its best avoided if at all possible.

rustybird

dazinism Its also possible (and safer) not to use adb. Use some app to extract the apk and plug in usb storage to transfer it between profiles.

That method is not all roses either though: Unless one is diligent about checking that the app ID turned out to be the same in the destination profile after installation, the extractor app or the file transfer mechanism could have tampered with the .apk

But, fair enough. I was kind of unconsciously assuming that of course nobody would even consider hooking up the phone through ADB unless at least it's in a Qubes OS disposable sys-usb VM :)

To complete an unholy trinity of flawed methods (until the GUI can somehow push an app from one secondary profile to another again), I guess it would also be possible to run the pm commands on the phone through Shizuku.

dazinism

Unless one is diligent about checking that the app ID turned out to be the same in the destination profile after installation, the extractor app or the file transfer mechanism could have tampered with the .apk

Can do a quick & simple check in the owner user profile as Settings > Apps lists all apps installed on all users on the device. As you point out a malicious altered app, installed on the same device as the legitimate app, would need to have a different app id. So you would see the same app listed twice when searching the app list. At the bottom of their app info page you would see different package names (something like - com.company.appname)

Its also possible to check the apk signature fingerprint which is unique and is what the system uses to ensure that app updates can only come from the same source as the installed app.
Theres a decent database of fingerprints at https://beta.pithus.org/

Can check the signature fingerprint of apks and installed apps using something like https://github.com/xgouchet/Stanley (they call them signing certificates)

Can get fingerprints from apks using apksigner verify -verbose --print-certs name_of_the.apk from a terminal

Shizuku also requires granting access to the android debugging interface (adb) which always opens up a significant security hole and is still best avoided if at all possible. Developer options are meant for development purposes and can seriously effect the security of the device and/or break unexpected things. e.g. there has been a serious bug in the past that only hit people who had played about with the display cutout setting in developer options