3 messages in com.googlegroups.android-developersRe: Android Package namespace collision?| From | Sent On | Attachments |
|---|---|---|
| Foobar | 01 Dec 2007 07:36 | |
| Foobar | 01 Dec 2007 07:39 | |
| Peter Blazejewicz | 01 Dec 2007 11:50 |
| Subject: | Re: Android Package namespace collision? |
|---|---|
| From: | Peter Blazejewicz (pete...@gmail.com) |
| Date: | 12/01/2007 11:50:33 AM |
| List: | com.googlegroups.android-developers |
hi Brian,
I guess publisher information will be used, I could bet that Google apps will be signed with certificate to avoid such "collision" and let user know which one is *false* Google app (the same rule will apply probably to my and your applications), in java me that is "vendor" part of midp/jad that is validated during provisioning, what you are asking for is already requested: we need to knwo details about application management system (which takes duty of applications installation/removal/updating) on devices and applications provisioning,
regards, Peter
On Dec 1, 4:39 pm, Foobar <bria...@gmail.com> wrote:
Sorry about the poor original post title....cat jumped on the keyboard and sent before I was finished typing :)
Anyhow, originally posted on the Android general discussion forum, but didn't get any traction, so trying here....
On Dec 1, 10:37 am, Foobar <bria...@gmail.com> wrote:
Hi all,
This tidbit caught my eye when reading the Android Hello World walkthrough:
The package name you use in your application must be unique across all packages installed on the system; for this reason, it's very important to use a standard domain-style package for your applications. In the example above, we used the package domain "com.google.android"; you should use a different one appropriate to your organization.
This strikes me as a poor design decision, but maybe I'm just misunderstanding. Consider the following two situations:
1) Say Google decides to deploy some application with package com.google.foo. And malicious user X decides he doesn't like Google anymore. So along with some useful application, he also bundles in a com.google.foo package with mailicious code. How does Android respond? Which package gets loaded at runtime? Thoughts?
2) Two different application rely on different versions of the the same shared libraries, say the Axis jars, for example. What happens in this case?
If I get some time over the weekend, I'll run some tests and report back. I suspect I'm just misunderstanding something, but it doesn't cost anything to ask.
Thanks,
Brian