最近，我看到一个有趣的应用程序 - 照片奇迹。 如果这个程序被卸载，它显示了一个网络调查页面，要求应用程序卸载的原因。现在，这里的问题。 据我所知，一个应用程序已被删除后，系统广播 ACTION_PAKAGE_REMOVED 意图。 但是，这个有趣的应用程序能够证明我的网页虽然官方医生说  正在安装的软件包没有收到此意图。的 总之，我能找到一个方法检查某种应用程序的状态。

Recently i've seen a funny app - Photo Wonder. When this app is uninstalled, it shows a web survey page asking for the reason of app uninstall. Now, here is the problem. As far as I know, after an app has been removed, the system broadcasts ACTION_PAKAGE_REMOVED intent. But this funny app was able to show my the web page although the official doc says "The package that is being installed does not receive this Intent." Anyhow, I could find a process checking some kind of status of the app.

现在这里是个问题。可在本机应用程序捕捉来自Android系统广播的意图是什么？ 如果可能的话，请让我知道如何！ ： - （

Now here is the question. Can the native app catch the broadcasted intent from android system? If it is possible, please let me know how! :-(

推荐答案

我相信我已经得到了他们怎么做的主要思想。这里是拼图的碎片。

I believe I've got the main idea of how they did it. Here is the pieces of the puzzle.

任何Android应用程序可以通过调用启动一个进程的Runtime.exec（）的功能。

Runtime.getRuntime().exec("chmod 755 '/data/data/my.app/files'/native_code");

在这行code被执行还有另外一个进程产生。这个过程中，相同的Linux用户为应用本身下运行。

After this line of code gets executed there is another process spawned. This process runs under the same linux user as the application itself.

当用户打开的设置 - >应用程序 - >我的应用程序的和presses的强制停机的按钮时，主要的应用程序就会被杀死，< STRONG>但是的托管过程中的本地程序（见上文）的仍然运行。我个人认为这是一个安全问题，我要举报回AOSP。

When a user opens Settings -> Apps -> My App and presses "Force stop" button, main application process gets killed, but the process hosting native program (see above) still runs. I personally believe this is a security issue and I am going to report it back to AOSP.

这样的原生程序可以运行无限，什么也不做 - 只是在睡觉。但临睡前，它注册时的过程是要由系统终止将被称为终止信号处理。

Such native program can run infinitely and do nothing - just sleeping. But before going to sleep, it registers a termination signal handler which will be called when process is about to be terminated by the system.

int main(void) {
    signal(SIGTERM, termination_handler);
    while(1) {
        sleep(10);
    }
}

void termination_handler(int sig) {
   // handle termination signal here
}

现在你应该已经知道了最后一块是吧？我的原生termination_handler应该可以启动浏览器。我没有尝试在code，但我认为这是可能的，因为我可以用做亚行外壳如下

adb shell am start -a android.intent.action.VIEW -d http://www.google.com

现在回到如何海豚浏览器做它的问题。安装应用程序，并启动它至少一次。一旦开始，它注册使用上述原理的机卸载观察者。看到它，连接到该设备，并打开亚行外壳。然后调用 PS 来查看进程列表。你会看到两个过程类似于以下

Now back to the question about how Dolphin Browser does it. Install the app and launch it at least once. Once started, it registers a native uninstall watcher using the principles described above. To see it, connect to the device and open adb shell. Then call ps to see list of processes. You will see two processes similar to following

    u0_a109   315   ... mobi.mgeek.TunnyBrowser
    u0_a109   371   ... /data/data/mobi.mgeek.TunnyBrowser/files/watch_server

正如你可以看到它启动watch_server本地程序，这是它的apk文件的一部分。海豚浏览器和preSS 强制停机现在打开应用信息页。切换回终端，并呼吁 PS 了。你会看到有没有mobi.mgeek.TunnyBrowser的过程了，但watch_server仍然运行。

As you can see it starts a watch_server native program, which is a part of its apk-file. Now open App info page of Dolphin Browser and press "Force Stop". Switch back to terminal and call ps again. You will see there is no mobi.mgeek.TunnyBrowser process anymore, but watch_server still runs.

顺便说这种做法只会工作，如果观察者服务器运行所有的时间。至   请确保它始终是，这两个应用程序需要的启动时运行的   权限，在那里开始他们的观察。

By the way this approach will only work, if watcher server runs all the time. To make sure it is always up, both apps require "run at startup" permission, where they start their watchers.

现在，当你卸载应用程序，Android的停止属于该应用程序的所有进程。观察者接收终止信号，并打开浏览器predefined URL，然后关闭。

Now, when you uninstall the app, Android stops all processes belonging to this application. Watcher receives termination signal and opens browser with predefined URL and then shuts down.

我会看在一些细节有些不同，但这个黑客背后的主要概念必须描述。

I might look a bit different in some details, but the main concept behind this hack must be as described.