[C-0-3] MUST NOT extend either the .apk, Android Manifest, Dalvik bytecode, or RenderScript bytecode formats in such a way that would prevent those files from installing and running correctly on other compatible devices.
[C-0-4] MUST NOT allow apps other than the current “installer of record” for the package to silently uninstall the app without any user confirmation, as documented in the SDK for the
DELETE_PACKAGE permission. The only exceptions are the system package verifier app handling PACKAGE_NEEDS_VERIFICATION intent and the storage manager app handling ACTION_MANAGE_STORAGE intent.
[C-0-5] MUST have an activity that handles the
[C-0-6] MUST NOT install application packages from unknown sources, unless the app that requests the installation meets all the following requirements:
It MUST declare the
REQUEST_INSTALL_PACKAGES permission or have the
android:targetSdkVersion set at 24 or lower.
It MUST have been granted permission by the user to install apps from unknown sources.
SHOULD provide a user affordance to grant/revoke the permission to install apps from unknown sources per application, but MAY choose to implement this as a no-op and return
startActivityForResult(), if the device implementation does not want to allow users to have this choice. However, even in such cases, they SHOULD indicate to the user why there is no such choice presented.
[C-0-7] MUST display a warning dialog with the warning string that is provided through the system API
PackageManager.setHarmfulAppWarning to the user before launching an activity in an application that has been marked by the same system API
PackageManager.setHarmfulAppWarning as potentially harmful.
SHOULD provide a user affordance to choose to uninstall or launch an application on the warning dialog.