Disallow downgrading of non-debuggable packages.

An attacker could downgrade a package to an older version with known
security vulnerabilities and then use some of the vulnerabilities to
access the application's data. This would constitute a bypass of
Android Application Sandbox. Thus, downgrading while keeping
application data is no longer permitted.

To help developers debug their apps, packages marked as debuggable can
still be downgraded while keeping their data. This does not put the
installed base at risk because, as a security measure, most
application stores reject packages marked as debuggable.

To downgrade a non-debuggable (i.e., release) package, uninstall the
package (thus wiping its data), then install the older version of the

Bug: 27327503
Change-Id: Iac75ed3c3831b5d925dfd8b660527cfa95813da8
2 files changed