# 4\. Application Packaging Compatibility

Devices implementations:

*    [C-0-1] MUST be capable of installing and running Android “.apk” files as
generated by the “aapt” tool included in the
[official Android SDK](
http://developer.android.com/tools/help/index.html).
   *   As the above requirement may be challenging, device implementations are
   RECOMMENDED to use the AOSP reference implementation's package management
   systemDevice implementations.
*    [C-0-2] MUST support verifying “.apk” files using the
[APK Signature Scheme v2](https://source.android.com/security/apksigning/v2.html)
and [JAR signing](
https://source.android.com/security/apksigning/v2.html#v1-verification).
*    [C-0-3] MUST NOT extend either the
[.apk](http://developer.android.com/guide/components/fundamentals.html),
[Android Manifest](
http://developer.android.com/guide/topics/manifest/manifest-intro.html),
[Dalvik bytecode](https://android.googlesource.com/platform/dalvik/), or
RenderScript bytecode formats in such a way that would prevent those files from
installing and running correctly on other compatible devices.
*    [C-0-4] MUST NOT allow apps other than the current
"installer of record" for the package to silently uninstall the app without any
prompt, as documented in the SDK for the [`DELETE_PACKAGE`](
https://developer.android.com/reference/android/Manifest.permission.html#DELETE_PACKAGES)
permission. The only exceptions are the system package verifier app handling
[PACKAGE_NEEDS_VERIFICATION](
https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_NEEDS_VERIFICATION)
intent and the storage manager app handling [ACTION_MANAGE_STORAGE](
https://developer.android.com/reference/android/os/storage/StorageManager.html#ACTION_MANAGE_STORAGE)
intent.

*    [C-0-5] MUST have an activity that handles the
[`android.settings.MANAGE_UNKNOWN_APP_SOURCES`](http://developer.android.com/reference/android/provider/Settings.html#ACTION_MANAGE_UNKNOWN_APP_SOURCES)
intent.

*    [C-0-6] MUST NOT install application packages from unknown
sources, unless the app that [requests the installation](https://developer.android.com/reference/android/content/Intent.html#ACTION_INSTALL_PACKAGE)
meets all the following requirements:

    *   It MUST declare the [`REQUEST_INSTALL_PACKAGES`](http://developer.android.com/reference/android/Manifest.permission.html#REQUEST_INSTALL_PACKAGES)
    permission or have the `android:targetSdkVersion` set at 24 or lower.
    *   It MUST have been granted permission by the user to install apps from
    unknown sources.

*    SHOULD provide a user affordance to grant/revoke the permission to
install apps from unknown sources per application, but MAY choose to implement
this as a no-op and return `RESULT_CANCELED` for
[`startActivityForResult()`](http://developer.android.com/reference/android/app/Activity.html#startActivityForResult%28android.content.Intent,
int%29),
if the device implementation does not want to allow users to have this choice.
However, even in such cases, they SHOULD indicate to the user why there is no
such
choice presented.