Add non-messenger apps to Samsung Dual Messenger?

Search This thread
By:
Advanced…
S

soraxd

Senior Member
Jun 23, 2010
1,414
750
cleveland
So the creation of parallel workspaces is blocked in the Security Policy of 8.0, preventing multiple copies of the same app. However, Samsung's Dual Messenger still successfully copies apps it sees as messenger apps, and allows them to run just fine. So what exactly determines what Samsung is willing to let appear here as "Messenger app", so that I can manually add the non-messenger apps I need multiple instances of.
Thanks
 
M

Moe100021

Member
Dec 5, 2012
17
6
I don't know how Samsung determines their "dual app" policy. But you can use the "Secure Folder" to create another copy of any app you would like, the only problem is that it is secure and you have to use fingerprint/password every time you access the app. That's the only inconvenience.
 
S

soraxd

Senior Member
Jun 23, 2010
1,414
750
cleveland
Moe100021 said:
I don't know how Samsung determines their "dual app" policy. But you can use the "Secure Folder" to create another copy of any app you would like, the only problem is that it is secure and you have to use fingerprint/password every time you access the app. That's the only inconvenience.
Click to expand...
Click to collapse
thanks for the feedback, unfortunately secure folder is the first thing to go when you unlock your phone =/
 
V

VincentThacker

Member
May 10, 2015
28
34
I've found a method that requires ADB. NO ROOT NEEDED.
Step 1: Enable Dual Messenger for an existing app (e.g. WhatsApp).
Step 2: Enable USB Debugging and connect your device to your computer.
Step 3: Open command prompt in your adb folder.
Step 4: Type
Code: 
adb shell
Step 5: Type
Code: 
pm list users
Step 6: In the resulting list, find the user named "DUAL_APP" and get its number. For example, the number is 95 on my device:
Code: 
UserInfo{95:DUAL_APP:20000030} running
Step 7: Type
Code: 
exit
Step 8: Copy your desired apk file to your adb folder.
Step 9: Type
Code: 
adb install --user 95 desired_app.apk
Remember to replace "95" with whatever number you saw in Step 6.

Wait for the process to finish. A SUCCESS message should be displayed.

The app of your choice will now be installed in Dual Messenger.
 
Last edited:
  • Like
Reactions: passionicon, david007co, ToneToneLoc and 11 others
A

akuakus

Member
Sep 12, 2014
6
0
@100055
I tried and not successful
Mine has 3 users though. So i use 95 and installed as instructed. But app cannot be found :(
any idea? here is my list of users.

Users:
UserInfo{0:Artee:13} running
UserInfo{95:DUAL_APP:20000030} running
UserInfo{150:david si:51020030} running
crownlte:/ $ exit
 
K

kullanici32

Senior Member
Dec 24, 2019
192
65
İstanbul
Samsung Galaxy Star
Samsung Galaxy S7 Edge
akuakus said:
@100055
I tried and not successful
Mine has 3 users though. So i use 95 and installed as instructed. But app cannot be found :(
any idea? here is my list of users.

Users:
UserInfo{0:Artee:13} running
UserInfo{95:DUAL_APP:20000030} running
UserInfo{150:david si:51020030} running
crownlte:/ $ exit
Click to expand...
Click to collapse
I did as I said today, but it didn't work (google translate used)
edit:
I tried again now and the second app appeared in the app drawer. very thanks :)
 
Last edited:
vash_h

vash_h

Senior Member
Apr 24, 2006
1,307
248
Petaling Jaya
www.haroldchia.com
Samsung Galaxy S7 Edge
Samsung Galaxy Note 8 (2017 Phone)
this is awesome.. i tried this method to push pokemon go there, it appears in app drawer, but it kept seeking for location permission.
i checked, location permission is granted.. but it still prompts me for it.

checked with wechat, another app i have installed on dual messenger, it is able to use location services without a problem.

any idea how to fix this? if i can fix this, i can launch 2 pokemon go in split view at a push of a button (app pairs).

For now, i am using pokemon go from secure folder and normal installation.. and manually switching it to split view. will be awesome to have it under dual messenger and i can launch both apps at the same time, with split view.
 
  • Like
Reactions: soraxd
jimbo77

jimbo77

Inactive Recognized Contributor
Nov 2, 2010
2,191
2,948
Guatemala
Samsung Galaxy S23 Ultra
vash_h said:
this is awesome.. i tried this method to push pokemon go there, it appears in app drawer, but it kept seeking for location permission.
i checked, location permission is granted.. but it still prompts me for it.

checked with wechat, another app i have installed on dual messenger, it is able to use location services without a problem.

any idea how to fix this? if i can fix this, i can launch 2 pokemon go in split view at a push of a button (app pairs).

For now, i am using pokemon go from secure folder and normal installation.. and manually switching it to split view. will be awesome to have it under dual messenger and i can launch both apps at the same time, with split view.
Click to expand...
Click to collapse

You can install pokemon go from the Galaxy Store, both apps (gplay and galaxy store) have different package names so you can run both instances at the same time :)
 
D

DevanirNF

Member
Aug 28, 2011
41
18
Thank you very much. I've been using Island to do this but I really prefer the system built in option.
 
vash_h

vash_h

Senior Member
Apr 24, 2006
1,307
248
Petaling Jaya
www.haroldchia.com
Samsung Galaxy S7 Edge
Samsung Galaxy Note 8 (2017 Phone)
jimbo77 said:
You can install pokemon go from the Galaxy Store, both apps (gplay and galaxy store) have different package names so you can run both instances at the same time :)
Click to expand...
Click to collapse
I didn't believe you so I went to try.

Son of a gun it works!! Holy sheet thanks bro..

Sent from my SM-G985F using Tapatalk
 
  • Like
Reactions: soraxd
T

terataki

New member
Sep 7, 2006
3
0
It works!

If you want, after installing the app you want, you could remove the dual messenger from Settings. Your installed app will still be there
 
F

forsel

Member
Oct 12, 2009
5
8
I tried this adb procedure for Signal and it works. Permissions do not work initially after doing this procedure, for example, when first starting the secondary Signal it doesn't want to show your contacts. I found a workaround for this.

When going to Apps settings, it shows both Signal instances. Selecting the secondary Signal instance shows that it has no permissions. Clicking through on Permissions directs you to the "App permissions" screen, which shows that the permissions are there. However, the icon shown is for the primary Signal instance. Seems like it mixes up both instances at this point and that it is not possible to access the permissions screen of the secondary Signal instance.

I found that when I go back to the Apps screen and select "Permission Manager" in the menu, then select a specific permission, such as Contacts, it will show a list with all apps that have/do not have this permission. The secondary Signal instance is listed under 'denied'. Selecting it then allows its Contact permission to be set directly. Moreover, selecting "See all Signal permissions" on this screen goes to the correct App permissions screen for the secondary Signal instance, i.e. it shows the icon with the dual app icon badge. Here it is possible to set all desired permissions. Contacts are now visible in the secondary Signal instance and I was also able to access my pictures after allowing access to media.
 
  • Like
Reactions: VincentThacker, _MU, soraxd and 1 other person
U

username_required_34

New member
May 24, 2021
1
3
Hi,

This might help out some of you. I own a Galaxy S21 5G. Wanted to install Signal as a Dual Messenger app, but as of today, Samsung does not officialy supports it.

So I followed VincentThaker steps then forsel's details regarding contacts access.

It worked BUT I needed to do a few things to make it work:

1. Step 9: Getting the Signal app from the website, even if it has same version number as the installed version, does not work as it gives you an '[INSTALL_FAILED_VERSION_DOWNGRADE] error when trying to install.
You have thus to get the same apk file from the already installed Signal app.
To do it, use the following commands:

adb shell pm path org.thoughtcrime.securesms --> To retrieve the path of the .apk file already installed on your phone.

Then with the path retrieved, type:

adb pull <signal_apk_path_source> <your_destination_folder_on_your_pc_path>

For example:
adb pull /data/app/~~K4TFGjn3Sl0Ue-e6zvv8mQ==/org.thoughtcrime.securesms-RaqtFP_b3phb1CaEL3Q5hw==/base.apk C:\Temp\base.apk

Then put this base.apk file into the ADB folder. You can now proceed with step 9 :cool:

Thanks so much to all that helped me achieve installing Signal as a dual messenger app :)
 
  • Like
  • Love
Reactions: david007co, _MU and soraxd
chicken10dys

chicken10dys

Member
May 30, 2021
5
0
DevanirNF said:
On a second thought, apps installed this way don't have access to any permission :crying:
Click to expand...
Click to collapse
you can grant them in adb.... i used

.\adb shell pm grant --user 95 com.discord android.permission.READ_EXTERNAL_STORAGE

to give discord permissions to view my files... you can replace com.discord with the package name for what app you want (.\adb shell pm list packages --user 95 to find it) then look up the name to what permission you want

also im as dumb as you can get and in no way am i knowledgeable about any of this... i slapped together that line from other times i needed to use adb and got it to work soooo :/
 
chicken10dys

chicken10dys

Member
May 30, 2021
5
0
ok so i made progress on this... and holly crap i did something...

i checked the packages on dual messenger and there was no play services... no play store without hard work... that means i need to use an alt app store if i dont want to indent my head with random permission grants i dont understand. so i chose to use aurora store because you dont need a google account and it uses the play store servers. now i can download any app on the play store a 2nd time as a 2nd app in dual messenger without adb for each one...

ok so heres how i did it

  1. https://f-droid.org/en/packages/com.aurora.store/ get aurora store with that link (try it on your phone like a normal apk install first to avoid issues)
  2. get that apk into your adb folder and name it something easy to type like aurora (i used aurora.apk so change that to yours)
  3. adb install --user 95 aurora.apk
  4. go through the setup with the default settings until it asks for permissions
  5. .\adb shell pm grant --user 95 com.aurora.store android.permission.READ_EXTERNAL_STORAGE
  6. .\adb shell pm grant --user 95 com.aurora.store android.permission.WRITE_EXTERNAL_STORAGE
  7. .\adb shell appops set --user 95 com.aurora.store MANAGE_EXTERNAL_STORAGE allow
  8. .\adb shell appops set --user 95 com.aurora.store REQUEST_INSTALL_PACKAGES allow
  9. USE GUEST MODE (unless you are in a beta programme)

now you should have the app store installed and it should get perms to install apps (this way was important so its on the dual messenger account and can install inside it)

if you want to install an app it might say that its installed... this is because it is.... on your main account... its just confused to install do this

  1. 3 dots on the top right
  2. manual download
  3. type the version number provided
  4. check
  5. confirm the install

this app store uses googles servers so its safe (to my knowledge) and you can even copy a link to the file from google's servers in the apps downloads menu

there is definitely more we can do to make dual messenger work perfectly with any app and any service.... anyone who can contribute please do

EDIT: apps might crash if they aren't on the main account so you should try to install this store with your phone like a normal apk first... also if you are in any beta programmes to apps you will need to log into your google account instead of anonymous so there isn't a version issue.
 
Last edited:
E

Everything13

New member
Feb 26, 2017
2
0
chicken10dys said:
ok so i made progress on this... and holly crap i did something...

i checked the packages on dual messenger and there was no play services... no play store without hard work... that means i need to use an alt app store if i dont want to indent my head with random permission grants i dont understand. so i chose to use aurora store because you dont need a google account and it uses the play store servers. now i can download any app on the play store a 2nd time as a 2nd app in dual messenger without adb for each one...

ok so heres how i did it

  1. https://f-droid.org/en/packages/com.aurora.store/ get aurora store with that link
  2. get that apk into your adb folder and name it something easy to type like aurora (i used aurora.apk so change that to yours)
  3. adb install --user 95 aurora.apk
  4. go through the setup with the default settings until it asks for permissions
  5. .\adb shell pm grant --user 95 com.aurora.store android.permission.READ_EXTERNAL_STORAGE
  6. .\adb shell pm grant --user 95 com.aurora.store android.permission.WRITE_EXTERNAL_STORAGE
  7. .\adb shell appops set --user 95 com.aurora.store MANAGE_EXTERNAL_STORAGE allow
  8. .\adb shell appops set --user 95 com.aurora.store REQUEST_INSTALL_PACKAGES allow
  9. USE GUEST MODE

now you should have the app store installed and it should get perms to install apps (this way was important so its on the dual messenger account and can install inside it)

if you want to install an app it might say that its installed... this is because it is.... on your main account... its just confused to install do this

  1. 3 dots on the top right
  2. manual download
  3. type the version number provided
  4. check
  5. confirm the install

this app store uses googles servers so its safe (to my knowledge) and you can even copy a link to the file from google's servers in the apps downloads menu

there is definitely more we can do to make dual messenger work perfectly with any app and any service.... anyone who can contribute please do
Click to expand...
Click to collapse
In step 3 i do get the success messege but when trying to open the app from my phone it doesnt open as it keep crashing the moment i tap on it.
 
chicken10dys

chicken10dys

Member
May 30, 2021
5
0
Everything13 said:
In step 3 i do get the success messege but when trying to open the app from my phone it doesnt open as it keep crashing the moment i tap on it.
Click to expand...
Click to collapse
does the apk work with your phone if you install it from your phone.. like if you normally installed an apk? also try to close all apps then open it again (i had problems where yt vanced did that)
 
You must log in or register to reply here.

Similar threads

H
Dual Messenger and Whatsapp question
Replies
8
Views
27K
S
Sachin P Mestry
L
Note 8 256GB & Dual Sim?
Replies
192
Views
56K
M
MeltdownSpectre
jah
Dual SIM and memory card?
Replies
69
Views
42K
T
tadukuttan
rockky
Messenger : Samsung vs Android Messenger?
Replies
32
Views
15K
M
marctronixx
J
Samsung note 8 retail mode (howto delete?)
Replies
35
Views
63K
A
AndyM3

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 14
    V
    VincentThacker
    I've found a method that requires ADB. NO ROOT NEEDED.
    Step 1: Enable Dual Messenger for an existing app (e.g. WhatsApp).
    Step 2: Enable USB Debugging and connect your device to your computer.
    Step 3: Open command prompt in your adb folder.
    Step 4: Type
    Code: 
    adb shell
    Step 5: Type
    Code: 
    pm list users
    Step 6: In the resulting list, find the user named "DUAL_APP" and get its number. For example, the number is 95 on my device:
    Code: 
    UserInfo{95:DUAL_APP:20000030} running
    Step 7: Type
    Code: 
    exit
    Step 8: Copy your desired apk file to your adb folder.
    Step 9: Type
    Code: 
    adb install --user 95 desired_app.apk
    Remember to replace "95" with whatever number you saw in Step 6.

    Wait for the process to finish. A SUCCESS message should be displayed.

    The app of your choice will now be installed in Dual Messenger.
    View
    4
    F
    forsel
    I tried this adb procedure for Signal and it works. Permissions do not work initially after doing this procedure, for example, when first starting the secondary Signal it doesn't want to show your contacts. I found a workaround for this.

    When going to Apps settings, it shows both Signal instances. Selecting the secondary Signal instance shows that it has no permissions. Clicking through on Permissions directs you to the "App permissions" screen, which shows that the permissions are there. However, the icon shown is for the primary Signal instance. Seems like it mixes up both instances at this point and that it is not possible to access the permissions screen of the secondary Signal instance.

    I found that when I go back to the Apps screen and select "Permission Manager" in the menu, then select a specific permission, such as Contacts, it will show a list with all apps that have/do not have this permission. The secondary Signal instance is listed under 'denied'. Selecting it then allows its Contact permission to be set directly. Moreover, selecting "See all Signal permissions" on this screen goes to the correct App permissions screen for the secondary Signal instance, i.e. it shows the icon with the dual app icon badge. Here it is possible to set all desired permissions. Contacts are now visible in the secondary Signal instance and I was also able to access my pictures after allowing access to media.
    View
    3
    F
    forsel
    Here is a detailed explanation of how the dual messenger feature on Samsung phones works. As I don't really have a background in Android it took me some time to figure it out. All in all it seems like a somewhat complex setup to me. Apologies for what has become a somewhat long post.
    After completing my investigation it seems clear what should be done to properly activate the dual messenger feature for non-supported (messenger) apps such as Signal. I haven't been able to test anything yet, but I think that with a rooted phone it should be easy to properly add e.g. Signal. Since I don't have a rooted phone and don't want to root mine (S10) I'm currently stuck.

    Architecture & code​

    The dual messenger feature consists of 2 main components:
    1. A system app com.samsung.android.da.daagent which is located under /system/app/DAAgent/DAAgent.apk
    2. A system service called 'dual_app' which is running as part of the system_server process.
    Ad 1:
    The system app mainly provides the various screens (Activities) under Settings->Advanced->Dual Messenger as well as a database (Content Provider). This db stores the list of installed dual apps.

    Once the dual messenger feature is activated (i.e. 1 dual app is enabled/installed), then this system app is visible as the 'Dual Messenger" service under Settings->Developer options-Running services.

    The main code is (obviously) in the apk. It contains a classes.dex which can be converted to a jar file with dex2jar tools.

    The app uses various other 'framework' parts/system services via some classes in /system/framework/com.samsung.bbccommon.jar with package path com.samsung.android.da.daagent.fwwrapper
    • AmWrapper - programmatic access to ActivityManager service, similar to command 'am' in adb shell
    • DaWrapper - programmatic access to 'dual_app' service, which is component 2 above
    • LogWrapper - Logging
    • PmWrapper - programmatic access to 'package' service, similar to command 'pm' in adb shell
    • UmWrapper - User handling
    • UtilsWrapper - various

    Since this is a system app, it runs under the 'system' user with uid=1000.

    Ad 2:
    The system service provides a generic way for other apps to interact with the dual app feature/system app. For example, it can be used to check if an app is an installed 'dual app' app, which is used in numerous places in other Settings related code.

    All System services run under the process 'system_server'. This process is started by the 'zygote' process on boot, which in its turn is started by the 'init' process. The system_server process also runs under the 'system' user with uid=1000.

    The code for this is in /system/framework/oat/arm64/services.odex. This file can be deodexed using baksmali/smali tools into a jar file. The interesting classes are:
    • com.android.server.SystemServer (this is a standard Android class, which is updated by Samsung to add its own system services)
    • com.android.server.DualAppManagerService, which contains the code we are looking for.
    Furthermore, each system service normally has a ServiceManager class. This class provides a stub and remote interface to the system service. The class can be called from an app and then uses inter process communication to communicate with the system service in the system_server process. In Android this works with a Binder interface and Parcel objects.
    For the DualAppManagerService above, the ServiceManager class can be found in /system/framework/framework.jar. This jar file contains classes.dex files and can be translated into jar files using the dex2jar tools. The relevant classes are:
    • com.samsung.android.app.SemDualAppManager - some wrapper class around the next class with some extra functionality
    • com.samsung.android.app.ISemDualAppManager - the actual stub/remote interface for the system service, this would normally be generated through an .aidl file in the original (Samsung) source code

    Which dual apps allowed​

    The DAAgent system app contains a hardcoded list of so-called 'whitelisted' apps. These are the only apps that can be officially installed as a dual app.

    Class com.samsung.android.da.daagent.provider.WhiteListApps contains the following definitions:
    Java: 
    public class WhiteListApps
{
  public static final String[] CHINA_SALES_CODES = { "CHN", "CHM", "CBK", "CTC", "CHU", "CHC" };
  public static final String[] DUAL_APP_WHITELIST_PACKAGES = { "com.facebook.katana", "com.whatsapp", "com.facebook.orca", "com.tencent.mobileqq", "com.tencent.mobileqqi", "com.tencent.mm", "com.sina.weibo", "com.skype.raider", "com.viber.voip", "jp.naver.line.android", "com.bbm", "org.telegram.messenger", "com.kakao.talk", "com.bsb.hike", "com.icq.mobile.client", "com.yahoo.mobile.client.android.im", "com.zing.zalo", "com.snapchat.android", "kik.android" };
  public static final String[] DUAL_APP_WHITELIST_PACKAGES_FOR_CHINA = { "com.tencent.mm", "com.tencent.mobileqq", "com.sina.weibo" };
}

    As can be seen, there seems to be a specific/restricted definition for Chinese phones.

    In order to officially support another app, e.g. Signal, it would need to be added here. So, the DUAL_APP_WHITELIST_PACKAGES string array would need to be extended with 'org.thoughtcrime.securesms' which is the packagename for Signal.

    The simple straightforward approach would be to update this class. I've tried this and managed to get the class correctly updated. However, as I suspected there is no way to get the updated apk with updated class installed on an unrooted phone since everything is protected both on user level and through package signing. So, this approach failed and I started to look further.

    System app db​

    Another potential option would be to update the database. Although this would most likely not show the app in the list with allowed apps, it would make it possible to improve the workaround. So, install the app in the dual app user profile and then also update the database with this app as being installed.
    I looked into this, but this is also not easily done since the app is running under the system user and the app is running in its own sandbox. Without more (root) access to the system it is not possible to get access to the app specific files such as a .db file. In this case, according to the code, the db file is DAAgent.db and it seems to contain:

    Java: 
          paramSQLiteDatabase.execSQL("CREATE TABLE daApps (_id INTEGER PRIMARY KEY AUTOINCREMENT,pkgName TEXT UNIQUE, appType INTEGER default 1, isInstalled INTEGER default 0, appOption INTEGER, log_time TEXT default(datetime('now','localtime')))");
      paramSQLiteDatabase.execSQL("CREATE TABLE daLogs (_id INTEGER PRIMARY KEY AUTOINCREMENT,logDate TEXT default(datetime('now','localtime')), logTitmeTick INTEGER default(strftime('%s','now')), logDesc TEXT)");
      paramSQLiteDatabase.execSQL("CREATE TABLE daInfo (_id INTEGER PRIMARY KEY AUTOINCREMENT,infoType INTEGER NOT NULL, infoInt1 INTEGER, infoInt2 INTEGER, infoInt3 INTEGER, infoText1 TEXT, infoText2 TEXT, infoText3 TEXT)");
      paramSQLiteDatabase.execSQL("CREATE TABLE IF NOT EXISTS daContacts (_id INTEGER PRIMARY KEY AUTOINCREMENT,lookup TEXT UNIQUE, data1 TEXT, data2 INTEGER)");
    Here, the 'daApps' table is what we are interested in as it should contain installed apps. Although the table has an isInstalled column, it seems only really (dual-app) installed apps are stored here. So, it is not used to store the whitelisted apps which are not yet installed in the same table.

    The database is accessed directly from within the app. However, part of it is also exposed as a 'content provider'. For this content provider, the following URLs are registered:

    Java: 
        localUriMatcher.addURI("com.samsung.android.da.daagent.provider", "filterContacts", 1);
    sUriMatcher.addURI("com.samsung.android.da.daagent.provider", "FilterContactsLookupKey", 2);
    sUriMatcher.addURI("com.samsung.android.da.daagent.provider", "getWhitelistApps", 3);
    sUriMatcher.addURI("com.samsung.android.da.daagent.provider", "getInstalledApps", 4);
    sUriMatcher.addURI("com.samsung.android.da.daagent.provider", "getDefaultApps", 5);
    sUriMatcher.addURI("com.samsung.android.da.daagent.provider", "recordUsage", 6);

    This can be invoked through the 'content' command in adb shell. Unfortunately, this only provides some simple lookups, it does not allow manipulation of the db. Output for me looks like this:

    Code: 
    127|beyond1:/ $ content query --uri content://com.samsung.android.da.daagent.provider/getWhitelistApps
Row: 0 pkgName=com.facebook.katana
Row: 1 pkgName=com.whatsapp
Row: 2 pkgName=com.facebook.orca
Row: 3 pkgName=com.tencent.mobileqq
Row: 4 pkgName=com.tencent.mobileqqi
Row: 5 pkgName=com.tencent.mm
Row: 6 pkgName=com.sina.weibo
Row: 7 pkgName=com.skype.raider
Row: 8 pkgName=com.viber.voip
Row: 9 pkgName=jp.naver.line.android
Row: 10 pkgName=com.bbm
Row: 11 pkgName=org.telegram.messenger
Row: 12 pkgName=com.kakao.talk
Row: 13 pkgName=com.bsb.hike
Row: 14 pkgName=com.icq.mobile.client
Row: 15 pkgName=com.yahoo.mobile.client.android.im
Row: 16 pkgName=com.zing.zalo
Row: 17 pkgName=com.snapchat.android
Row: 18 pkgName=kik.android
beyond1:/ $ content query --uri content://com.samsung.android.da.daagent.provider/getInstalledApps
Row: 0 pkgName=com.whatsapp, UID=0
beyond1:/ $ content query --uri content://com.samsung.android.da.daagent.provider/getDefaultApps
Row: 0 pkgName=com.android.settings
Row: 1 pkgName=com.android.providers.settings
Row: 2 pkgName=com.sec.android.provider.badge
Row: 3 pkgName=android
Row: 4 pkgName=com.android.keychain
Row: 5 pkgName=com.google.android.gms
Row: 6 pkgName=com.google.android.webview
Row: 7 pkgName=com.bst.airmessage
Row: 8 pkgName=com.bst.floatingmsgproxy
Row: 9 pkgName=com.google.android.gsf
Row: 10 pkgName=com.google.android.gsf.login
Row: 11 pkgName=com.android.chrome
Row: 12 pkgName=com.android.server.telecom
Row: 13 pkgName=com.google.android.permissioncontroller
Row: 14 pkgName=com.samsung.android.permissioncontroller
Row: 15 pkgName=com.google.android.overlay.modules.permissioncontroller
Row: 16 pkgName=com.google.android.providers.media.module
Row: 17 pkgName=com.android.providers.media.module
Row: 18 pkgName=com.android.providers.downloads
Row: 19 pkgName=com.samsung.android.secsoundpicker
    Notice that the provided values for getWhitelistApps is the same as the hardcoded values above. This is because the content provider code uses the hardcoded list to build the query result, i.e. this is not really read from the database. As can be seen, I have Whatsapp installed as dual app.

    All in all this is a bit of a dead end, so .....

    System service​

    Next, let's look at the system service, why is it there and how is it used?

    As already mentioned, the system service is called from various places in Settings and potentially in other apps as well. It is even called by the DAAgent system app itself (via the DaWrapper class mentioned earlier).

    Interaction with system services can be done with the 'service' command via adb shell, for example:

    Code: 
    beyond1:/ $ service list |grep dual
82      dual_app: [com.samsung.android.app.ISemDualAppManager]
beyond1:/ $ service check dual_app
Service dual_app: found

    It is also possible to call a system service via 'service call'. The provided methods are:

    Java: 
        static final int TRANSACTION_getAllInstalledWhitelistedPackages = 1;
    static final int TRANSACTION_getAllWhitelistedPackages = 3;
    static final int TRANSACTION_isInstalledWhitelistedPackage = 2;
    static final int TRANSACTION_updateDualAppData = 4;

    The update method looks promising. Calling the first 2 methods is easy and provides a similar result as before with the content provider:

    Code: 
    beyond1:/ $ service call dual_app 1
Result: Parcel(
  0x00000000: 00000000 00000001 0000000c 006f0063 '............c.o.'
  0x00000010: 002e006d 00680077 00740061 00610073 'm...w.h.a.t.s.a.'
  0x00000020: 00700070 00000000                   'p.p.....        ')
beyond1:/ $ service call dual_app 3
Result: Parcel(
  0x00000000: 00000000 00000013 0000000c 006f0063 '............c.o.'
  0x00000010: 002e006d 00680077 00740061 00610073 'm...w.h.a.t.s.a.'
  0x00000020: 00700070 00000000 0000000b 0069006b 'p.p.........k.i.'
  0x00000030: 002e006b 006e0061 00720064 0069006f 'k...a.n.d.r.o.i.'
  0x00000040: 00000064 0000000c 006f0063 002e006d 'd.......c.o.m...'
  0x00000050: 00730062 002e0062 00690068 0065006b 'b.s.b...h.i.k.e.'
  0x00000060: 00000000 00000014 006f0063 002e006d '........c.o.m...'
  0x00000070: 006e0073 00700061 00680063 00740061 's.n.a.p.c.h.a.t.'
  0x00000080: 0061002e 0064006e 006f0072 00640069 '..a.n.d.r.o.i.d.'
  0x00000090: 00000000 00000015 006f0063 002e006d '........c.o.m...'
  0x000000a0: 00650074 0063006e 006e0065 002e0074 't.e.n.c.e.n.t...'
  0x000000b0: 006f006d 00690062 0065006c 00710071 'm.o.b.i.l.e.q.q.'
  0x000000c0: 00000069 00000022 006f0063 002e006d 'i..."...c.o.m...'
  0x000000d0: 00610079 006f0068 002e006f 006f006d 'y.a.h.o.o...m.o.'
  0x000000e0: 00690062 0065006c 0063002e 0069006c 'b.i.l.e...c.l.i.'
  0x000000f0: 006e0065 002e0074 006e0061 00720064 'e.n.t...a.n.d.r.'
  0x00000100: 0069006f 002e0064 006d0069 00000000 'o.i.d...i.m.....'
  0x00000110: 00000013 006f0063 002e006d 00610066 '....c.o.m...f.a.'
  0x00000120: 00650063 006f0062 006b006f 006b002e 'c.e.b.o.o.k...k.'
  0x00000130: 00740061 006e0061 00000061 0000000e 'a.t.a.n.a.......'
  0x00000140: 006f0063 002e006d 00650074 0063006e 'c.o.m...t.e.n.c.'
  0x00000150: 006e0065 002e0074 006d006d 00000000 'e.n.t...m.m.....'
  0x00000160: 0000000e 006f0063 002e006d 00690073 '....c.o.m...s.i.'
  0x00000170: 0061006e 0077002e 00690065 006f0062 'n.a...w.e.i.b.o.'
  0x00000180: 00000000 00000007 006f0063 002e006d '........c.o.m...'
  0x00000190: 00620062 0000006d 00000014 006f0063 'b.b.m.......c.o.'
  0x000001a0: 002e006d 00650074 0063006e 006e0065 'm...t.e.n.c.e.n.'
  0x000001b0: 002e0074 006f006d 00690062 0065006c 't...m.o.b.i.l.e.'
  0x000001c0: 00710071 00000000 00000010 006f0063 'q.q.........c.o.'
  0x000001d0: 002e006d 006b0073 00700079 002e0065 'm...s.k.y.p.e...'
  0x000001e0: 00610072 00640069 00720065 00000000 'r.a.i.d.e.r.....'
  0x000001f0: 0000000d 006f0063 002e006d 0069007a '....c.o.m...z.i.'
  0x00000200: 0067006e 007a002e 006c0061 0000006f 'n.g...z.a.l.o...'
  0x00000210: 00000015 0070006a 006e002e 00760061 '....j.p...n.a.v.'
  0x00000220: 00720065 006c002e 006e0069 002e0065 'e.r...l.i.n.e...'
  0x00000230: 006e0061 00720064 0069006f 00000064 'a.n.d.r.o.i.d...'
  0x00000240: 00000015 006f0063 002e006d 00630069 '....c.o.m...i.c.'
  0x00000250: 002e0071 006f006d 00690062 0065006c 'q...m.o.b.i.l.e.'
  0x00000260: 0063002e 0069006c 006e0065 00000074 '..c.l.i.e.n.t...'
  0x00000270: 0000000e 006f0063 002e006d 00690076 '....c.o.m...v.i.'
  0x00000280: 00650062 002e0072 006f0076 00700069 'b.e.r...v.o.i.p.'
  0x00000290: 00000000 0000000e 006f0063 002e006d '........c.o.m...'
  0x000002a0: 0061006b 0061006b 002e006f 00610074 'k.a.k.a.o...t.a.'
  0x000002b0: 006b006c 00000000 00000016 0072006f 'l.k.........o.r.'
  0x000002c0: 002e0067 00650074 0065006c 00720067 'g...t.e.l.e.g.r.'
  0x000002d0: 006d0061 006d002e 00730065 00650073 'a.m...m.e.s.s.e.'
  0x000002e0: 0067006e 00720065 00000000 00000011 'n.g.e.r.........'
  0x000002f0: 006f0063 002e006d 00610066 00650063 'c.o.m...f.a.c.e.'
  0x00000300: 006f0062 006b006f 006f002e 00630072 'b.o.o.k...o.r.c.'
  0x00000310: 00000061                            'a...            ')

    The next isInstalledWhitelistedPackage method can also be called relatively easily by providing a packagename as input string, e.g.:

    Code: 
    beyond1:/ $ service call dual_app 2 s16 com.whatsapp
Result: Parcel(00000000 00000001   '........')
beyond1:/ $ service call dual_app 2 s16 org.telegram.messenger
Result: Parcel(00000000 00000000   '........')
    This is correct as it gives back a '1' = true for Whatsapp

    Finally, the update method is much harder as it expects much more input which depends on an update command and is based on a Bundle class. This is not directly supported by the 'service' command.

    The update commands that are supported by the update method are:

    • renewInstalledWhitelistedPkgs
    • addInstalledWhitelistedPkg
    • removeInstalledWhitelistedPkg
    • removeAllInstalledWhitelistedPkgs
    • printInstalledWhitelistedPkg
    • setDualAppNotificationSound
    • updateWhitelistPkgs
    Here, the updateWhitelistPkgs seems very interesting.

    Looking into the code of the system service, what it does is keep track of a list of whitelisted apps and a list of installed whitelisted apps internally in 2 hashmaps. Both hashmaps are initialized at boot time by the DAAgent system app where it uses the hardcoded whitelist apps list and the db entries for the installed apps. It seems that further checks on whether an app is a whitelisted app is then asked via the system service and that only looks at its internal hashmap.
    Furthermore, the updateWhitelistPkgs allows that hashmap to be updated. So, it should be possible to run this update command after boot and thereby enter an extra app in the whitelist, which will then last until the next reboot. However, this should allow such an app to be then installed and once it is installed it has an entry in the db and that is what we are looking for!

    There are 2 issues:

    1. Calling this method/command is not possible via the command line. The way around this is to call it programmatically. The easiest way seems to be via a shell app. I did just that successfully, so create a Java class with the necessary code, compile it and then call it via 'app_process' which is sort of equivalent to the 'java' executable on other platforms. This works and I'm able to call the various methods.

    2. The other methods to get the lists are working in this way. However, the update method is not working. The reason can be found directly in the code:
    Java: 
      public Bundle updateDualAppData(String paramString, int paramInt, Bundle paramBundle)
  {
    try
    {
      if (("com.samsung.android.da.daagent".equals(paramString)) && (Binder.getCallingUid() == 1000))
      {

    This method is protected in that it is only callable by the system user (uid=1000). The positive news is that it doesn't need root as user. However, system privileges are still difficult to get. I've been looking for a non-intrusive method for a Samsung S10, but so far no luck.

    Conclusion​

    If you have a rooted phone, it should be fairly easy to do the above steps and if my analysis is correct, this should allow other apps to be added as whitelisted apps.
    As I don't have a rooted phone and don't want to root it (and trip knox and potentially have issues with banking apps and such) the only alternative is to find some other way to gain system privileges. This however cannot be an easy task as such vulnerabilities will likely be patched all the time, since having system privileges is a step closer to having root privileges.

    PS: See also https://xdaforums.com/t/telegram-is-not-shown-in-dual-messenger.4356079/#post-85875279 for some related info.
    View
    3
    J
    jooniloh
    I just got everything working on my Tab S8 Ultra and thought I'd share my method.

    The problem here seems to be that the pull/install method does not work for split APKs. It also seems that the Aurora Store struggles with installing split APKs as well. With the Dual version of Aurora Store, I could install the Wikipedia app as a Dual app, but both the base user and Dual versions of Aurora Store could not install Activity Launcher or TikTok (gave an error every time, even when the app in question was uninstalled from all accounts). Furthermore, unlike @chicken10dys, I could not get the Play Store running at all after cloning it via the pull/install method.

    Some setup to make life easier now and later:
    • Get Applications Info from the Play Store to easily find package names without having to read through the output from pm list packages.
    • Optionally set up LADB and wireless debugging to make your life easier and do this all from your device without having a computer on hand.
      • Note that if using LADB, any commands that start with adb shell should omit adb shell entirely but all other adb commands should include the adb.
    • Install Activity Launcher from the Play Store and use the pull/install method to install a copy on user 95 (this works for some reason, even though Aurora Store couldn't install it.
      • Launch the Dual version of Activity Launcher and find the Dual version of the Settings app near the bottom of its list.
      • Under Settings, find Settings again (or specifically, com.android.settings.homepage.SettingsHomepageActivity.
      • Do not launch this directly, as for some reason, that will still open your base account's Settings app. Instead, create a shortcut to it via the 3 dot menu on the right. The newly created homescreen shortcut (again for reasons unknown) will correctly launch the Dual version of Settings.
      • You can use this Settings panel to do things such as adjust the "Full screen apps" settings for Dual apps (to hide/show camera notches) and to toggle other app-specific settings only available from the Settings Panel (Auto rotate apps for tablets is another one).
      • You can use this same method of launching the account-specific version of Settings via Activity Launcher to configure the same settings for Secure Folder and Work Profile apps, by installing a copy of Activity Launcher in those accounts as well.
    Here's what I ended up doing:

    First, I needed a split APK installer. My first thought was the APKMirror installer, but after installing it to user 95 via ADB, it failed to open for whatever reason. So next I tried installing SAI from the Play Store, and then pulling/installing it via ADB to user 95. This worked. I now have a Dual version of SAI installed.

    Next I granted SAI permissions so it could read the file system. You can do that either via (L)ADB, or using Permissions Manager as mentioned by someone above. I also took this opportunity to allow SAI to install apps.

    After that, I downloaded the latest .apkm for TikTok from APKMirror (the MIDDLE option here: https://www.apkmirror.com/apk/tikto.../tik-tok-including-musical-ly-23-4-4-release/). I then used My Files to move the .apkm file from the downloads directory of the base user to the downloads directory of the Dual user.

    Then I launched SAI and selected the .apkm file from the filesystem and waited a bit. As TikTok was already installed on my base user, it did show "Update" rather than "Install", but it continued fine after selecting that, and in the end, I was left with a copy of TikTok that didn't crash upon launching!

    If you've done my recommended steps above, a couple additional things you can do:
    • Save some of the more frequently used ADB commands in LADB so that you can quickly use them again in the future (makes pulling locations, granting permissions, etc. a lot faster).
    • Use the Dual settings app to adjust whatever settings you'd for your newly installed Dual app(s). Personally, I always set my apps to use the full screen, regardless of any notches/cutouts, and to force resize to the full aspect ratio in any orientation.
    Finally, as a little bonus, I present to you 4 instances of TikTok running simultaneously on my Tab S8 Ultra via Dual Messenger, Work Profiles (Island), and Secure Folder for absolutely no good reason whatsoever. 😂

    GMbxJG4.png
    View
    3
    U
    username_required_34
    Hi,

    This might help out some of you. I own a Galaxy S21 5G. Wanted to install Signal as a Dual Messenger app, but as of today, Samsung does not officialy supports it.

    So I followed VincentThaker steps then forsel's details regarding contacts access.

    It worked BUT I needed to do a few things to make it work:

    1. Step 9: Getting the Signal app from the website, even if it has same version number as the installed version, does not work as it gives you an '[INSTALL_FAILED_VERSION_DOWNGRADE] error when trying to install.
    You have thus to get the same apk file from the already installed Signal app.
    To do it, use the following commands:

    adb shell pm path org.thoughtcrime.securesms --> To retrieve the path of the .apk file already installed on your phone.

    Then with the path retrieved, type:

    adb pull <signal_apk_path_source> <your_destination_folder_on_your_pc_path>

    For example:
    adb pull /data/app/~~K4TFGjn3Sl0Ue-e6zvv8mQ==/org.thoughtcrime.securesms-RaqtFP_b3phb1CaEL3Q5hw==/base.apk C:\Temp\base.apk

    Then put this base.apk file into the ADB folder. You can now proceed with step 9 :cool:

    Thanks so much to all that helped me achieve installing Signal as a dual messenger app :)
    View

New posts