1# 4\. Application Packaging Compatibility 2 3Devices implementations: 4 5* [C-0-1] MUST be capable of installing and running Android “.apk” files as 6generated by the “aapt” tool included in the 7[official Android SDK]( 8http://developer.android.com/tools/help/index.html). 9 * As the above requirement may be challenging, device implementations are 10 RECOMMENDED to use the AOSP reference implementation's package management 11 systemDevice implementations. 12* [C-0-2] MUST support verifying “.apk” files using the 13[APK Signature Scheme v2](https://source.android.com/security/apksigning/v2.html) 14and [JAR signing]( 15https://source.android.com/security/apksigning/v2.html#v1-verification). 16* [C-0-3] MUST NOT extend either the 17[.apk](http://developer.android.com/guide/components/fundamentals.html), 18[Android Manifest]( 19http://developer.android.com/guide/topics/manifest/manifest-intro.html), 20[Dalvik bytecode](https://android.googlesource.com/platform/dalvik/), or 21RenderScript bytecode formats in such a way that would prevent those files from 22installing and running correctly on other compatible devices. 23* [C-0-4] MUST NOT allow apps other than the current 24"installer of record" for the package to silently uninstall the app without any 25prompt, as documented in the SDK for the [`DELETE_PACKAGE`]( 26https://developer.android.com/reference/android/Manifest.permission.html#DELETE_PACKAGES) 27permission. The only exceptions are the system package verifier app handling 28[PACKAGE_NEEDS_VERIFICATION]( 29https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_NEEDS_VERIFICATION) 30intent and the storage manager app handling [ACTION_MANAGE_STORAGE]( 31https://developer.android.com/reference/android/os/storage/StorageManager.html#ACTION_MANAGE_STORAGE) 32intent. 33 34Device implementations MUST NOT install application packages from unknown 35sources, unless the app that [requests the installation](https://developer.android.com/reference/android/content/Intent.html#ACTION_INSTALL_PACKAGE) 36meets all the following requirements: 37 38* It MUST declare the [`REQUEST_INSTALL_PACKAGES`](http://developer.android.com/reference/android/Manifest.permission.html#REQUEST_INSTALL_PACKAGES) 39 permission or have the `android:targetSdkVersion` set at 24 or lower. 40* It MUST have been granted permission by the user to install apps from 41 unknown sources. 42 43Device implementations MUST have an activity that handles the 44[`android.settings.MANAGE_UNKNOWN_APP_SOURCES`](http://developer.android.com/reference/android/provider/Settings.html#ACTION_MANAGE_UNKNOWN_APP_SOURCES) 45intent. They SHOULD provide a user affordance to grant/revoke the permission to 46install apps from unknown sources per application, but MAY choose to implement 47this as a no-op and return `RESULT_CANCELED` for [`startActivityForResult()`](http://developer.android.com/reference/android/app/Activity.html#startActivityForResult%28android.content.Intent, int%29), 48if the device implementation does not want to allow users to have this choice. 49However even in such cases, they SHOULD indicate to the user why there is no such 50choice presented. 51