Platform-signed apps are apps sharing the same (or compatible) signing
certificate with the platform package (android). A platform-signed app can be
a system app (located on a system image partition), or a nonsystem app.
Platform-signed shared UIDs are shared UIDs (android:sharedUserId) that
contain platform-signed apps. Debuggable builds are builds whose
android.os.Build.isDebuggable() return true, such as userdebug or eng
builds.
Historically, device manufacturers had little control over which platform-signed
nonsystem apps could join a platform-signed shared UID. Starting in Android
15, manufacturers can explicitly allow platform-signed
nonsystem apps to join platform-signed shared UIDs in the system configuration
XML files in the /etc/permissions directory. If a platform-signed nonsystem
app isn't added to the allowlist for a platform-signed shared UID, and the app
still tries to join the platform-signed shared UID (with android:sharedUserId
in its manifest), that app can't be installed on nondebuggable builds.
Add an allowlist
You can list allowlists for apps in a single XML file or in multiple XML files,
similar to
frameworks/base/data/etc/package-shareduid-allowlist.xml:
<!--
This XML defines an allowlist for packages that want to join a particular shared-uid.
If a non-system package that is signed with platform signature, is trying to join a particular
shared-uid, and not in this list, the installation will fail.
- The "package" XML attribute refers to the app's package name.
- The "shareduid" XML attribute refers to the shared uid name.
-->
<config>
<allow-package-shareduid package="android.test.settings" shareduid="android.uid.system" />
</config>
Find missing allowlist
To find a missing allowlist entry, try to install your platform-signed nonsystem app on a nondebuggable build and check if it can still be installed. If not, you can inspect device logs for the following format of warning messages:
Non-preload app {PACKAGE_NAME} signed with platform signature and joining shared uid: {SHARED_UID_NAME}