Requirements: Android 7.0+ | Root or ADB
Overview: Using system APIs directly with adb/root privileges from normal apps through a Java process started with app_process.
When developing apps that requires root, the most common method is to run some commands in the su shell. For example, there is an app that uses the pm enable/disable command to enable/disable components.
This method has very big disadvantages:
Extremely slow (Multiple process creation)
Needs to process texts (Super unreliable)
The possibility is limited to available commands
Even if ADB has sufficient permissions, the app requires root privileges to run
Shizuku uses a completely different way. See detailed description below.
First, we need to talk about how app use system APIs. For example, if the app wants to get installed apps, we all know we should use PackageManager#getInstalledPackages(). This is actually an interprocess communication (IPC) process of the app process and system server process, just the Android framework did the inner works for us.
Android uses binder to do this type of IPC. Binder allows the server-side to learn the uid and pid of the client-side, so that the system server can check if the app has the permission to do the operation.
Usually, if there is a "manager" (e.g., PackageManager) for apps to use, there should be a "service" (e.g., PackageManagerService) in the system server process. We can simply think if the app holds the binder of the "service", it can communicate with the "service". The app process will receive binders of system services on start.
Shizuku guides users to run a process, Shizuku server, with root or ADB first. When the app starts, the binder to Shizuku server will also be sent to the app.
The most important feature Shizuku provides is something like be a middle man to receive requests from the app, sent them to the system server, and send back the results. You can see the transactRemote method in rikka.shizuku.server.ShizukuService class, and moe.shizuku.api.ShizukuBinderWrapper class for the detail.
So, we reached our goal, to use system APIs with higher permission. And to the app, it is almost identical to the use of system APIs directly.
What’s New:
Should work on Android 14 QPR2 by @vfishv in #376
I don’t have any physical device that can upgrade to Android 14 QPR2, neither does the simulator have 14 QPR2 image, so I cannot test it.
This app has no advertisements
More Info:
https://github.com/RikkaApps/Shizuku
https://play.google.com/store/apps/details?id=moe.shizuku.privileged.api
https://shizuku.rikka.app/
Download Instructions:
https://ouo.io/Bs2bGp
Mirror:
https://ouo.io/eyzxS4
https://github.com/RikkaApps/Shizuku/re … elease.apk
https://ouo.io/X7KC1Xen.