Xiaomi Engineer’s AOSP Commit to Block Shell Access to Installed APKs Rejected

An AOSP commit submitted by a Xiaomi engineer proposed prohibiting shell access to installed APKs, arguing that some APKs may contain private resources and should not be directly pulled from the system.

Voting on the commit showed only the author’s approval, while two other engineers voted against it, leading to the commit being marked “Abandoned” and unable to be merged into AOSP.

The opposing engineers argued that modifying permissions is not the preferred way to protect APK intellectual property; even if the shell tool is disabled, APKs can still be obtained by other means, and if confidentiality is required, DRM should be used instead.

One reviewer noted that the change reflects an internal product need of Xiaomi rather than a universal platform policy, suggesting it should be applied only to specific devices if needed.

Another reviewer bluntly said, “Instead of submitting something that harms upstream, just experiment in your own fork.”

In response to other developers’ comments, the Xiaomi engineer replied that if an APK can be retrieved via the adb shell command, it can be decompiled, posing security risks, and therefore data‑partition security should be ensured as much as possible.

For more details, see the review at https://android-review.googlesource.com/c/platform/system/sepolicy/+/2101015 .