Xiaomi engineers pointed out in a commit to AOSP (Android Open Source Project) that getting installed APKs through the shell should be prohibited, on the grounds that some APKs may contain private resources or content and therefore should not be allowed to pull directly from the system take .
Judging from the voting situation of commit, only the author himself voted for it, and the other two engineers who participated in the voting voted against it. So currently the commit has been marked as "Abandoned", which means it cannot be merged into AOSP.
The engineers who voted against believe that Xiaomi is not the preferred solution to protect the IP (intellectual property) or services provided by the APK by modifying the permissions. Even if the CL tool, the shell, is disabled, there are several ways to obtain the APK. And the APK itself is not a private file. If the APK contains content that needs to be kept secret, it should be protected by other means - such as DRM (Digital Rights Management).
The engineer also said that Xiaomi's commit was part of its internal product requirements, not a platform-wide policy that everyone would (should) agree to. If Xiaomi needs to do this, it should be done in a specific device.
Another engineer who voted down bluntly said: "Instead of committing something that hurts upstream, it's better to toss directly in your own fork branch."
In response to the comments of several other developers, Xiaomi engineers also responded. He believes that if an apk can be pulled out through the 'adb shell' command, it can be decompiled, which will pose some security risks to the apk. Therefore, he believes that the data security of the data partition should be ensured as much as possible.
