Download Provider

Contents

• High-level requirements
  • Requirements for Android
  • Requirements for Cupcake
  • Requirements for Donut
• Technology Evaluation
  • Possible scope for Cupcake
  • Reducing the number of classes
  • Reducing the list of visible columns
  • Hiding the URI column
  • Handling redirects
  • ContentProvider for download UI
  • Getting rid of OTHER_UID
  • Only using SDK APIs.
• Schedule
• Detailed Requirements
• System Architecture
  • Internal Product Dependencies
• Interface Documentation
  • Permissions
  • Content Provider
    • URIs
    • Columns
    • Destination Values
    • Visibility Values
    • Control Values
    • Status Values
    • Status Helper Functions
  • Intents
  • Differences between 1.0 and Cupcake
    • Writing code that works on both the 1.0 and Cupcake versions of the download manager.
• Functional Specification
  • Release notes for Cupcake
• Product Architecture
• Implementation Documentation
  • Database formats
• Future Directions
  • API
  • HTTP Handling
  • File names
  • UI
  • Handling of specific MIME types
  • Management of downloads based on environment
  • Management of simultaneous downloads
  • Minor functional changes, edge cases
  • Architecture and Implementation
  • Code style, refactoring
  • Browser changes

---

High-level requirements

Requirements for Android

Req#	Description	Detailed Requirements	Status
DLMGR_A_1	The Download Manager MUST satisfy the basic download needs of OTA Updates.		YES done in 1.0
DLMGR_A_2	The Download Manager MUST satisfy the basic download needs of Market.		YES done in 1.0
DLMGR_A_3	The Download Manager MUST satisfy the basic download needs of Gmail.		YES done in 1.0
DLMGR_A_4	The Download Manager MUST satisfy the basic download needs of the Browser.		YES done in 1.0
DLMGR_A_5	Downloads MUST happen and continue in the background, independently of the application in front.		YES done in 1.0
DLMGR_A_6	Downloads MUST be reliable even on unreliable network connections, within the capabilities of the underlying protocol and of the server.		YES done in 1.0
DLMGR_A_7	User-accessible files MUST be stored on the external storage card, and only files that are explicitly supported by an installed application must be downloaded.		YES done in 1.0
DLMGR_A_8	OMA downloads SHOULD be supported.		NO deferred beyond Cupcake (not enough time)
DLMGR_A_9	The Download Manager SHOULD only download when using high-speed (3G/wifi) links, or only when not roaming (if that can be detected).		NO deferred beyond Cupcake (not enough time)
DLMGR_A_10	Downloads SHOULD be user-controllable (if allowed by the initiating application), including pause, resume, and restart of failed downloads.	4001	NO deferred beyond Cupcake (not enough time, need precise specifications)

Requirements for Cupcake

Req#	Description	Detailed Requirements	Status
DLMGR_C_1	The Download Manager SHOULD resume downloads where the socket got cleanly closed while the download was incomplete (common behavior on proxies and Google servers)	2005	YES done in Cupcake
DLMGR_C_2	The Download Manager SHOULD retry/resume downloads instead of aborting when the server returns a HTTP code 503	2006	YES done in Cupcake
DLMGR_C_3	The Download Manager SHOULD randomize the retry delay	2007	YES done in Cupcake
DLMGR_C_4	The Download Manager SHOULD use the retry-after header (delta-seconds) for 503 responses	2008	YES done in Cupcake
DLMGR_C_5	The Download Manager MAY hide columns that aren't strictly necessary	1010	YES done in Cupcake
DLMGR_C_6	The Download Manager SHOULD allow the initiating app to pause an ongoing download	1011	YES done in Cupcake
DLMGR_C_7	The Download Manager SHOULD not display multiple notification icons for completed downloads.	4002	NO deferred beyond Cupcake (no precise specifications, need framework support)
DLMGR_C_8	The Download Manager SHOULD delete old files from /cache	3006	NO deferred beyond Cupcake (no precise specifications)
DLMGR_C_9	The Download Manager SHOULD handle redirects	2009	YES done in Cupcake

Requirements for Donut

Req#	Description	Detailed Requirements	Status

Technology Evaluation

ALSO See also future directions for possible additional technical changes.

Possible scope for Cupcake

Because there is no testing environment in place in the 1.0 code, and because the schedule between 1.0 and Cupcake doesn't leave enough time to develop a testing environment solid enough to be able to test the database upgrades from 1.0 database scheme to a new scheme, any work done in Cupcake will have to work within the existing 1.0 database scheme.

Reducing the number of classes

Each class in the system has a measurable RAM cost (because of the associated Class objects), and therefore reducing the number of classes when possible or relevant can reduce the memory requirements. That being said, classes that extend system classes and are necessary for the operation of the download manager can't be removed.

Class	Comments
com.android.providers.downloads.Constants	Only contains constants, can be merged into another class.
com.android.providers.downloads.DownloadFileInfo	Should be merged with DownloadInfo.
com.android.providers.downloads.DownloadInfo	Once we only store information in RAM about downloads that are explicitly active, can be merged with DownloadThread.
com.android.providers.downloads.DownloadNotification	Looks like it could be merged with DownloadProvider or DownloadService.
com.android.providers.downloads.DownloadNotification.NotificationItem	Can probably be eliminated by using queries intelligently.
com.android.providers.downloads.DownloadProvider	Extends ContentProvider, can't be eliminated.
com.android.providers.downloads.DownloadProvider.DatabaseHelper	Can probably be eliminated by re-implementing by hand the logic of SQLiteOpenHelper.
com.android.providers.downloads.DownloadProvider.ReadOnlyCursorWrapper	Can be eliminated once Cursor is read-only system-wide.
com.android.providers.downloads.DownloadReceiver	Extends BroadcastReceiver, can't be eliminated.
com.android.providers.downloads.DownloadService	Extends Service, unlikely that this can be eliminated. TBD.
com.android.providers.downloads.DownloadService.DownloadManagerContentObserver	Extends ContentObserver, can be eliminated if the download manager can be re-architected to not depend on ContentObserver any more.
com.android.providers.downloads.DownloadService.MediaScannerConnection	Can probably be merged into another class.
com.android.providers.downloads.DownloadService.UpdateThread	Can probably be made to implement Runnable instead and merged into another class, can be eliminated if the download manager can be re-architected to not depend onContentObserver any more.
com.android.providers.downloads.DownloadThread	Can probably be made to implement Runnable instead. Unclear whether this can be eliminated as we will probably need one object that represents an ongoing download (unless the entire state can be stored on the stack with primitive types, which is unlikely).
com.android.providers.downloads.Helpers	Can't be instantiated, can be merged into another class.
com.android.providers.downloads.Helpers.Lexer	Keeps state about an ongoing lex, can probably be merged into another class by making the lexer synchronized, since the operation is short-lived.

Reducing the list of visible columns

Security in the download provider is primarily enforced with two separate mechanisms:

• Column restrictions, such that only a small number of the download provider's columns can be read or queried by applications.
• UID restrictions, such that only the application that initiated a download can access information about that download.

The first mechanism is expected to be fairly robust (the implementation is quite simple, based on projection maps, which are highly structured), but the second one relies on arbitrary strings (URIs and SQL fragments) passed by applications and is therefore at a higher risk of being compromised. Therefore, sensitive information stored in unrestricted columns (for which the first mechanism doesn't apply) is at a greater risk than other information.

Here's the list of columns that can currently be read/queried, with comments:

Column	Notes
_ID	Needs to be visible so that the app can uniquely identify downloads. No security concern: those numbers are sequential and aren't hard to guess.
_DATA	Probably should not be visible to applications. WARNING Security concern: This holds filenames, including those of private files. While file permissions are supposed to kick in and protect the files, hiding private filenames deeper in would probably be a reasonable idea.
MIMETYPE	Needs to be visible so that app can display the icon matching the mime type. Intended to be visible by 3rd-party download UIs. TODOSecurity TBD before we implement support for 3rd-party UIs.
VISIBILITY	Needs to be visible in case an app has both visible and invisible downloads. No obvious security concern.
DESTINATION	Needs to be visible in case an app has multiple destinations and wants to distinguish between them. Also used internally by the download manager. No obvious security concern.
STATUS	Needs to be visible (1004). No obvious security concern.
LAST_MODIFICATION	Needs to be visible, e.g. so that apps can sort downloads by date of last activity, or discard old downloads. No obvious security concern.
NOTIFICATION_PACKAGE	Allows individual apps running under shared UIDs to identify their own downloads. No security concern: can be queried through package manager.
NOTIFICATION_CLASS	See NOTIFICATION_PACKAGE.
TOTAL_BYTES	Needs to be visible so that the app can display a progress bar. No obvious security concern. Intended to be visible by 3rd-party download UIs.
CURRENT_BYTES	See TOTAL_BYTES.
TITLE	Intended to be visible by 3rd-party download UIs. TODO Security and Privacy TBD before we implement support for 3rd-party UIs.
DESCRIPTION	See TITLE.

Hiding the URI column

The URI column is visible to the initiating application, which is a mild security risk. It should be hidden, but the OTA update mechanism relies on it to check duplicate downloads and to display the download that's currently ongoing in the settings app. If another string column was exposed to the initiating applications, the OTA update mechanism could use that one, and URI could then be hidden. For Cupcake, without changing the database schema, the ENTITYcolumn could be re-used as it's currently unused.

Handling redirects

There are two important aspects to handle redirects:

• Storing the intermediate URIs in the provider.
• Protecting against redirect loops.

If the URI column gets hidden, it could be used to store the intermediate URIs. After 1.0 the only available integer columns were METHOD and CONTROL. CONTROLwas re-exposed to applications and can't be used. METHOD is slated to be re-used for 503 retry-after delays. It could be split into two halves, one for retry-after and one for the redirect count. It would make more sense to count the redirect loop with FAILED_CONNECTIONS, but since there's already quite some code using it it'd take a bit more effort. Ideally handling of redirects would be delayed until a future release, with a cleanup of the database schema (going along with the cleanup of the handling of filenames).

Because of the pattern used to read/write DownloadInfo and DownloadProvider, it's impractical to store multiple small integers into a large one. Therefore, since there are no integer columns left in the database, redirects will have to wait beyond Cupcake.

ContentProvider for download UI

In order to allow a UI that can "see" all the relevant downloads, there'll need to be a separate URI (or set of URIs) in the content provider: trying to use the exact same URIs for regular download control and for UI purposes (distinguishing them based on the permissions of the caller) will break down if a same app (or actually a same UID) tries to do both. It'll also break down if the system process tries to do regular download activities, since it has all permissions.

Beyond that, there's little technical challenge: there are already mechanisms in place to restrict the list of columns that can be inserted, queried and updated (inserting of course makes no sense through the UI channel), they just need to be duplicated for the case of the UI. The download provider also knows how to check the permissions of its caller, there isn't anything new here.

Getting rid of OTHER_UID

Right now OTHER_UID is used by checkin/update to allow the settings app to display the name of an ongoing OTA update, and by Market to allow the system to install the new apks. It is however a dangerous feature, at least because it touches a part of the code that is critical to the download manager security (separation of applications).

Getting rid of OTHER_UID would be beneficial for the download manager, but the existing functionality has to be worked around. At this point, the idea that I consider the most likely would be to have checkin and market implement =ContentProvider= wrappers around their downloads, and expose those content providers to whichever app they want, with whichever security mechanism they wish to have.

Only using SDK APIs.

It'd be good if the download manager could be built against the SDK as much as possible.

Here's the list of APIs as of Nov 5 2008 that aren't in the current public API but that are used by the download manager:

com.google.android.collect.Lists
android.drm.mobile1.DrmRawContent
android.media.IMediaScannerService
android.net.http.AndroidHttpClient
android.os.FileUtils
android.provider.DrmStore

Schedule

• No future milestones currently defined

Detailed Requirements

Req#	History	Status	Feature	Description	Notes
1xxx	N/A		API
1001	1.0 YES		Download Manager API	The download manager provides an API that allows applications to initiate downloads.
1002	1.0 YES		Cookies	The download manager API allows applications to pass cookies to the download manager.
1003	1.0 YES		Security	The download manager provides a mechanism that prevents arbitrary applications from accessing meta-data about current and past downloads.	In 1.0, known holes between apps
1004	1.0 YES		Status to Initiator	The download manager allows the application initiating a download to query the status of that download.
1005	1.0 YES		Cancel by Initiator	The download manager allows the application initiating a download to cancel that download.
1006	1.0 YES		Notify Initiator	The download manager notifies the application initiating a download when the download completes (with success or failure)
1007	1.0 YES		Fire and Forget	The download manager does not rely on the initiating application when saving the file to a shared filesystem area
1008	1.0 YES		Short User-Readable Description	The download manager allows the initiating application to optionally provide a user-readable short description of the download
1009	1.0 YES		Long User-Readable Description	The download manager allows the initiating application to optionally provide a user-readable full description of the download
1010	CupcakeYES	Cupcake P3 YES	Restrict column access	The download provider doesn't allow access to columns that aren't strictly necessary.
1011	CupcakeYES	Cupcake P2 YES	Pause downloads	The download provider allows the application initiating a download to pause that download.
2xxx	N/A		HTTP
2001	1.0 YES		HTTP Support	The download manager supports all the features of HTTP 1.1 (RFC 2616) that are relevant to file downloads.	Codes 3xx weren't considered relevant when those requirements were written
2002	1.0 YES		Resume Downloads	The download manager resumes downloads that get interrupted.
2003	1.0 YES		Flaky Downloads	The download manager has mechanism that prevent excessive retries of downloads that consistently fail or get interrupted.
2004	1.0 YES		Resume after Reboot	The download manager resumes downloads across device reboots.
2005	CupcakeYES	Cupcake P2 YES	Resume after socket closed	The download manager resumes incomplete downloads after the socket gets cleanly closed	This is necessary in order to reliably download through GFEs, though it pushes us further away from being able to download from servers that don't implement pipelining.
2006	CupcakeYES	Cupcake P2 YES	Resume after 503	The download manager resumes or retries downloads when the server returns an HTTP code 503
2007	CupcakeYES	Cupcake P2 YES	Random retry delay	The download manager uses partial randomness when retrying downloads on an exponential backoff pattern.
2008	CupcakeYES	Cupcake P2 YES	Retry-after delta-seconds	The download manager uses the retry-after header in a 503 response to decide when to retry the request	Handling of absolute dates will be covered by a separate requirement.
2009	CupcakeYES	Cupcake P2 YES	Redirects	The download manager handles common redirects.
25xx	N/A		HTTP/Conditions
3xxx	N/A		Storage
3001	1.0 YES		File Storage	The download manager stores the results of downloads in persistent storage.
3002	1.0 YES		Max File Size	The download manager is able to handle large files (order of magnitude: 50MB)
3003	1.0 YES		Destination File Permissions	The download manager restricts access to the internal storage to applications with the appropriate permissions
3004	1.0 YES		Initiator File Access	The download manager allows the initiating application to access the destination file
3005	1.0 YES		File Types	The download manager does not save files that can't be displayed by any currently installed application
3006	CupcakeNO	Cupcake P3 NO	Old Files in /cache	The download manager deletes old files in /cache
35xx	N/A		Storage/Filename
4xxx	N/A		UI
4001	1.0 NO		Download Manager UI	The download manager provides a UI that lets user get information about current downloads and control them.	Didn't get spec on time to be able to even consider it.
4002	CupcakeNO	Cupcake P2 NO	Single Notification Icon	The download manager displays a single icon in the notification bar regardless of the number of ongoing and completed downloads.	No spec in Cupcake timeframe.
5xxx	N/A		MIME
52xx	N/A		MIME/DRM
5201	1.0 YES		DRM	The download manager respects the DRM information it receives with the responses
54xx	N/A		MIME/OMA
60xx	N/A		Misc
65xx	N/A		Misc/Browser

System Architecture

+----------------------+    +--------------------------------------+    +-------------+
|                      |    |                                      |    |             |
|   Download Manager   |    |  Browser / Gmail / Market / Updater  |    |  Viewer App |
|                      |    |                                      |    |             |
+----------------------+    +--------------------------------------+    +-------------+
    ^    |    ^                                             ^                ^
    |    |    |                                             |                |
    |    |    |                                             |                |
    |    |    |      +---------------------------+          |                |
    |    |    |      |                           |          |                |
    |    |    |      |                           |          |                |
    |    |    +-------- - - - - - - - - - - - - ------------+                |
    |    |           |                           |                           |
    |    |           |                           |                           |
    |    +------------- - - - - - - - - - - - - -----------------------------+
    |                |                           |
    |                |                           |
    +--------------->|     Android framework     |
                     |                           |
                     |                           |
                     +---------------------------+

          Application                        Download Manager                         Viewer App
               |                                     |                                     |
               |         initiate download           |                                     |
               |------------------------------------>|                                     |
               |<------------------------------------|                                     |
               |        content provider URI         |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |           query download            |                                     |
               |------------------------------------>|                                     |
               |<------------------------------------|                                     |
               |              Cursor                 |                                     |
               |                                     |                                     |
               |       register ContentObserver      |                                     |
               |------------------------------------>|                                     |
               |                                     |                                     |
               |     ContentObserver notification    |                                     |
               |<------------------------------------|                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |    intent "notification clicked"    |                                     |
               |<------------------------------------|                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |      intent "download complete"     |                                     |
               |<------------------------------------|                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |            intent "view"            |
               |                                     |------------------------------------>|
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |           update download           |                                     |
               |------------------------------------>|                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |         open downloaded file        |                                     |
               |------------------------------------>|                                     |
               |<------------------------------------|                                     |
               |         ParcelFileDescriptor        |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |           delete download           |                                     |
               |------------------------------------>|                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               |                                     |                                     |
               v                                     v                                     v

Internal Product Dependencies

• [reverse dependency] GMail depends on the download manager to download attachments.
• [reverse dependency] OTA Update depends on the download manager to download system images.
• [reverse dependency] Vending Machine depends on the download manager to download content.
• [reverse dependency] Browser depends on the download manager to download non-browsable.
• Download Manager depends on a notification system to let the user know when downloads complete or otherwise require attention.
• Download Manager depends on a mechanism to share files with another app (letting apps access its files, or accessing apps' files).
• Download Manager depends on the ability to associate individual downloads with separate applications and to restrict apps to only access their own downloads.
• Download Manager depends on an HTTP stack that predictably processes all relevant kinds of HTTP requests and responses.
• Download Manager depends on a connectivity manager that reports accurate information about the status of the different data connections.

Interface Documentation

WARNING Since none of those APIs are public, they are all subject to change. If you're working in the Android source tree, do NOT use the explicit values,ONLY use the symbolic constants, unless you REALLY know what you're doing and are willing to deal with the consequences; you've been warned.

The various constants that are meant to be used by applications are all defined in the android.provider.Downloads class. Whenever possible, the constants should be used instead of the explicit values.

Permissions

Constant name	Permission name	Access restrictions	Description
Downloads.PERMISSION_ACCESS	"android.permission.ACCESS_DOWNLOAD_MANAGER"	Signature or System	Applications that want to access the Download Manager MUST have this permission.
Downloads.PERMISSION_ACCESS_ADVANCED	"android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED"	Signature or System	This permission protects some legacy APIs that new applications SHOULD NOT use.
Downloads.PERMISSION_CACHE	"android.permission.ACCESS_CACHE_FILESYSTEM"	Signature	This permission allows an app to access the /cache filesystem, and is only needed by the Update code. Other applications SHOULD NOT use this permission
Downloads.PERMISSION_SEND_INTENTS	"android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS"	Signature	The download manager holds this permission, and the receivers through which applications get intents of completed downloads SHOULD require this permission from the sender

Content Provider

The primary interface that applications use to communicate with the download manager is exposed as a ContentProvider.

URIs

The URIs for the Content Provider are:

Constant name	URI	Description
Downloads.CONTENT_URI	Uri.parse("content://downloads/download")	The URI of the whole Content Provider, used to insert new rows, or to query all rows.
N/A	ContentUris.withAppendedId(CONTENT_URI, )	The URI of an individual download.  is the value of the Download._ID column

Columns

The following columns are available:

Constant name	Column name	SQL Type	Access	Description	Notes
Downloads._ID	"_id"	Integer	Read		Inherited from BaseColumns._ID.
Downloads.URI	"uri"	Text	Init		Used to be readable.
Downloads.APP_DATA	"entity"	Text	Init/Read/Modify		Actual column name will change in the future.
Downloads.NO_INTEGRITY	"no_integrity"	Boolean	Init		Used to be readable.
Downloads.FILENAME_HINT	"hint"	Text	Init		Used to be readable.
Downloads._DATA	"_data"	Text	Read		Used to be Downloads.FILENAME and "filename".
Downloads.MIMETYPE	"mimetype"	Text	Init/Read
Downloads.DESTINATION	"destination"	Integer	Init		See Destination codes for details of legal values. Used to be readable.
Downloads.VISIBILITY	"visibility"	Integer	Init/Read/Modify		See Visibility codes for details of legal values.
Downloads.CONTROL	"control"	Integer	Init/Read/Modify		See Control codes for details of legal values.
Downloads.STATUS	"status"	Integer	Read		See Status codes for details of possible values.
Downloads.LAST_MODIFICATION	"lastmod"	Bigint	Read
Downloads.NOTIFICATION_PACKAGE	"notificationpackage"	Text	Init/Read
Downloads.NOTIFICATION_CLASS	"notificationclass"	Text	Init/Read
Downloads.NOTIFICATION_EXTRAS	"notificationextras"	Text	Init
Downloads.COOKIE_DATA	"cookiedata"	Text	Init
Downloads.USER_AGENT	"useragent"	Text	Init
Downloads.REFERER	"referer"	Text	Init
Downloads.TOTAL_BYTES	"total_bytes"	Integer	Read		Might gain Init access in the future.
Downloads.CURRENT_BYTES	"current_bytes"	Integer	Read
Downloads.OTHER_UID	"otheruid"	Integer	Init		Requires the android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED permission. Used to be readable and writable. Might disappear entirely if possible.
Downloads.TITLE	"title"	String	Init/Read/Modify
Downloads.DESCRIPTION	"description"	String	Init/Read/Modify

Destination Values

Constants name	Constant value	Description	Notes
Downloads.DESTINATION_EXTERNAL	0	Saves the file to the SD card.	Default value. Fails is SD card is not present.
Downloads.DESTINATION_CACHE_PARTITION	1	Saves the file to the internal cache partition.	Requires the "android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED"permission
Downloads.DESTINATION_CACHE_PARTITION_PURGEABLE	2	Saves the file to the internal cache partition.	The download can get deleted at any time by the download manager when it needs space.

Visibility Values

Constants name	Constant value	Description	Notes
Downloads.VISIBILITY_VISIBLE_NOTIFY_COMPLETED	0	The download is visible in download UIs, and it shows up in the notification area during download and after completion.	Default value for external downloads.
Downloads.VISIBILITY_VISIBLE	1	The download is visible in download UIs, and it shows up in the notification area during download but not after completion.
Downloads.VISIBILITY_HIDDEN	2	The download is hidden from download UIs and doesn't show up in the notification area.	Default value for internal downloads.

Control Values

Constants name	Constant value	Description	Notes
Downloads.CONTROL_RUN	0	The download is allowed to run.	Default value.
Downloads.CONTROL_PAUSED	0	The download is paused.

Status Values

Constants name	Constant value	Description	Notes
Downloads.STATUS_PENDING	190	Download hasn't started.
Downloads.STATUS_PENDING_PAUSED	191	Download hasn't started and can't start immediately (network unavailable, paused by user).	Not currently used.
Downloads.STATUS_RUNNING	192	Download has started and is running
Downloads.STATUS_RUNNING_PAUSED	193	Download has started, but can't run at the moment (network unavailable, paused by user).
Downloads.STATUS_SUCCESS	200	Download completed successfully.
Downloads.STATUS_BAD_REQUEST	400	Couldn't initiate the request, or server response 400.
Downloads.STATUS_NOT_ACCEPTABLE	406	No handler to view the file (external downloads), or server response 406.	External downloads are meant to be user-visible, and are aborted if there's no application to handle the relevant MIME type.
Downloads.STATUS_LENGTH_REQUIRED	411	The download manager can't know the length of the download.	Because of the unreliability of cell networks, the download manager only performs downloads when it can verify that it has received all the data for a download, except if the initiating app sets theDownloads.NO_INTEGRITY flag.
Downloads.STATUS_PRECONDITION_FAILED	412	The download manager can't resume an interrupted download, because it didn't receive enough information from the server to be able to resume.
Downloads.STATUS_CANCELED	490	The download was canceled by a cause outside the Download Manager.	Formerly known as Downloads.STATUS_CANCELLED. Might be impossible to observe in 1.0.
Downloads.STATUS_UNKNOWN_ERROR	491	The download was aborted because of an unknown error.	Formerly known as Downloads.STATUS_ERROR. Typically the result of a runtime exception that is not explicitly handled.
Downloads.STATUS_FILE_ERROR	492	The download was aborted because the data couldn't be saved.	Most commonly happens when the filesystem is full.
Downloads.STATUS_UNHANDLED_REDIRECT	493	The download was aborted because the server returned a redirect code 3xx that the download manager doesn't handle.	The download manager currently handles 301, 302 and 307.
Downloads.STATUS_TOO_MANY_REDIRECTS	494	The download was aborted because the download manager received too many redirects while trying to find the actual file.
Downloads.STATUS_UNHANDLED_HTTP_CODE	495	The download was aborted because the server returned a status code that the download manager doesn't handle.	Standard codes 3xx, 4xx and 5xx don't trigger this.
Downloads.STATUS_HTTP_DATA_ERROR	496	The download was aborted because of an unrecoverable error trying to get data over the network.	Typically this happens when the download manager received several I/O Exceptions in a row while the network is available and without being able to download any data.
	4xx	standard HTTP/1.1 4xx codes returned by the server are used as-is.	Don't rely on non-standard values being passed through, especially the higher values that would collide with download manager codes.
	5xx	standard HTTP/1.1 5xx codes returned by the server are used as-is.	Don't rely on non-standard values being passed through.

Status Helper Functions

Function signature	Description
public static boolean Downloads.isStatusInformational(int status)	Returns whether the status code matches a download that hasn't completed yet.
public static boolean Downloads.isStatusSuspended(int status)	Returns whether the download hasn't completed yet but isn't currently making progress.
public static boolean Downloads.isStatusSuccess(int status)	Returns whether the download successfully completed.
public static boolean Downloads.isStatusError(int status)	Returns whether the download failed.
public static boolean Downloads.isStatusClientError(int status)	Returns whether the download failed because of a client error.
public static boolean Downloads.isStatusServerError(int status)	Returns whether the download failed because of a server error.
public static boolean Downloads.isStatusCompleted(int status)	Returns whether the download completed (with no distinction between success and failure).

Intents

The download manager sends an intent broadcast Downloads.DOWNLOAD_COMPLETED_ACTION when a download completes.

The download manager sends an intent broadcast Downloads.NOTIFICATION_CLICKED_ACTION when the user clicks a download notification that doesn't match a download that can be opened (e.g. because the notification is for several downloads at a time, or because it's for an incomplete download, or because it's for a private download).

The download manager starts an activity with Intent.ACTION_VIEW when the user clicks a download notification that matches a download that can be opened.

Differences between 1.0 and Cupcake

WARNING These are the differences for apps built from source in the Android source tree, i.e. they don't cover any of the cases of binary incompatibility.

• Cursors returned by the content provider are now read-only.
• SQL "where" statements are now verified and must follow a rigid syntax (the most visible aspect being that all parameters much be single-quoted).
• Columns and constants that were unused or ineffective are gone: METHOD, NO_SYSTEM_FILES, DESTINATION_DATA_CACHE, OTA_UPDATE.
• OTHER_UID and DESTINATION_CACHE_PARTITION require android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED.
• The list of columns that can be queried and read is limited: _ID, APP_DATA, _DATA, MIMETYPE, CONTROL, STATUS, LAST_MODIFICATION, NOTIFICATION_PACKAGE,NOTIFICATION_CLASS, TOTAL_BYTES, CURRENT_BYTES, TITLE, DESCRIPTION.
• The list of columns that can be initialized by apps is limited: URI, APP_DATA, NO_INTEGRITY, FILENAME_HINT, MIMETYPE, DESTINATION, VISIBILITY, CONTROL, STATUS,LAST_MODIFICATION, NOTIFICATION_PACKAGE, NOTIFICATION_CLASS, NOTIFICATION_EXTRAS, COOKIE_DATA, USER_AGENT, REFERER, OTHER_UID, TITLE, DESCRIPTION.
• The list of columns that can be updated by apps is limited: APP_DATA, VISIBILITY, CONTROL, TITLE, DESCRIPTION.
• Downloads to the SD card default to have notifications that are visible after completion, internal downloads default to notifications that are always hidden.
• The constant FILENAME was renamed Downloads._DATA.
• Downloads can be paused and resumed by writing to the CONTROL column. Downloads.CONTROL_RUN (Default) makes the download go, Downloads.CONTROL_PAUSED pauses it.
• New column APP_DATA that is untouched by the download manager, used to store app-specific info about the downloads.
• Minor differences unlikely to affect applications:
  • The notification class/package must now match the UID.
  • The backdoor to see the entire provider (which was intended to implement UIs) is gone.
  • Private column names were removed from the public API.

Writing code that works on both the 1.0 and Cupcake versions of the download manager.

If you're not 100% sure that you need to be reading this chapter, don't read it.

Basic rule: don't use features that only exist in one of the two implementations (POST, downloads to /data...).

Also, don't use columns in 1.0 that are protected or hidden in Cupcake.

Unfortunately, that's not always entirely possible.

Areas of concern:

• Some columns were renamed. FILENAME became Downloads._DATA ("_data"), and ENTITY became APP_DATA ("entity").
  • The difference can be used to distinguish between 1.0 and Cupcake, though reflection.
  • The difference prevents from using any of the symbolic constants directly in source code: if the same binary wants to run on both 1.0 and Cupcake, it will have to hard-code the values of those constants or use reflection to get to them.
• URI column accessible in 1.0 but protected in Cupcake. Code that relies on being able to re-read its URI should be using APP_DATA in Cupcake, but that column doesn't exist as such in 1.0.
  • If the code detects that it's running on Cupcake, write URI to APP_DATA in addition to URI, and query and read from the appropriate column.
  • Since the underlying column for APP_DATA exists in both 1.0 and Cupcake even though it has different names, it can actually be used in both cases (see note above about renamed columns).
• Some of the error codes have been renumbered. STATUS_UNHANDLED_HTTP_CODE and STATUS_HTTP_DATA_ERROR were bumped up from 494 and 495 to 495 and 496.
• Backward compatibility is not guaranteed: the download manager APIs weren't meant to be backward compatible yet. As such it's impossible to guarantee that code that uses the Cupcake download manager will be binary-compatible with future versions.
  • I intend to eventually change the column name for APP_DATA to "app_data". Because of that, code should use reflection to get to that name instead of hard-coding "entity", so that it always gets the right value for the string.
  • I intend to refine the handling of filenames and content URIs, exposing separate columns for situations where a download can be accessed both as a file and through a content URI (e.g. stuff that is recognized by the media scanner). Unfortunately at this point this feature isn't clear in my mind. I'd recommend using reflection to look for the Downloads._DATA column, and if it isn't there to look for the FILENAME column (which has the advantage of also dealing with the difference between 1.0 and Cupcake).
  • I intend to renumber the error codes, especially those in the 4xx range, and especially those below 490 (which overlap with standard HTTP error codes but will probably be separated). Reflection would improve the probability to getting to them in the future. Unfortunately, the names of the constants are likely to change in the process, in order to disambiguate codes coming from HTTP from those generated locally. I might try to stick to the following pattern: where a constant is currently named STATUS_XXX, its locally-generated version in the future might be named STATUS_LOCAL_XXX while the current constant name might disappear. Using reflection to try to get to the possible new name instead of using the old name might improve the probability of compatibility in the future. That being said, it is critically important to properly handle the full ranges or error codes, especially the 4xx range, as "expected" errors, and it is far preferable to not try to distinguish between those codes at all: use the functions Downloads.isError and Downloads.isClientError to easily recognize those entire ranges. In order of probability, the 1xx range is the second most likely to be affected.

Functional Specification

All the details about what the product does.

TODO

Release notes for Cupcake

• HTTP codes 301, 302, 303 and 307 (redirects) are now supported
• HTTP code 503 is now handled, with support for retry-after in delay-seconds
• Downloads that were cleanly interrupted are now resumed instead of failing
• Applications can now pause their downloads
• Retry delays are now randomized
• Connectivity is now checked on all interfaces
• Downloads with invalid characters in file name can now be saved
• Various security fixes
• Minor API changes (see API differences between 1.0 and Cupcake)

Product Architecture

How the tasks are split between the different modules that implement the product/feature.

TODO To be completed

Class
com.android.providers.downloads.Constants
com.android.providers.downloads.DownloadFileInfo
com.android.providers.downloads.DownloadInfo
com.android.providers.downloads.DownloadNotification
com.android.providers.downloads.DownloadNotification.NotificationItem
com.android.providers.downloads.DownloadProvider extends ContentProvider
com.android.providers.downloads.DownloadProvider.DatabaseHelper extends SQLiteOpenHelper
com.android.providers.downloads.DownloadProvider.ReadOnlyCursorWrapper extends CursorWrapper implements CrossProcessCursor
com.android.providers.downloads.DownloadReceiver extends BroadcastReceiver
com.android.providers.downloads.DownloadService extends Service
com.android.providers.downloads.DownloadService.DownloadManagerContentObserver extends ContentObserver
com.android.providers.downloads.DownloadService.MediaScannerConnection implements ServiceConnection
com.android.providers.downloads.DownloadService.UpdateThread extends Thread
com.android.providers.downloads.DownloadThread extends Thread
com.android.providers.downloads.Helpers
com.android.providers.downloads.Helpers.Lexer

The download manager is built primarily around a ContentProvider and a Service. The ContentProvider part is the front end, i.e. applications communicate with the download manager through the provider. The Service part is the back end, which contains the actual download logic, running as a background process.

As a first approach, the provider is essentially a canonical provider backed by a SQLite3 database. The biggest difference between the download provider and a "plain" provider is that the download provider aggressively validates its inputs, for security reasons.

The service is a background process that performs the actual downloads as requested by the applications. The service doesn't offer any bindable interface, the service object exists strictly so that the system knows how to prioritize the download manager's process against other processes when memory is tight.

Communication between the provider and the service is done through public Android APIs, so that the two components are deeply decoupled (they could in fact run in different processes). The download manager starts the service whenever a change is made that can start or restart a download. The service observes and queries the provider for changes, and updates the provider as the download progresses.

There are a few secondary classes that provide auxiliary functions.

A Receiver listens to several broadcasts. Is receives some system broadcasts when the system boots (so that the download manager can resume downloads that were interrupted when the system was turned off) or when the connectivity changes (so that the download manager can restart downloads that were interrupted when connectivity was lost). It also receives intents when the user selects a download notification.

Finally, some helper classes provide support functions.

Most significantly, DownloadThread is responsible for performing the actual downloads as part of the DownloadService's functionality, while UpdateThread is responsible for updating the DownloadInfo whenever the DownloadProvider data changes.

DownloadInfo and DownloadFileInfo hold pure data structures, with little or no actual logic.

Lexer takes care of validating the snippets of SQL data that are received from applications, to avoid cases of SQL injection.

The service keeps a copy of the provider data in RAM, so that it can determine what changed in the provider when it receives a change notification through the ContentObserver. That data is kept in an array of DownloadInfo structures.

Each DownloadThread performs the operations for a single download (or, more precisely, for a single HTTP transaction). Each DownloadThread is backed by a DownloadInfo object. which is in fact on of the objects kept by the DownloadService. While a download is running, the DownloadService can influence the download by writing data into the relevant DownloadInfo object, and the DownloadThread checks that object at appropriate times during the download.

Because the DownloadService updates the DownloadInfo objects asynchronously from everything else (it uses a dedicated thread for that purpose), a lot of care has to be taken when upgrading the DownloadInfo object. In fact, only the DownloadService's updateThread function can update that object, and it should be considered read-only to every other bit of code. Even within the updateThread function, some care must be taken to ensure that the DownloadInfos don't get out of sync with the provider.

On the other hand, the DownloadService's updateThread function does upgrade the DownloadInfo when it spawns new DownloadThreads (and in a few more circumstances), and when it does that it must also update the DownloadProvider (or risk seeing its DownloadInfo data get overwritten).

Because of all that, all code outside of the DowloadService's updateThread must neither read from DownloadProvider nor write to the DownloadInfo objects under any circumstances. The DownloadService's updateFunction is responsible for copying data from the DownloadProvider to the DownloadInfo objects, and must ensure that the DownloadProvider remains in sync with the information it writes into the DownloadInfo objects.

Implementation Documentation

How individual modules are implemented.

TODO To be completed

Database formats

Android 1.0, format version 31, table downloads:

Column	Type
"_id"	INTEGER PRIMARY KEY AUTOINCREMENT
"uri"	TEXT
"method"	INTEGER
"entity"	TEXT
"no_integrity"	BOOLEAN
"hint"	TEXT
"otaupdate"	BOOLEAN
"_data"	TEXT
"mimetype"	TEXT
"destination"	INTEGER
"no_system"	BOOLEAN
"visibility"	INTEGER
"control"	INTEGER
"status"	INTEGER
"numfailed"	INTEGER
"lastmod"	BIGINT
"notificationpackage"	TEXT
"notificationclass"	TEXT
"notificationextras"	TEXT
"cookiedata"	TEXT
"useragent"	TEXT
"referer"	TEXT
"total_bytes"	INTEGER
"current_bytes"	INTEGER
"etag"	TEXT
"uid"	INTEGER
"otheruid"	INTEGER
"title"	TEXT
"description"	TEXT
"scanned"	BOOLEAN

Cupcake, format version 100: Same as format version 31.

Future Directions

WARNING This section is for informative purposes only.

API

• Expose Download Manager to 3rd party apps - security, robustness .
• Validate application-provided user agent, cookies, etc... to protect against e.g. header injection.
• Allow trust-and-verify MIME type.
• Extract response string from HTTP responses, extract entity from failed responses
• If app fails to be notified, retry later - don't give up because of a single failure.
• Support data: URIs .
• Download files to app-provided content provider .
• Don't pass HTTP codes above about 490 to the initiating app (figure out what the threshold should be).
• Allow initiating app to specify that it wants wifi-only downloads .
• Provide SQL "where" clauses for the different categories of status codes, matching isStatusXXX().
• There has to be a mechanism by which old downloads are automatically purged from /cache if there's not enough space .
• Clicking the notification for a completed download should go through the initiating app instead of directly opening the file (but what about fire and forget?).
• Clean up the difference between pending_network (waiting for network) and running_paused (user paused the download).
• Allow any app to access the downloaded file (but no other column) of user-downloaded files .
• Provider should return more errors and throw fewer exceptions if possible.
• Add option to auto-dismiss notifications for completed downloads after a given time .
• Delete filename in case of failure - better handle the separation between filename and content URI.
• Allow the initiating application to specify that it wants to restart downloads from scratch if they're interrupted and can't be resumed .
• Save images directly from browser without re-downloading data .
• Give applications the ability to explicitly specify the full target filename (not just a hint).
• Give applications the ability to download multiple files into multiple set locations as if they were a single "package".
• Give applications the ability to download files only if they haven't been already downloaded.
• Give applications the ability to download files that have already been downloaded only if there's a newer version.
• Set-cookie in the response.
• basic auth .
• app-provided prompts for basic auth, ssl, redirects.
• File should be hidden from initiating application when DRM.
• Delay writing of app-visible filename column until file visible (split user-visible vs private files?).
• Separate locally-generated status codes from standard HTTP codes.
• Allow app to specify it doesn't want to resume downloads across reboots (because they might require additional work).
• Allow app to prioritize user-initiated downloads.
• Allow app to specify length of download (full trust, or trust-and-verify).
• Support POST.
• Support PUT.
• Support plugins for additional protocols and download descriptors.
• Rename columns to have an appropriate COLUMN_ prefix.

HTTP Handling

• Fail download immediately on authoritative unresolved hostnames .
• The download manager should use the browser's user-agent by default.
• Redirect with HTTP Refresh headers (download current and target content with non-zero refresh).
• Handle content-encoding header.
• Handle transfer-encoding header.
• Find other ways to validate interrupted downloads (signature, last-mod/if-modified-since) .
• Make downloads time out in case of long time with no activity.

File names

• Protect against situations where there's already a "downloads" directory on SD card.
• Deal with filenames with invalid characters.
• Refine the logic that builds filenames to better match desktop browsers - drop the query string.
• URI-decode filenames generated from URIs.
• Better deal with filenames that end in '.'.
• Deal with URIs that end in '/' or '?'.
• Investigate how to better deal with filenames that have multiple extensions.

UI

• Prompt for redirects across domains or cancel.
• Prompt for redirects from SSL or cancel.
• Prompt for basic auth or cancel.
• Prompt for SSL with untrusted/invalid/expired certificates or cancel.
• Reduce number of icons in the title bar, possibly as low as 1 (animated if there are ongoing downloads, fixed if all downloads have completed) .
• UI to cancel visible downloads.
• UI to pause visible downloads.
• Reorder downloads.
• View SSL certificates.
• Indicate secure downloads.

Handling of specific MIME types

• Parse HTML for redirects with meta tag.
• Handle charsets and transcoding of text files.
• Deal with multiparts.
• Support OMA downloads with DD and data in same multipart, i.e. combined delivery.
• Assume application/octet-stream for http responses with no mime type.
• Download anything if an app supports application/octet-stream.
• Download any text/* if an application supports text/plain.
• Should the media scanner be invoked on DRM downloads?
• Refresh header with timer should be followed if content is not downloadable.
• Support OMA downloads.
• Support MIDP-OTA downloads.
• Support Sprint MCD downloads.
• Sniff content when receiving MIME-types known to be inaccurately sent by misconfigured servers.

Management of downloads based on environment

• If the device routinely connects over wifi, delay non-interactive downloads by a certain amount of time in case wifi becomes available
• Turn on wifi if possible
• Fall back to cell when wifi is available but download doesn't proceed
• Be smarter about spurious losses (i.e. exceptions while network appears up) when the active network changes (e.g. turn on wifi while downloading over cell).
• Investigate the use of wifi locks, especially when performing non-resumable downloads.
• Poll network state (and maybe even try to connect) even without notifications from the connectivity manager (in case the notifications go AWOL or get inconsistent) .
• Pause when conditions degrade .
• Pause when roaming.
• Throttle or pause when user is active.
• Pause on slow networks (2G).
• Pause when battery is low.
• Throttle to not overwhelm the link.
• Pause when sync is active.
• Deal with situations where the active connection is down but there's another connection available
• Download files at night when the user is not explicitly waiting.

Management of simultaneous downloads

• Pipeline requests on limited number of sockets, run downloads sequentially .
• Manage bandwidth to not starve foreground tasks.
• Run unsized downloads on their own (on a per-filesystem basis) to avoid failing multiple of them because of a full filesystem .

Minor functional changes, edge cases

• The database could be somewhat checked when it's opened.
• [DownloadProvider.java] When upgrading the database, the numbering of ids should restart where it left off.
• [DownloadProvider.java] Handle errors when failing to start the service.
• [DownloadProvider.java] Explicitly populate all database columns that have documented default values, investigate whether that can be done at the SQL level.
• [DownloadProvider.java] It's possible that the last update time should be updated by the Sevice logic, not by the content provider.
• When relevant, combine logged messages on fewer lines.
• [DownloadService.java] Trim the database in the provider, not in the service. Notify application when trimming. Investigate why the row count seems off by one. Enforce on an ongoing basis.
• [DownloadThread.java] When download is restarted and MIME type wasn't provided by app, don't re-use MIME type.
• [DownloadThread.java] Deal with mistmatched file data sizes (between database and filesystem) when resuming a download, or with missing files that should be here.
• [DownloadThread.java] Validate that the response content-length can be properly parsed (i.e. presence of a string doesn't guarantee correctness).
• [DownloadThread.java] Be finer-grained with the way file permissions are managed in /cache - don't 0644 everything .
• Truncate files before deleting them, in case they're still open cross-process.
• Restart from scratch downloads that had very little progress .
• Deal with situations where /data is full as it prevents the database from growing (DoS) .
• Wait until file scanned to notify that download is completed.
• Missing some detailed logging about IOExceptions.
• Allow to disable LOGD debugging independently from system setting.
• Pulling the battery during a download corrupts files (lots of zeros written) .
• Should keep a bit of "emergency" database storage to initiate the download of an OTA update, in a file that is pre-allocated whenever possible (how to know it's an OTA update?).
• Figure out how to hook up into dumpsys and event log.
• Use the event log to log download progress.
• Use /cache to stage downloads that eventually go to the sd card, to avoid having sd files open too long in case the use pulls the card and to avoid partial files for too long.
• Maintain per-application usage statistics.
• There might be corner cases where the notifications are slightly off because different notifications might be using PendingIntents that can't be distinguished (differing only by their extras).

Architecture and Implementation

• The content:// Uri of individual downloads could be cached instead of being re-built whenever it's needed.
• [DownloadProvider.java] Solidify extraction of id from URI
• [DownloadProvider.java] Use ContentURIs.parseId(uri) to extra the id from various functions.
• [DownloadProvider.java] Use StringBuilder to build the various queries.
• [DownloadService.java] Cache interface to the media scanner service more aggressively.
• [DownloadService.java] Investigate why unbinding from the media scanner service sometimes throws an exception
• [DownloadService.java] Handle exceptions in the service's UpdateThread - mark that there's no thread left.
• [DownloadService.java] At the end of UpdateThread, closing the cursor should be done even if there's an exception. Also log the exception, as we'd be in an inconsistent state.
• [DownloadProvider.java] Investigate whether the download provider should aggressively cache the result of getContext() and getContext().getContentResolver()
• Document the database columns that are most likely to stay unchanged throughout versions, to increase the chance being able to perform downgrades.
• [DownloadService.java] Sanity-check the ordering of the local cache when adding/removing rows.
• [DownloadService.java] Factor the code that checks for DRM types into a separate function.
• [DownloadService.java] Factor the code that notifies applications into a separate function (codepath with early 406 failure)
• [DownloadService.java] Check for errors when spawning download threads.
• [DownloadService.java] Potential race condition when a download completes at the same time as it gets deleted through the content provider - see deleteDownload().
• [DownloadService.java] Catch all exceptions in scanFile - don't trust a remote process to the point where we'd let it crash us.
• [DownloadService.java] Limit number of attempts to scan a file.
• [DownloadService.java] Keep less data in RAM, especially about completed downloads. Investigating cutting unused columns if necessary
• [DownloadThread.java] Don't let exceptions out of run() - that'd kill the service, which'd accomplish no good.
• [DownloadThread.java] Keep track of content-length responses in a long, not in a string that we keep parsing .
• [DownloadThread.java] Use variable-size buffer to avoid thousands of operations on large downloads
• [Helpers.java] Deal with atomicity of checking/creating file.
• [Helpers.java] Handle differences between content-location separators and filesystem separators.
• Optimize database queries: use projections to reduce number of columns and get constant column numbers.
• Index last-mod date in DB, because of ordered searches. Investigate whether other columns need to be indexed (Hidden?)
• Deal with the fact that sqlite INTEGER matches java long (63-bit) .
• Use a single HTTP client for the entire download manager.
• Could use fewer alarms - currently setting new alarm each time database updated .
• Obsolete columns should be removed from the database .
• Assign relevant names to threads.
• Investigate and handle the different subclasses of IOException appropriately .
• There's potentially a race condition around read-modify-write cycles in the database, between the Service's updateFromProvider thread and the worker threads (and possibly more). Those should be synchronized appropriately, and the provider should be hardened to prevent asynchronous changes to sensitive data (or to synchronize when there's no other way, though I'd rather avoid that) .
• Temporary file leaks when downloads are deleted while the service isn't running .
• Increase priority of updaterThread while in the critical section (to avoid issues of priority inheritance with the main thread).
• Explicitly specify which interface to use for a given download (to get better sync with the connection manager).
• Cancel the requests on more kinds of errors instead of trusting the garbage collector.
• Issues with the fact that parseInt can throw exceptions on invalid server headers.

Code style, refactoring

• Fix lint warnings
• Make sure that comments fit in 80 columns to match style guide
• Unify code style when dealing with lines longer than 100 characters
• [Constants.java] constants should be organized by logical groups to improve readability.
• Use fewer internal classes (Helpers, Constants...) .

Browser changes

• Move download UI outside of browser, so that browser doesn't need to access the provider.
• Make browser sniff zips and jars to see if they're apks.
• Live handoff of browser-initiated downloads (download in browser, browser update download UI, hand over to download manager on retry).