MetrolistGroup · alltechdev · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
@@ -23,6 +23,7 @@ plugins {
     alias(libs.plugins.kotlin.ksp)
     alias(libs.plugins.compose.compiler)
     alias(libs.plugins.kotlin.serialization)
+    alias(libs.plugins.rikka.tools.refine)
 }
 
 android {
@@ -282,6 +283,19 @@ dependencies {
     implementation(libs.protobuf.javalite)
     implementation(libs.protobuf.kotlin.lite)
 
+    // Shizuku for privileged installation
+    compileOnly(libs.rikka.hidden.stub)
+    implementation(libs.rikka.tools.refine.runtime)
+    implementation(libs.shizuku.api)
+    implementation(libs.shizuku.provider)
+    implementation(libs.lsposed.hiddenapibypass)
+
+    // libsu for root access
+    implementation(libs.libsu.core)
+
+    // Dhizuku for device owner installation
+    implementation(libs.dhizuku.api)
+
     coreLibraryDesugaring(libs.desugaring)
 
     implementation(libs.timber)

diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro
@@ -209,3 +209,25 @@
 -keepclasseswithmembers class com.metrolist.shazamkit.models.** {
     kotlinx.serialization.KSerializer serializer(...);
 }
+
+## Shizuku & Hidden API Rules
+-keep class rikka.shizuku.** { *; }
+-keep class moe.shizuku.** { *; }
+-keep class dev.rikka.tools.refine.** { *; }
+
+# Hidden Android APIs accessed via Shizuku
+-keep class android.content.pm.IPackageManager { *; }
+-keep class android.content.pm.IPackageManager$Stub { *; }
+-keep class android.content.pm.IPackageInstaller { *; }
+-keep class android.content.pm.IPackageInstaller$Stub { *; }
+-keep class android.content.pm.IPackageInstallerSession { *; }
+-keep class android.content.pm.IPackageInstallerSession$Stub { *; }
+-keep class android.content.pm.PackageInstallerHidden { *; }
+-keep class android.content.pm.PackageInstallerHidden$* { *; }
+-keep class android.content.pm.PackageManagerHidden { *; }
+
+# libsu for root access
+-keep class com.topjohnwu.superuser.** { *; }
+
+# Dhizuku for device owner installation
+-keep class com.rosan.dhizuku.** { *; }
diff --git a/app/src/izzy/AndroidManifest.xml b/app/src/izzy/AndroidManifest.xml
@@ -1,11 +1,27 @@
 <?xml version="1.0" encoding="utf-8"?>
+<!-- Remove testOnly flag in Izzy build since Dhizuku is not available and builds must be distributable -->
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:tools="http://schemas.android.com/tools">
+    xmlns:tools="http://schemas.android.com/tools"
+    tools:remove="android:testOnly">
+
+    <!-- Remove updater permission in Izzy build since updater is not available -->
+    <uses-permission
+        android:name="android.permission.REQUEST_INSTALL_PACKAGES"
+        tools:node="remove" />
 
     <application>
         <!-- Remove Cast provider in Izzy build since GMS is not available -->
         <meta-data
             android:name="com.google.android.gms.cast.framework.OPTIONS_PROVIDER_CLASS_NAME"
             tools:node="remove" />
+
+        <!-- Remove updater components in Izzy build since updater is not available -->
+        <receiver
+            android:name=".utils.updater.InstallReceiver"
+            tools:node="remove" />
+
+        <provider
+            android:name="rikka.shizuku.ShizukuProvider"
+            tools:node="remove" />
     </application>
 </manifest>
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
@@ -1,10 +1,14 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:tools="http://schemas.android.com/tools">
+    xmlns:tools="http://schemas.android.com/tools"
+    android:testOnly="true">
+
+    <uses-sdk tools:overrideLibrary="rikka.shizuku.api, rikka.shizuku.provider, rikka.shizuku.shared, rikka.shizuku.aidl, com.rosan.dhizuku.api" />
 
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
     <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+    <uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" />
     <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
     <uses-permission android:name="android.permission.WAKE_LOCK" />
     <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
@@ -315,6 +319,24 @@
             </intent-filter>
         </service>
 
+        <!-- Install status receiver for session-based APK installation -->
+        <receiver
+            android:name=".utils.updater.InstallReceiver"
+            android:exported="false">
+            <intent-filter>
+                <action android:name="com.metrolist.music.INSTALL_STATUS" />
+            </intent-filter>
+        </receiver>
+
+        <!-- Shizuku provider for privileged operations -->
+        <provider
+            android:name="rikka.shizuku.ShizukuProvider"
+            android:authorities="${applicationId}.shizuku"
+            android:enabled="true"
+            android:exported="true"
+            android:multiprocess="false"
+            android:permission="android.permission.INTERACT_ACROSS_USERS_FULL" />
+
     </application>
 
 </manifest>
diff --git a/app/src/main/kotlin/com/metrolist/music/App.kt b/app/src/main/kotlin/com/metrolist/music/App.kt
@@ -47,6 +47,7 @@ import okhttp3.Credentials
 import timber.log.Timber
 import java.net.Authenticator
 import java.net.PasswordAuthentication
+import org.lsposed.hiddenapibypass.HiddenApiBypass
 import java.net.Proxy
 import java.util.Locale
 import javax.inject.Inject
@@ -65,6 +66,15 @@ class App :
         // Install crash handler first
         CrashHandler.install(this)
 
+        // Bypass hidden API restrictions for Shizuku installer (Android 9+)
+        if (BuildConfig.UPDATER_AVAILABLE && Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+            runCatching {
+                HiddenApiBypass.addHiddenApiExemptions("I", "L")
+            }.onFailure {
+                Timber.w(it, "Hidden API bypass unavailable; privileged installers will be disabled")
+            }
+        }
+
         // Initialize cipher deobfuscator for WEB_REMIX streaming
         CipherDeobfuscator.initialize(this)
 

diff --git a/app/src/main/kotlin/com/metrolist/music/constants/PreferenceKeys.kt b/app/src/main/kotlin/com/metrolist/music/constants/PreferenceKeys.kt
@@ -84,6 +84,7 @@ val SelectedYtmPlaylistsKey = stringPreferencesKey("selectedYtmPlaylists")
 val CheckForUpdatesKey = booleanPreferencesKey("checkForUpdates")
 val UpdateNotificationsEnabledKey = booleanPreferencesKey("updateNotifications")
 val LastUpdateCheckTimeKey = longPreferencesKey("lastUpdateCheckTime")
+val InstallerTypeKey = intPreferencesKey("installerType")
 
 val AudioQualityKey = stringPreferencesKey("audioQuality")
 

diff --git a/app/src/main/kotlin/com/metrolist/music/ui/component/ReleaseNotesCard.kt b/app/src/main/kotlin/com/metrolist/music/ui/component/ReleaseNotesCard.kt
@@ -20,6 +20,7 @@ import androidx.compose.ui.Modifier
 import androidx.compose.ui.res.stringResource
 import androidx.compose.ui.unit.dp
 import com.metrolist.music.R
+import com.metrolist.music.ui.screens.settings.MarkdownText
 import com.metrolist.music.utils.Updater
 
 @Composable
@@ -43,11 +44,7 @@ fun ReleaseNotesCard() {
                 style = MaterialTheme.typography.titleLarge
             )
             Spacer(modifier = Modifier.height(8.dp))
-            Text(
-                text = releaseInfo.description,
-                style = MaterialTheme.typography.bodyMedium,
-                modifier = Modifier.padding(vertical = 2.dp)
-            )
+            MarkdownText(releaseInfo.description)
         }
     }
     Spacer(modifier = Modifier.height(16.dp))

diff --git a/app/src/main/kotlin/com/metrolist/music/ui/screens/settings/AccountSettings.kt b/app/src/main/kotlin/com/metrolist/music/ui/screens/settings/AccountSettings.kt
@@ -400,25 +400,21 @@ fun AccountSettings(
             Spacer(Modifier.height(4.dp))
 
             if (BuildConfig.UPDATER_AVAILABLE && latestVersionName != BuildConfig.VERSION_NAME) {
-                val releaseInfo = Updater.getCachedLatestRelease()
-                val downloadUrl = releaseInfo?.let { Updater.getDownloadUrlForCurrentVariant(it) }
-
-                if (downloadUrl != null) {
-                    PreferenceEntry(
-                        title = {
-                            Text(text = stringResource(R.string.new_version_available))
-                        },
-                        description = latestVersionName,
-                        icon = {
-                            BadgedBox(badge = { Badge() }) {
-                                Icon(painterResource(R.drawable.update), null)
-                            }
-                        },
-                        onClick = {
-                            uriHandler.openUri(downloadUrl)
+                PreferenceEntry(
+                    title = {
+                        Text(text = stringResource(R.string.new_version_available))
+                    },
+                    description = latestVersionName,
+                    icon = {
+                        BadgedBox(badge = { Badge() }) {
+                            Icon(painterResource(R.drawable.update), null)
                         }
-                    )
-                }
+                    },
+                    onClick = {
+                        onClose()
+                        navController.navigate("settings/updater")
+                    }
+                )
             }
         }
     }