I am using Delphi 11.2 and the call phone function on android does not works anymore. When I start the app it's stop to working. Using the Delphi samples PhoneDialer project the same error.
Any idea ?
Regards.
Although it's trivial, I think it may be best to document it as an answer.
Many of the resources on the phone require that the user grants permission for using them. The purpose of this mechanism is to stop viruses and badly behaved applications from running without the user's knowledge.
Phone is such a resource. You will need to grant your app permission to use it. It is not enough that your app checks if it has been granted or if you have registered the PhoneDialerService.
Related
I am talking about the quality issue (bug) that an Android app needs a permission that is declared in the Manifest, but fails to request it from the user at the appropriate time and executes the code without the necessary permission. This was not possible in older Android versions (user accepts all permissions in bulk), but seems to be possible when using newer versions that copy Apple in most regards.
At least during testing one can start background services and use bluetooth without any alert by Google popping up. Is that different for apps in production?
Does the app crash with an Exception?
Does the code get executed?
Does the app get rejected in review? (Always?)
Does the app get delisted from the store?
Does it depend on Android's Version?
I deal with an age old app that has bluetooth discovery code to find and connect to dedicated hardware, that is rarely used via a cordova plugin triggered by content. There is old altbeacon code potentially activated that may even need access background location (https://developer.android.com/guide/topics/connectivity/bluetooth#Permissions). It will take some time to get this dead code up to quality. Definitely more time than the week we have.
Does the app crash with an Exception?
yes if you try to have operations depends on returned date witch is null
Does the code get executed?
code will execute with exceptions because data access denied you can check if permission granted or not and add scenario for each state
Does the app get rejected in review? (Always?) not sure but with crashes there is high potential to get rejected
Does the app get delisted from the store?
depends on why and how you are using data
Does it depend on Android's Version?
yes access data and permissions changing point is android oreo
My tests with Bluetooth permissions revealed the following: Required permissions are BLUETOOTH_ADMIN, BLUETOOTH and for VERSION_CODES.Q additionally Manifest.permission.ACCESS_BACKGROUND_LOCATION (see: https://developer.android.com/guide/topics/connectivity/bluetooth#Permissions).
BLUETOOTH_ADMIN, BLUETOOTH do not show any system alert-dialogue to the user. In Android Q+ if you fail to check for the required ACCESS_BACKGROUND_LOCATION permission, nothing happens and your code executes without exception (mine did execute an UART command on hardware with Samsung tablet). The app passed review although the check is missing (of course I will fix that ASAP).
Note: the doc is ambiguous and states: "Services running on Android 10 and higher cannot discover Bluetooth devices unless they have the ACCESS_BACKGROUND_LOCATION permission." Probably general scanning while the app is active could be allowed. In that case missing exception would be explained.
I'm trying to figure out which android API calls need these permissions:
android.permission.HARDWARE_TEST
android.permission.DEVICE_POWER
android.permission.DIAGNOSTIC
android.permission.GET_TOP_ACTIVITY_INFO
I read the descriptions on the Android developer website, but I found no way to perform the operations that these permissions allow.
EDIT after HexAndBugs answer: I know these permission are not intended for third-party application, but I'd like to use them in a experimental environment, playing the role of the manufacturer.
These aren't intended to be used in your apps (unless you are a device manufacturer), so you won't find things that need them in the API. Note that they all say Not for use by third-party applications. See, for example, DEVICE_POWER
Although these settings are not for usual app but if you have a rooted device and you need to control, lets say hardware test then you would have to add it to your apps permisson and override the ususal CET testing pannel
But FYI it can brick the phone or device if you tweaksomething wrong so beaware;
i personally have used couple of these permisson for e.g getTop Activity info to monitor that my app is always on foreground
I understand that when you install an android app you need to accept the permissions requested by the app. When you run the app, when it comes to the point that app really about to use that permission and perform a task, the android system has to check again "whether this app is allowed to perform this task?". I need to perform some task (log the event) at this moment. How can I do this?
There is a catch. I want to identify these instances (moments) for other running apps (not for my app)
(Ex: I want to know when DropBox app is about to access the internet.)
I need to perform some task (log the event) at this moment. How can I do this?
You can download the Android source code, modify it to incorporate your desired security flaw, compile the results into a ROM mod, and install that ROM mod on your own device.
This is not possible via the Android SDK.
There is a catch. I want to identify these instances (moments) for other running apps (not for my app) (Ex: I want to know when DropBox app is about to access the internet.)
You are welcome to install and use a firewall package on your rooted Android device and perhaps hook something up that way, for this specific scenario. In general, what you seek is not possible, for blindingly obvious privacy and security reasons.
I am trying to write a simple android app that switches off my phone screen. When I am runnning this app I get Security Exception: Permission denial app requires android.permission.DEVICE_POWER. I know that this is a protected permission but my phone is rooted. What do I specify that I can use this permission? I have already tried declaring DEVICE_ADMIN permssion along with the DEVICE_POWER permission but it still doesn't work.
Rooting potentially lets you circumvent or modify the android security model, but it doesn't necessarily mean you get special privileges for an android API which enforces it. You cannot ordinarily run an application itself as root, while code in a helper executable which you could start as root will have substantial difficulty interacting with the Android APIs.
What you are trying to do may really not be a very good idea. But if you really want to do it, you would need to either install your own build of Android so that you have a (self generated) key matching that which you used to sign the platform, which you can then use to sign your application, or else try to install your application on the system partition.
If all you want to do is turn the screen off, then why don't you use the PowerManager? According to the documentation, the goToSleep() function will force the device to go to sleep.
i just want an application that would scan the installing application and decide whether to deny the installation process or not basing upon the package name ?
Fortunately, this is not possible, for obvious security reasons. Malware authors would really like it if they could block other applications from being installed.
Do you want an application which self-checks for integrity?
Or an application which check ANY other new application?
On the former, I would suggest to put some piece of code on the main activity which checks this. But if you are trying to have some sort of 'anti-hacking' feature it would be quite pointless, as it would simply be needed to remove those lines.
On the latter, that would be more complicated and, also, how would you know the 'correct' package name?
Third party security applications such as Lookout, McAfee, Avast, etc. run with the same limited permissions and capabilities as any other Android application. That said, it's not possible for any Android application to "man-in-the-middle" an application installation process for security checks or any other purpose. As mentioned by others, this would have negative security implications, as it would allow any application to modify or deny the installation of other apps.
As a third party app, the best you can do is to monitor installed packages using a broadcast receiver that listens for android.intent.action.PACKAGE_ADDED intents, or use FileObserver to trigger a security review once the app is written to the file system. At this point if you detected an application you wanted to uninstall, you would still have to ask the user for their approval to uninstall the application.
FWIW, device manufacturers have the capability to make low-level modification to provide this capability, but I assume this is out of scope for your case.