get an error saying that the application does not have enough geolocation permissions
I observed that several Cordova applications for mobile devices use the Application System Webview. However, some mobile devices have it disabled and don't allow for location sharing.
What ought I to do in this circumstance?
I've set up the Cordova-Plugin-Geolocation 4.1.0 plugin.
additionally grant permissions in config.xml
It's difficult to give a detailed answer from the little information you provided. But generally you need to request the users explicit permission to use features such as location, camera and storage. You can do this with the Cordova diagnostics plugins: https://www.npmjs.com/package/cordova.plugins.diagnostic
The documentation should tell you how.
Related
I have a problem. If the app displays a website in a WebView and this website wants for example to access device files, does it require storage permission? The same with camera, geolocation etc. When I tried this, it works both with and without appropriate permissions (I tried that with geolocation and storage), but some people try to imply that the permissions are required. Why is that?
Yes, App do need permission even if webview wants to access camera or storage,
And it's because of security issues that you need permission for using camera or storage or anything for that matter even if you're using webview.
Because even if you use webview, ultimately you are going to use camera or any hardware so you need to ask permission.
Android 6.0 Marshmallow introduces a new model for handling
permissions, which streamlines the process for users when they install
and upgrade apps. Provided you're using version 8.1 or later of Google
Play services, you can configure your app to target the Android 6.0
Marshmallow SDK and use the new permissions model.
If your app supports the new permissions model, the user does not have
to grant any permissions when they install or upgrade the app.
Instead, the app must request permissions when it needs them at
runtime, and the system shows a dialog to the user asking for the
permission.
To learn more, see the documentation for Android 6.0 Marshmallow and
the changes you must make to your app for the new permissions model.
Google has added WebChromeClient.onShowFileChooser. They even provide a way to automatically generate the file chooser intent so that it uses the input accept mime types.
source
From everything I've seen, it doesn't seem possible to collect Texts, Phone Calls, Logs, etc. in an Android app without explicitly declaring the corresponding permission(s) in the manifest. Is this always the case?
What if an app uses an Android plugin like Apache Cordova for example? Must the plugin explicitly state the permissions in the config.xml?
Along the same lines, does an app have to display all permissions it can request/has requested in the app settings permissions?
I'm curious if malicious Android apps are capable of hiding permissions they are using.
No, apps cannot hide the permissions they are able to access.
Frameworks like Apache Cordova, PhoneGap, React Native, Flutter, etc. (and all the others) all operate within the Android framework, and are subject to the same security constraints: they must declare the permissions in the manifest, and request dangerous permissions at runtime if they target Android 6.0 or higher.
If an app, using any framework, were able to bypass these requirements, that would be a security bug in the platform (unless the reason they are able to do it is a vulnerability in another app, such as if an app exposed the user's contacts to any app that requested them with no permission check).
The permissions displayed in the settings are based on the permissions declared in the manifest and those granted by the user at runtime, so they wouldn't be able to hide things there, either, although it's worth noting that some less-dangerous permissions aren't displayed on the initial screen and are instead behind the "all permissions" menu option.
I am building a cordova application that requires permission to access location, camera, etc. I would like to show a custom message to the user when requesting permission to access the data. I thought about showing the message before requesting the permission, but I am not sure how to do that on older versions of android, which request the permissions at installation. Is there any way to show a custom request for permissions that will work across android and ios?
In order to show the message before requesting permission you can make use of the Cordova diagnostics plugin
This plugin allows you to check if the permission has already been granted or not, based on that you can display the dialog/alert to the user with your custom message depicting : "Hey, our app needs this permission to perform this" in a similar way.
Also no need to worry for android versions below 6.0 since the defined permissions get automatically granted after the application is installed.
Yes this plugin works for both android and iOS
PS : The permission text to be displayed can be modified for iOS but not for android. For iOS it can be updated in the project's .plist file or using a parameter mentioned in the config.xml for the plugin
I started to integrate the HERE Android Starter SDK into my application.
According to the documentation (and the runtime error) the permission WRITE_EXTERNAL_STORAGE is required to initialize the MapEngine:
MapEngine.getInstance().init(..)
However I'll only be using the autocomplete functionality.
What is this permission used for in this case?
I'm wondering whether it's used at all if no maps or map images are loaded.
Since this is a quite sensitive permission to ask the users for, I am searching for ways to not require this permission.
After some hours of investigation, this is what I found out:
The HERE Android Starter SDK is very easy to integrate, but the permissions are mandatory - no matter what features are used.
In the end I decided to integrate the HERE Autosuggest REST API, since that would not require the permissions mentioned.
Information on the REST-API endpoint can be found here: https://developer.here.com/documentation/places/topics/free-text-search.html
When you open the camera the user is prompted to grant the app permission to access the camera.
Is there any way in Codename one to tell if the user has denied this permission?
With either a callback or some kind of global call?
This specific to iOS but with the recent updates to Android the same question is also relevant there.
This is now built in to the CodenameOne platform - https://www.codenameone.com/blog/switching-on-android-marshmallow-permission-prompts.html
Currently we haven't enabled the Marshmallow permission prompts by default in part due to the lack of an API to indicate that.
We have a standard API for contacts permissions which we needed in iOS and most of the API's should be ready for Marshmallow since iOS always had the ability to deny permissions.
But we need to re-think the API's for querying that detail and whether we want them to follow the style of isContactsPermissionGranted.
I noticed there is no issue to track the progress of this so I filed it.