In order to meet google's recent stalkerware policy, developer needs to add isMonitoringTool flag if application collecting certain sensitive user data using app. Can someone help me to define this flag in the manifest.
Here is the document where they have mentioned to do so,
https://support.google.com/googleplay/android-developer/answer/12253906#stalkerware_preview
Thanks in advance.
This is a guess, since I cannot find any meaningful documentation at all. And at this point, I don't even know how to test the theory. But I'll offer my guess anyway.
I'm going to guess it goes inside your application node. Like this (only your manifest probably has a ton more stuff in it):
<?xml version="1.0" encoding="utf-8"?>
<manifest>
<application>
<meta-data android:name="IsMonitoringTool" android:value="true" />
</application>
</manifest>
My guess is based on the fact that I inherited a manifest with other meta-data nodes in that location. Of course, it also has meta-data nodes under each activity node, but that location doesn't really seem to make sense for this flag.
What's more, the documentation you linked to says that the "app" needs to use the flag, so that matches putting it under the application node. So there is my unverifiable guess. I suppose we'll find out if I'm right on November 1, 2022, when this becomes required for relevant apps.
https://support.google.com/googleplay/android-developer/answer/9934569
Unless someone who works for Google wants to chime in...?
You can see the extensive search results (!) that a Google search gives me:
The actual correct answer, as per google documentation is
<manifest
<application android:isMonitoringTool="parental_control">
…
</application>
</manifest>
The available options are as follows:
parental_control = App caters to parental control and is specifically targeted at parents who want to keep their kids safe.
enterprise_management = App caters to enterprises who want to manage and track devices given to employees.
other = App that does not fall in any of the above categories. The Google Play enforcement team will assess whether apps with this value qualify for any valid exemption categories.
Related
I'm the developer of a library that makes use of APP_RESTRICTIONS. Till now I had the following configuration in the AndroidManifest.xml:
<meta-data
android:name="android.content.APP_RESTRICTIONS"
android:resource="#xml/library_restrictions" />
However, one of our customers now contacted us because his build was failing after adding our library. It turns out that he uses another library which also provides APP_RESTRICTIONS. I know that I can use
tools:node="replace"
or
tools:node="merge"
however this basically means that just one of the restriction configurations get active since it is an attribute on the meta-data. What I need is the content of the two resource files merged automatically to guarantee that the configuration field shows up in the MDM solution. Does anyone know a solution other than informing the developer in the readme that he has to manually merge the content of these two files?
TL;DR
Given an .apk file and its Manifest.xml decoded, is it possible to tell which libraries/(ad-)modules it ships bundled with – and if so, how?
Detailed question
I've checked with the Manifest specifications and saw the <uses-library /> element – but that's for shared libraries the app expects to be present on the device it shall be installed onto, and thus (AFAICT) not of relevance in this context. I've also checked several "example Manifest.xml files" to see what I would find (and yes, if one knows what to look for, one can e.g. identify AdMob by its declared <activity />). But except from "guess-work", I was unable to figure an "structured approach" valid for (mostly) all cases one might encounter in the real-world.
So what I'm looking for is to write a script which I can pass an .apk file to, and which then spits out a list of libraries and ad-modules used. I'm not asking you to provide me with that script (though I definitely wouldn't reject if offered that; I wouldn't be surprised to hear someone has done that already) – but rather for the core point of what the "identifiers" would be. General approaches are of course welcome as well. If that includes other calls to e.g. aapt, that's of course OK. And if I'm on the completely wrong track, and that information has to be looked for at another place, I'd definitely like to hear those details, too :)
In case it's relevant (e.g. for other "external tools" needed), I'm working on Linux – so Windows tools wouldn't do.
AndroidManifest file has nothing to do with libraries which used in app. And I don't think that there is a way to get list of used libraries, except to check decompiled code and try to match it by package name. But in case if that code obfuscated with Proguard, I think your goal is almost unreachable.
If I wanted to research how and where permissions [requested in the Mainfest.xml] were used in an Android app for the purposes of removing them is there an easy way of doing this? Does lint or findbugs offer some sort of support for tracking permissions used/abused in a project?
I came from the future to save your lives.
Here (in the future), LINT does check for missing permissions as you can see on LINT checks.
So, go to your AndroidManifest.xml and remove all tags <uses-permission> using Android permissions (meaning, don't delete permissions that belong to your app, such as UA_DATA and C2D_MESSAGE).
Then run LINT analysis. Click on Analyze then Inspect Code...
Look under Android -> Constant and Resource Type Mismatches
You should see all missing permissions.
Then you can just right-click them and select Apply fix "Add Permission". If you select this option, Android Studio will include one permission for every error. So you'll end up with multiple copies of the same permission on your Manifest file, just delete the duplicates. You can do it manually too.
Here is the description of the LINT rule:
ID ResourceType
Description
This inspection looks at Android API calls that have been annotated with various support annotations (such as RequiresPermission or UiThread) and flags any calls that are not using the API correctly as specified by the annotations. Examples of errors flagged by this inspection:
Passing the wrong type of resource integer (such as R.string) to an API that expects a different type (such as R.dimen).
Forgetting to invoke the overridden method (via super) in methods that require it
Calling a method that requires a permission without having declared that permission in the manifest
Passing a resource color reference to a method which expects an RGB integer value.
...and many more. For more information, see the documentation at http://developer.android.com/tools/debugging/annotations.html
I'm using Android Studio 2.1.2.
In your app manifest file you should have a tab "Merged Manifest" there you can see your final manifest and the permissions you request you can click on a permission to see where it came from. (who added it - ex': sdk or what code it came from)
There is also a simple way to remove a permission by adding to manifest:
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"
tools:node="remove" />
Also remember to add the tools at the top:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="...">
The way I would do it for an app for which I didn't write the code would be to remove the permissions one by one and test the app end-to-end each time. When it fails, narrow it down. If not, that permission may not be used.
You will have to try removing them one by one and checking i fthe app still works OK. This is not checked by lint in any way (it should be).
When they come back (they are currently down), you can upload your apk to this website (if that's ok with you) and let them statically analyse the permissions you are using: http://www.android-permissions.org/
Best way is to understand what the may actually do. If it is ever going to use the camera then you know you need the camera permission.
Or you could just learn what your app does and then go through the permissions and see which ones are extra. What does your app do, what phone features does it use. There should be some documentation somewhere on what it should do and what methods are in there
While writing Android manifest some configuration I must put inside "application" section (eg. list of activities) and some outside it (eg. uses-sdk). Why? Is there any general rule what goes inside "application" section and what outside? Or was it pure random arbitrary decision by Android creators?
Not really a programming question. If you follow commit history of AOSP you might get an answer. Or track down Andy Rubin and ask him :)
With the current layout, you could theoretically have multiple applications inside the same APK. Stuff that is common to all applications will got at the highest level (uses-sdk, etc.), everything else inside the corresponding <application>.
Definitely it is not a random decision.
The Format is something like you have define the configurations pertaining to any application such as its activities and services inside tag because ofcourse they are related to your application.
And General libraries you use and Permissions outside of the tag which complement your application.
Take a note of the structure of the manifest file here
To get concept in detail try here.
I'm trying to write my own Sync Adapter for android. I'm digging through the Sample Sync Adapter from SDK but it's horribly undocumented.
I can make the contacts appear in the contacts app. But im unable to edit them or create new ones.
It's very hard to find any information on how to get my own account type listed for creation in the default contacts app or make them editable. I don't want to add any custom stüff only fields and data already supported by android.
Can any one point me to a tutorial or samples on how to integrate my sync adapter into the default contacts app (Like the exchange sync)?
What neets to be added to AndroidManifest.xml
What needs to be added to contacts.xml
What needs to be added to syncadapter.xml
Is there any code that needs to be added in order to work?
By the way:
I dont care for android versions lower than ICS. I read everywhere that the contacts app of 2.x does not support this but 3.x and above do. 2.x is off the table so I'm looking for the ICS way to do it.
Thanks in Advance
I think it's a little late to answer this question, but I had this problem and finally solved it. In android 4.x, you can add contact to only three kind of account in android. 1) Google Account, 2) Exchange Account, 3) Writable account, and by writable, it means that your contacts.xml file should contain EditSchema tag. Also you should add the following tag to your manifest file:
<meta-data
android:name="android.provider.CONTACTS_STRUCTURE"
android:resource="#xml/contacts" />
And about EditSchema, there is a good sample in the following URL:
http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android-apps/4.0.3_r1/packages/apps/Contacts/tests/res/xml/test_basic_contacts.xml
You just need to copy above xml file's content and paste it in your contacts.xml file.(You can customize the xml, if you want) And everything is done!
Have a look to this:
Edit custom contact in honeycomb
I asked this question before and I opened a bounty to get an answer. The answer was that although the feature is present in Honeycomb it is not documented anywhere. You needed to go through the code to learn how to do it.
I've now found that there is a bit of documentation like for example here:Blog about social network API