We use this SDK within our app. It's imported as its own module, and is packaged as a .AAR file. Last year, our app was removed from the Play Store multiple times for uploading contact information without displaying a prominent disclosure. This SDK was to blame for some of these removals. Our response was to remove all contact-related features from our app and to remove the READ_CONTACTS permission in both our app's AndroidManifest and the SDK's AndroidManifest. However, now we're reimplementing these contact-related features, so we can't remove this permission in our app's AndroidManifest any more. We need our app to have this permission, but the SDK must not have it.
My question is this: if our app has READ_CONTACTS permission, does that also grant this permission to the SDK? Or does the SDK's AndroidManifest need to explicitly include the READ_CONTACTS permission in order to be able to use it?
We need our app to have this permission, but the SDK must not have it.
That is not a thing, sorry.
if our app has READ_CONTACTS permission, does that also grant this permission to SDK?
Yes. There is no difference between a library and code that you typed in yourself.
Related
In our android app we included android.permission.READ_CALL_LOG permission which is needed for our functionality. After integrate these permission and once we uploaded the app in PlayStore the app got rejected due to READ_CALL_LOG permission and received below message.
Can anybody please let me know how could solve this issue? I couldn't remove the 'READ_CALL_LOG' permission which is require in my project.
Regards
Your app can not declare READ_CALL_LOG permission in Manifest unless it was a dialer app.
If you feel, your app's major functionality depends on READ_CALL_LOG permission, you must fill the declaration form explaining why you need this permission.
If your request is accepted, your app will be allowed to use the permission.
Google has restricted SMS and CALL permissions for default apps only. Apps are getting rejected due to permissions declaration in the manifest file. There are alternate ways to get required permissions access in android applications.
Follow below link for more information.
No more SMS and Call permissions
I have a multiple module Android M app. Several modules require "WRITE_EXTERNAL_STORAGE" & "READ_EXTERNAL_STORAGE" permissions.
I would like to ask the user for permissions once:
1. Where would be the right place to do that?
1.1 Are permissions granted per activity?
1.2 Would asking for permission in module 1 give permissions to all app?
1.3 Is there a way to ask for both READ & WRITE permissions?
Google has published guidelines describing when to ask for permissions. It depends on context. Your questions 1.1 and 1.2 can be answered with the same info: permissions are granted and denied at the app level. It applies to every part of your app package. For 1.3: they are limited together into a group. When you ask for one you automatically get everything in the group.
This talk from DroidconNYC NYC will give you more details: https://youtu.be/WGz-alwVh8A.
Where would be the right place to do that?
From somewhere in your UI, before you need those permissions.
Are permissions granted per activity?
No, they are for the entire application.
Would asking for permission in module 1 give permissions to all app?
Asking for a permission in a module will give that permission to the entire app, if the user grants you the permission.
Is there a way to ask for both READ & WRITE permissions?
In this case, AFAIK you do not need both. Just ask for WRITE_EXTERNAL_STORAGE. In general, you can request as many permissions as you want; the requestPermissions() method takes a String[] of permission names.
how to use android permission and usepermission for services?
I used android uses-permissins ,but i dont know how to use android permission in android development
<uses-permission> is when your application is seeking the user's permission to use some
<permission> is when your application is requiring other apps to seek the user's permission to use some feature of yours.
Usefull links:
permission
uses-permission
The "permission" tag declares a security permission that can be used to control access from other packages to specific components or features in your package (or other packages).
The "uses-permission" tag requests a "permission" that the containing package must be granted in order for it to operate correctly.
I am trying to use another third party application into my application. Basically using some of the services from third party app. But these services need custom permissions defined in the third party application. So I have added those permission in my applications manifest file.
Suppose if my application is installed before installing the third party application then it won't get those permissions and so if I try to access the services from third party app, I am getting Security exception.
Is there a way to ask for permissions again or any other suggestions.
The permissions you request in your manifest are the permissions your app will receive regardless of when it is installed. Period. The permissions granted to another application are accessible by that application only. If there is a permission you need to use, it should be in your manifest. If it is there, permission will be requested from the user upon installation.
This is actually a known limitation of custom permissions. Even if both apps where yours, the one that defines the custom permission needs to be installed first, otherwise you will get an exception. If you control both apps, you need to define it in both apps. Otherwise, there is really no workaround: a permission needs to be know to the system to be granted.
BTW, you can use a third-party permission, as long as it is not a signature permission, requiring your app to be signed with the same key.
I have noticed in an application I wrote, in-spite of me not specifying any permission in the manifest file, the application throws up permissions granted, such as
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
What is all that about? I was not even aware my application needs to write into external store, and I am pretty sure it doesn't need to. So why are these permission being granted when I never requested for them?
Thoose two were default in earlier API versions. Read more about it: here.