I have developed a keyboard app for Android. It's a free app so it has in-app advertisements to earn some revenue. To run these advertisements, I need the internet permission for my app. As a keyboard app, users type a lot of sensitive information from this app. They always ask me whether their privacy is protected or not. I don't collect anything they type from this keyboard. Only the reason I have internet permission is to run ads & it is necessary to earn revenue. I know it's impossible to remove internet permission at runtime because it's declared in the manifest file. If it was possible I could add a premium version which doesn't have the internet permission.
Can anyone give me any idea to solve this problem? Thank you.
The best way to achieve this would be using Flavours. You can learn about Flavours and if they are best suited to you need by reading: https://developer.android.com/studio/build/build-variants
Related
i have a question related to Android app run time permissions.
Is it preferrable/allowed practice for developers to save users' permission preferences i.e. each user has allowed/denied any permission, on our remote server database?
Offcourse we are asking run time permission for every feature we want to use, but is it preferrable that we log on server that if user has allowed for any permission or not, please let know. Thanks
Android framework has restricted the developers to ask only those permissions which are necessary to implement a specific feature and that too if there's no other way to implement the feature without that specific permission. In your case, it seems like you have already taken care of the permissions and just want to hold the result of the asked permissions.
So the answer is YES, You can save this data and it's even considered good practice for handling permissions. Here's the reference from the official android documentation.
Greater flexibility in granting permissions
Users can deny access to individual permissions at the time they’re requested and in settings, but they may still be surprised when functionality is broken as a result. It’s a good idea to monitor how many users are denying permissions (e.g. using Google Analytics) so that you can either refactor your app to avoid depending on that permission or provide a better explanation of why you need the permission for your app to work properly. You should also make sure that your app handles exceptions when users deny permission requests or toggle off permissions in settings.
https://developer.android.com/training/permissions/usage-notes
I am curious if it is possible to change an App's access permissions using an in-app purchase?
The App I am developing has access to network / internet and advertising.
To improve user's privacy, there will be an in-app purchase option that will disable ads and remove network / internet support.
I know that I could do a separate app entirely, but I'd prefer to keep it within the same app.
I have searched and cannot find a solution to my particular use case.
Thanks.
If you use an in-app purchase it isn't gonna change any permissions. Permissions are set on the manifest and is not changeable.
The only way to change permissions is with an upgrade to a newer version, as #SuperThomasLab pointed out, the permissions are in the manifest and set in stone for that version.
Google has very strict requirements that the user needs to be informed of any permission changes on each upgrade, so there is absolutely no way to change the permissions that the user agreed to the last time they installed your app.
You can add functionality to disable the code that uses any network/internet, even if the permission is still there.
As for removing ads, see this post: In-App Purchase remove ads
Here's my scenario:
Currently, my app does NOT require the INTERNET permission and I would love to keep it that way. My app is a financial app where a lot of users don't want to take a chance on an app that can send their data out.
Now, I would like to have some kind of add-on that enables some on-line features, such as DropBox sync and some others which will require the INTERNET permission.
Can an app's add-on request additional permissions, and if not, can anybody suggest a reasonable way to accomplish this?
Thank you!
The suggested answer is to use a sharedUserId in the AndroidManifest and then create a new app with the added permission and this same user ID. This works great for apps where the developer had foreseen this need, but for other apps, adding or changing the sharedUserId causes it to misbehave.
Here's the corresponding Google bug, please star it if you feel this should be addressed:
http://code.google.com/p/android/issues/detail?id=14074
I had a different problem I was trying to solve and decided on add-ons also. The solution I used was to implement the Shared User Id paradigm. My add-on has the same signature, no launcher intent (which means there will be no separate icon on the users device) and a signature based security on the activity calls. This will allow you to implement the above functionality.
The issue you may have is I doubt you can get another application installed using in app purchases. You may need to sell the add-on as a separate app.
Hope this helps...
Hello is it possible to know if the user tries to uninstall an application and ask for password in order to continue? I have a security application and I would like to ask the user to authenticate before uninstalling the application is it possible and how?
Hello is it possible to know if the user tries to uninstall an application and ask for password in order to continue?
No, sorry. Applications do not get control when they get uninstalled.
Yes. It is possible. I do not know HOW but some security applications like AndroidLost, SeekDroid and so on do that. (I'm not sure now which one exactly do that, but I'm sure it does). Try to decompile some of these applications (if I was you I'd do that).
I guess they ask for Administration permission in your mobile and intercept the unnistall. Obviously if you remove the app from the Administration apps list, it does not work anymore.
I was working on understanding what the implications of granting a package a particular permission are. To my utter disbelief I could not find any material which would answer the questions satisfactorily.
1.) What permissions are reserved to be used by whom?
2.) What level of effect does granting a permission to an application have, in security aspects.
3.) What kind of permission does a user need to beware of and understand completely what the repercussion might be (at install time.)
4.) How to identify when an application is misusing a permission granted to it?
I hope with a series of example programs and bits and pieces of documentation we can organize a clear working model for permission on android. I hope people would paste code for relevant examples in an attempt to understand this and help us develop better applications as well as develop user understanding on how secure they are.
thanks
Shouvik
EDITED:What I eventually intend to achieve out of this discussion is that when I cluster a group of permissions, I should be able to get a concise picture of what my application will be capable of doing to my data. I then should be able to weigh those risks with the application installed and determine if its worth the risk. Please note, I am not here to suggest that all apps request perms for malicious use! I am here for that 0.1% of apps which might do it with that intent! =)
Don't take my word for it. Here is a link I came across in the discussion group which puts my idea into a clear perspective. http://groups.google.com/group/android-developers/browse_thread/thread/88b69b590c4d1482/d4bfb0e544d8a3a9?lnk=gst&q=permissions#d4bfb0e544d8a3a9
1) There is a list of permissions (List) a developer can request for his application. Also look at: Security and Permissions
2) If a user installs the application and allows the permissions the application asks for, the application is allowed to do access certain parts of the android system. (for instance, if a application asks the READ_CONTACTS-permission and you grant it, the application can read the contacts from your phonebook, ...)
3) It depends on you feeling concerning security and the trustworthiness of the application you install. If you don't trust the developer of an application, you shouldn't install it.
If an application asks for rights you don't think it really needs, don't install it. (If a simple "ToDo List" app asks permission to make outgoing calls ...)
Which one you should be aware of is a BIG topic - the link under 1) describes the permissions and what an application can do with it - should be a start ...
4) If you grant a permission the application can use it and you can't control in which way it's used. (if you grant GPS, you can't know whether it's updating the status only if you want to or if it's updating every second ...
I don't have enough time at the moment, but maybe I write a little article about this topic on the weekend.
Here is a link I found something that offers a little more than the documentation. Its not much but its a start. Please feel free to pour in your inputs too!
Edit1: So I carried out this little experiment to find out which permissions are not accessible to me as a third party developer. (Pretty dumb of me not to try this earlier, but here is the list FWIW.)