We are currently developing an app where we'd like to change some system settings, with user permission of course. The android documentation says that to do this, you have to add the following permission:
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
Also, one has to explicitly ask the user to enable this permission. An excerpt from https://developer.android.com/reference/android/Manifest.permission#WRITE_SETTINGS says:
Note: If the app targets API level 23 or higher, the app user must
explicitly grant this permission to the app through a permission
management screen. The app requests the user's approval by sending an
intent with action Settings.ACTION_MANAGE_WRITE_SETTINGS. The app can
check whether it has this authorization by calling
Settings.System.canWrite().
Up until this point, it is quite clear. However, when the permission is added to the AndroidManifest.xml file, Android Studio complains that "Permission is only granted to system apps". Now, this is confusing since I haven't found any documentation stating that it is indeed only granted to system apps.
So, I'd like to ask if someone has encountered this issue, and if there is some kind of documentation that explains this in detail? Or am I simply missing something?
You need to get the user permission specifically from the user by that I mean you have to take the user to a screen where user can grant the permission to your app to have WRITE_SETTINGS permission.
So when ever you want to change system settings you have to check if the user has granted the permission or not like this:
private boolean checkSystemWritePermission() {
boolean retVal = true;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
retVal = Settings.System.canWrite(this);
Log.d("TAG", "Can Write Settings: " + retVal);
if(retVal){
///Permission granted by the user
}else{
//permission not granted navigate to permission screen
openAndroidPermissionsMenu();
}
}
return retVal;
}
private void openAndroidPermissionsMenu() {
Intent intent = new Intent(Settings.ACTION_MANAGE_WRITE_SETTINGS);
intent.setData(Uri.parse("package:" + this.getPackageName()));
startActivity(intent);
}
As stated by user passsy in the stackoverflow question provided by Brian, android.permission.WRITE_SETTINGS has a android:protectionLevel of "signature", which makes the permission unavailable for use in user applications since API level 23.
See https://developer.android.com/guide/topics/manifest/permission-element#plevel for the description of protection levels for permissions.
Related
I'm trying to get a list of apps (on Android 8.0+) that have REQUEST_INSTALL_PACKAGES permissions marked as granted.
context.packageManager.getInstalledPackages(PackageManager.GET_PERMISSIONS or PackageManager.GET_META_DATA).forEach { pi ->
if (pi.requestedPermissions != null) {
for (i in pi.requestedPermissions.indices) {
if (pi.requestedPermissions[i] == android.Manifest.permission.REQUEST_INSTALL_PACKAGES) {
if ((pi.requestedPermissionsFlags[i] and PackageInfo.REQUESTED_PERMISSION_GRANTED) != 0) {
// permission is granted, do stuff here
}
}
}
}
}
The problem is, that corresponding requestedPermissionsFlags entry is always 1, which means REQUESTED_PERMISSION_REQUIRED and that is obviously wrong.
I tried different api: context.packageManager.checkPermission(android.Manifest.permission.REQUEST_INSTALL_PACKAGES, pi.packageName) == PackageManager.PERMISSION_GRANTED with the same result.
In tried this on Android 8, 9 and 10 on different devices and the only success I had was on Pixel 3a that came positive for com.android.nfc. Others were always false even when I can see in system settings that chrome and other apps have this permission granted.
Am I missing something for this API? Is it private? There is not much to find about it.
Because this permmission has a signature protection level. According to documentation:
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission
So requestedPermissionsFlags is correct - only com.android.nfc is granted.
Actually REQUEST_INSTALL_PACKAGES has a signature|appop protection level, that's why not only system apps can use it although this perrmission is not granted for them. For a little bit more details - Acquiring Android Permission with Signature Protection Level.
I'm trying to open recent apps but I have a permission problem.
This feature works on Android 4, but seemingly from 6/7 is displaying the following error:
java.lang.SecurityException: Permission Denial: starting Intent { flg=0x800000 cmp=com.android.systemui/.recents.RecentsActivity }
val intent = Intent()
intent.component = ComponentName("com.android.systemui", "com.android.systemui.recents.RecentsActivity")
if (null != intent.resolveActivityInfo(context.packageManager, 0)) {
startActivity(intent)
}
Looks like its because new permissions system in android 6
Every Android app runs in a limited-access sandbox. If an app needs to
use resources or information outside of its own sandbox, the app has
to request the appropriate permission. You declare that your app needs
a permission by listing the permission in the app manifest and then
requesting that the user approve each permission at runtime (on
Android 6.0 and higher).
If your app needs a dangerous permission, you must check whether you
have that permission every time you perform an operation that requires
that permission. Beginning with Android 6.0 (API level 23), users can
revoke permissions from any app at any time, even if the app targets a
lower API level. So even if the app used the camera yesterday, it
can't assume it still has that permission today
check the documentation for more informations
I have IntentService task in foreground mode, but in Android M+ the task stops in Doze mode. I read Google banned if the app uses intent to set themselves in whitelist. But if I use permission and check GRANT or DENIED, I get the granted result, but nothing happen. I don't see my app in whitelist. How can I add the app in whitelist without banned? (I added permission in AndroidManifest.xml)
if(Build.VERSION.SDK_INT>=23){
int permissionCheck= ContextCompat
.checkSelfPermission(this, Manifest.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS);
if(permissionCheck == PackageManager.PERMISSION_DENIED){
//Should we show an explanation
if(ActivityCompat.shouldShowRequestPermissionRationale(this, Manifest.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS)){
//Show an explanation
final String message = "";
Snackbar.make(coordinatorLayoutView,message,Snackbar.LENGTH_LONG)
.setAction("GRANT", new View.OnClickListener() {
#Override
public void onClick(View v) {
ActivityCompat.requestPermissions(MainActivity.this, new String[]{ Manifest.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS }, PERMISSION_REQUEST_CODE);
}
})
.show();
}else{
//No explanation need,we can request the permission
ActivityCompat.requestPermissions(this, new String[]{ Manifest.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS }, PERMISSION_REQUEST_CODE);
}
}
}
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS is not a dangerous permission. You do not need, or want, any of that code. Quoting the documentation for REQUEST_IGNORE_BATTERY_OPTIMIZATIONS:
Permission an application must hold in order to use ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS. This is a normal permission: an app requesting it will always be granted the permission, without the user needing to approve or see it.
So, delete all that code.
I don't see my app in whitelist.
That is because the user did not add you to the whitelist, apparently.
Requesting REQUEST_IGNORE_BATTERY_OPTIMIZATIONS grants you the authority, from a security standpoint, to start an activity with an ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Intent. Be sure to include your app's package as the Uri:
startActivity(new Intent(Settings.ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS, Uri.parse("package:"+getPackageName())));
The user will be taken to a screen where they can indicate that they are willing to suspend portions of Doze mode effects on your app.
How can I add the app in whitelist without banned?
If you do not want to be banned, do not do any of this. Have something in your app that starts an activity with an ACTION_IGNORE_BATTERY_OPTIMIZATION_SETTINGS Intent. This leads the user to the overall list of apps, where the user can toggle which ones are and are not on the whitelist. This does not require any permission.
The act of requesting REQUEST_IGNORE_BATTERY_OPTIMIZATIONS in the manifest is what may get you banned.
Be aware of using Settings.ACTION_IGNORE_BATTERY_OPTIMIZATION_SETTINGS intent for the activity, this does not work on all phones and you will get a android.content.ActivityNotFoundException. In particular it does not work on Samsung phones running Android 6. The only combination that I have found works on these phones is to declare the REQUEST_IGNORE_BATTERY_OPTIMIZATIONS in the manifest, then launch an activity with intent Settings.ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS. I.e. the combination that is not liked by Google.
I am trying to use GPS in android but it gives me this error:
I put in manifest these permission
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
can anyone help me please
As the hint suggests : The user may deny permission. In that case this call will throw error...
Right now, android asks for the user to accept all the permissions an app asks for in the manifest on installation. In the upcoming M release, android will switch over to the iOS style of permissions with an "on needed" basis.
Call this method to see if permission is granted or not. If not, you need to handle that situation.
context.checkCallingPermission(permission)
Declaring permission in manifest only means that you are requesting permission. In new releases it will not guarantee that user will give you that permission.
In older releases the user has to accept all or reject all permissions
This is not an error actually but a heads-up by the Lint and which may cause an issue!
Hope you are aware about the new permission model is introduced in Android 6.0 (Marshmallow), through which user may not permit to use GPS or Network or anything else and so it may cause an issue in your application!
Now, as per the lint analysis, so before implementing particular functionality, you should check whether permission for the same is available or not!
Since SDK 23, you should/need to check the permission using checkSelfPermission
http://developer.android.com/reference/android/support/v4/content/ContextCompat.html
for example
if (checkSelfPermission(Manifest.permission.ACCESS_FINE_LOCATION) != PackageManager.PERMISSION_GRANTED
&& checkSelfPermission(Manifest.permission.ACCESS_COARSE_LOCATION) != PackageManager.PERMISSION_GRANTED) {
return;
}
This condition checks user allowed to access the permission to read the location
if(checkSelfPermission(Manifest.permission.ACCESS_FINE_LOCATION)== PackageManager.PERMISSION_GRANTED||checkSelfPermission(Manifest.permission.ACCESS_COARSE_LOCATION) == PackageManager.PERMISSION_GRANTED) {
manager.requestLocationUpdates(LocationManager.GPS_PROVIDER,meter,mill,new locationlist(this));
}
Will the Android permissions WRITE_EXTERNAL_STORAGE and READ_EXTERNAL_STORAGE trigger the new grant permission dialog of Android M?
I agree with Guillaume Perrot 's answer. I have met the similar question when I write the permission of READ_WRITE_EXTERNAL_STORAGE in AndroidManifest.xml
with no permissions showing up in the app by default , people need to switch the toggle button of storage in the app permissions.Then I modify my targetSdkVersion in build.gradle to less than 23(MNC) and other number related with sdkVersion, the app installed with the permissions on.
The other way is to write requestpermission function in the place that you need the permisson. The code is as follow:
if (checkSelfPermission(Manifest.permission.WRITE_EXTERNAL_STORAGE)==
PackageManager.PERMISSION_GRANTED) {
//do the things} else {
requestPermissions(new String[] { Manifest.permission.WRITE_EXTERNAL_STORAGE },
AnyNumber);
Because I have less than 15 reputation so I can't vote for the Guillaume Perrot 's answer.Just use this way to show my idea.
I solved add this if check version for Android M
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
requestPermissions(new String[]{android.Manifest.permission.WRITE_EXTERNAL_STORAGE}, 1);
requestPermissions(new String[]{android.Manifest.permission.READ_EXTERNAL_STORAGE}, 1);
}
My answer is based on my tests on M Preview SDK version 2, using an emulator.
If you target MNC preview API level, WRITE_EXTERNAL_STORAGE is not granted by default and will be part of the new dynamic permission API.
You will see the storage permission as a toggle button in the new app permissions menu in device settings, and you can use Activity.requestPermissions to show the popup for that permission.
However if you target api level < MNC, it won't be classified as a dangerous permission, and thus will be granted without a way for the user to disable it (not showing up in permission settings), and you will not be able to compile code using Activity.requestPermissions anyway as the preview SDK enforces minSdkVersion="MNC" to use the new APIs.
This is a different behavior than location permissions: whatever the API level you target, the user will be able to turn location off in permission menu.
For the permission menu itself, the permission toggle state is ON by default if:
Target API level < MNC.
Target API level = MNC but you upgrade app on device from a previous install where target API level was less than MNC.
Otherwise you will see the toggle as OFF by default.
Hope it helps.
According to the docs:
Limited Permissions Granted at Install Time: When the user installs or updates the app, the system grants the app all permissions that the app requests that fall under PROTECTION_NORMAL.
So because READ_EXTERNAL_STORAGE is falling under PROTECTION_NORMAL , it won't trigger the dialog.
But because the level of WRITE_EXTERNAL_STORAGE is PROTECTION_DANGEROUS, it will fall under this behavior as described in docs:
User Grants Permissions at Run-Time: When the app requests a permission, the system shows a dialog to the user, then calls the app's callback function to notify it whether the permission was granted. If a user grants a permission, the app is given all permissions in that permission's functional area that were declared in the app manifest
Here is the sources for the protection level:
detailed list
According to Android docs you don't need to request permission about read and write external storage.
Edit: in the latest Android M release you need to ask for both read and write permissions
Storage permission falls under dangerous protection level, So all the dangerous protection level permissions will not be granted at install time in Android M, if App target SDK is set to 23. They will be given at run time.
And yes these permissions can be revoked at run time also.
No permission dialog will not be triggered automatically, you need to do a request by using API such as requestPermissions() method to show that native dialog.
Please check the dangerous level permission list here