I have an app using this method: getLine1Number from TelephonyManager
According to Android Documentation, this method needs READ_PHONE_STATE runtime permission. When I call this api without giving this permission, my app crashes. However, If I grant this app with the signature permission READ_PRIVILEGED_PHONE_STATE and without giving the READ_PHONE_STATE permission, the api works and the app does not crash.
Why is it the case?
the reason is simple, some APIs in order to work read permission from the android system as they are trying to access user-private data. Android, designed as a secure OS, would grant permissions to expose such data to these APIs. Some permissions needs to be explicitly agreed upon by the user, while some only need to be registered to keep track of.
Not including these permissions in the Manifesto will cause a permission not granted error and the app will crash as your source code probably does not have logic to deal with that.
Related
I am developing an app and the manifest has included permissions INTERNET and SEND_SMS. There was no asking of permissions when the apk was installed by Android Studio to either an emulator or a real phone.
When I ran the app, which sends an SMS, there was a permission exception. I had to go to Settings, Apps and under Permissions, there is an option to enable SMS. After I enabled it, the app could send SMS'es.
When the app made a network call using HttpUrlConnection, it completed successfully! Under Settings Apps, there is no option for network or Internet or the like.
Why is it that making a network communication does not require any permission by the user?
Under Settings, Apps, why is there only one permission, SMS, listed for my app?
It's the developer responsibility to request the permission at the runtime.
Before accessing any danger permission. (Runtime Permission are supported from Android M(6.0))
Not all the permission need to be requested from the user. Only Danger Permission needs an approval from the user. Normal and Danger Permsission
Please follow this guide Runtime Permission
The permissions model was changed in Android 6.0. If the app targets API 23 or above than you need to request the user for the permissions in runtime. If the app targets below API 23 than the app gets the permissions during intall.
There are some permissions like "INTERNET" that will always be during intall.
You're running your app in Android SDK>=23.
Internet permission is under Normal permission so it does not show any permission prompt but Camera permission is under Dangerous Permission so it shows permission prompt.
If an app declares that it needs a normal permission, the system automatically grants that respective permission to the app.
Refer:
Reference -
Android Permissions
StackOverflow
Permission Requests
I have read Dengerous permission and Normal permission as well. but I didn't find this permission anywhere. I just want to know what kind of permission is it?
WRITE_SETTINGS
added in API level 1
String WRITE_SETTINGS
Allows an application to read or write the system settings.
Note: If the app targets API level 23 or higher, the app user must explicitly grant this permission to the app through a permission management screen. The app requests the user's approval by sending an intent with action ACTION_MANAGE_WRITE_SETTINGS. The app can check whether it has this authorization by calling Settings.System.canWrite().
Protection level: signature
Constant Value: "android.permission.WRITE_SETTINGS"
Special Permissions
There are a couple of permissions that don't behave like normal and dangerous permissions. SYSTEM_ALERT_WINDOW and WRITE_SETTINGS are particularly sensitive, so most apps should not use them. If an app needs one of these permissions, it must declare the permission in the manifest, and send an intent requesting the user's authorization. The system responds to the intent by showing a detailed management screen to the user.
Source: https://developer.android.com/guide/topics/permissions/requesting.html#perm-groups
The protection level is signature. You must ask the user to be granted this permission if your API level is greater than or equal to 23.
You can find the documentation on all permissions here,
and you can find the documentation for the permission you specified here.
What is the best way to access the app usage database on Android, without using the API?
In particular, I would like to make a local copy of the database behind this API:
http://developer.android.com/reference/android/app/usage/UsageStats.html
There's no best way, other than the API. You may or may not receive the permission to access this data. On this page it says:
NOTE: This API requires the permission
android.permission.PACKAGE_USAGE_STATS, which is a system-level
permission and will not be granted to third-party apps. However,
declaring the permission implies intention to use the API and the user
of the device can grant permission through the Settings application.
It reads as though you might get the permission if you declare it and the user grants it... or you might not, as it will not be granted to third-party apps.
Regarding Google's recent announcement about Android M and Permissions model.
Per the official Android documentation:
Limited Permissions Granted at Install Time: When the user installs or
updates the app, the system grants the app all permissions that the
app requests that fall under PROTECTION_NORMAL. For example, alarm
clock and internet permissions fall under PROTECTION_NORMAL, so they
are automatically granted at install time. The system may also grant
the app signature and system permissions, as described in System apps
and signature permissions. The user is not prompted to grant any
permissions at install time.
Particular note that it says:
...the system grants the app all permissions that the app requests.
So, if the app does not have INTERNET permission in its AndroidManifest.xml, it won't be granted access to INTERNET in that case?
Or will an app require to add INTERNET permission in its manifest in order to be able to make network calls?
As for the specific android.permission.INTERNET permission, it is still mandatory for apps that will access the Internet. If a developer were to publish an app without defining it in the Android manifest, an exception will be thrown the first time a connection attempt is made, and the app will possibly crash. This is no different than before.
All that has changed is that there won't be a prompt to the user, the app will still require the permission in the manifest.
Please check this video from Google IO - https://youtu.be/f17qe9vZ8RM?t=18m10s
There is no more Internet permission - the app will have by default access to the internet. Their idea is that if you don't have access to the device data then you can not do anything dangerous
Kind Regards
I am new to Android and have a question regarding protection level "Signature" for permissions in AndroidManifest.xml.
The Android reference document states about "Signature" protection level:
A permission that the system grants only if the requesting application
is signed with the same certificate as the application that declared
the permission. If the certificates match, the system automatically
grants the permission without notifying the user or asking for the
user's explicit approval.
This implies that permissions which have protection level "Signature" are not available to use by normal application and can only be used Android Dev Team.
What I am wondering about is that how many applications in Android Market or on other sites can have these permissions? Like an application which is used for recording calls has android.permission.DEVICE_POWER in addition to other permissions. Is Android system really granting this permission to this application while installation?
When I tried to use the permission "READ_INPUT_STATE" (new in 2.2) I got the following error in LogCat:
06-28 09:28:34.943: WARN/PackageManager(60): Not granting permission android.permission.READ_INPUT_STATE to package com.example.wheredoyoulive (protectionLevel=2 flags=0x8444)
The same is true for permissions with Protection Level "SignatureOrSystem". There exists a caller application which has CALL_PRIVILEGED permission in addition to other permissions.
Please help me and clear my doubts.
Regards
Abhishek
I believe the purpose of the "Signature" permission level is for two applications by the same developer to be able to share data seamlessly without bothering the user. The READ_INPUT_STATE permission is not intended to be used in applications:
Allows an application to retrieve the current state of keys and switches. This is only for use by the system.
See http://developer.android.com/reference/android/Manifest.permission.html#READ_INPUT_STATE
Facebook home uses this,
once you install it you'll notice that it doesn't request ANY permissions, but explicitly requires that the facebook app be installed, this is so that the system can grant it the necessary permissions by proxy of the Facebook app.
Typically what happens is the Facebook app with advertise facilities for other apps to read your status and news feed, normally these apps would need to explicitly request permission to use them if they are signed under a different certificate or rather private key.