I am trying to create a new release of my Codename One app for Android. When I upload the APK to the Google Play Console, I get an error that my APK uses android.permission.READ_PHONE_STATE and that I do need a privacy policy to be able to use that permission.
In the Codename One blog I read:
android.permission.READ_PHONE_STATE - is triggered by com.codename1.ads package, com.codename1.components.Ads, com.codename1.components.ShareButton, com.codename1.media, com.codename1.push, Display.getUdid() & Display.getMsisdn(). This permission is required for media in order to suspend audio playback when you get a phone call.
But my app does not use ads, does not use sharing, does not use media, does not use push and does not use UDID nor MSISDN. Hence, I have no clue why I would need this permission (which indeed is present in the generated APK).
How can I prevent this permission being added to the APK (or how can I detect why this permission is added).
#
#Sat Sep 28 17:12:49 BST 2019
codename1.vendor=Frans van Gool
codename1.displayName=S\u00F3 Verbos
codename1.icon=/C\:/EclipseData/JustVerbs/GaloDeBarcelos.png
codename1.arg.java.version=8
codename1.languageLevel=5
codename1.secondaryTitle=S\u00F3 Verbos
codename1.version=1.20
codename1.mainName=Main
codename1.ios.certificatePassword=
codename1.arg.ios.newStorageLocation=true
codename1.rim.signtoolDb=
libVersion=212
codename1.ios.certificate=
codename1.android.keystorePassword=**************
codename1.j2me.nativeTheme=nativej2me.res
codename1.rim.signtoolCsk=
codename1.android.keystore=/C\:/eclipseData/JustVerbs/keychain.ks
codename1.android.keystoreAlias=justverbs
codename1.rim.certificatePassword=
codename1.ios.provision=
codename1.packageName=nl.griffelservices.justverbs
Apparently this works (this text has always been here - not sure why it was hidden)
<uses-permission tools:node="remove" android:name="android.permission.READ_PHONE_STATE" />
<uses-permission tools:node="remove" android:name="android.permission.READ_PHONE_STATE" />
see:
https://facebook.github.io/react-native/docs/removing-default-permissions
(apparently this link no longer works)
I have implemented it but have not tried it (many moons later - I have tried it and it does work). I did not know one could remove permissions in the manifest - first of all I never expected they would get added!
Related
We reviewed your request and found that your app, does not qualify for use of the requested permissions for the following reasons:
The declared feature {Default SMS} is allowed; however we determined it to be unnecessary for the core functionality of your app.
Default SMS [READ_SMS, SEND_SMS, WRITE_SMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, RECEIVE_MMS]
I use the <uses-permission android:name="android.permission.SEND_SMS" />
to share the app via SMS (send a text and a link to the website ), whats the work arround?
Thanks
If I understand correctly you want SMS as a feature but not a requirement.
I think what you wanted to do is add uses-feature declarations with android:required="false".
From android docs
When you declare android:required="false" for a feature, it means that the application prefers to use the feature if present on the device, but that it is designed to function without the specified feature, if necessary.
Solved by removing <uses-permission android:name="android.permission.SEND_SMS" />
and calling a intent to open the Native Device Sms App
(if you came here by googling looking for a solution for this error,below links will give you an answer,also my question has kind of an explanation!)
Possible duplicate of
INSTALL_FAILED_DUPLICATE_PERMISSION… C2D_MESSAGE
Error -505 INSTALL_FAILED_DUPLICATE_PERMISSION
Wait!
I got this error today in a live project.User came with the 505 error unable to install the app.Then i ran it on IDE!
If you download an app with this mentioned issue from play store you will get an error with 505 when you try to install.
If you try to run it using your IDE you will get the error like in above image! (correct me if I am wrong)
Then I was looking for reasons.
This was my issue!
<permission
android:name="in.wptrafficanalyzer.locationroutedirectionmapv2.permission.MAPS_RECEIVE"
android:protectionLevel="signature" />
<uses-permission android:name="in.wptrafficanalyzer.locationroutedirectionmapv2.permission.MAPS_RECEIVE" />
Surprise thing was another developer's app on a particular users phone used the same signature! Damn, those copy pastes met each other today!!
I think if I try to declare same permission in two applications with
same package name this error can occur.(correct me if I am wrong)
Here are my 2 questions?
1.Do they need to be with the same permission? anyway they will get this thing when its same. lets say app A users a pkg.name with permission permission.RECEIVE app B use same package with another permission CONFIGURE_SIP.Can this occur when they meet each other?(seems like a stupid question but I want to confirm the other app that was there in the client's mobile had the same thing!)
2.What are/is there any other the possibilities that this error can occur?
An application defines a custom permission using signature level security
You attempt to update the installed app with a version signed with a different key
The test device is running Android 21 or newer with support for multiple users
Got those 1 2 3 from this post ! Are they true? If yes any good explanation about them will be great or any additional reason for this error?
There are many good answers in the mentioned posts!Not asking how to fix this! But how it gets generated! Also if I mentioned/understood something wrong please do note it down!!
Thank you.
Edit : As I mentioned please note that the issue came form an app which is already in the Play Store. And about the other app I have no idea! It's there in the client's mobile.Probably its also from play store because even developer options was not activated till I try to run on that mobile.He did not had any previous apps from my company as well.He just tried to download the app got 505 error and came to fix it.
And also my first option was the removal of that permission an it made the app install successfully(not the right thing but to confirm where the issue was). That is the reason that I need to know the possibilities of this error!
#commonsware blogs has explain it in details in Custom Permission Vulnerability and the 'L' Developer Preview:
Near as I can tell, the “L” Developer Preview requires that all apps
with a <permission> element for the same android:name value be signed
by the same signing key. The actual protectionLevel or other values
inside the <permission> does not matter. Even if they are identical, an
app trying to define the <permission> will fail to install if an
existing installed app already defines the <permission>. Specifically,
the installation of the second app will fail with an
INSTALL_FAILED_DUPLICATE_PERMISSION error.
Here the answer from #commonsware: https://stackoverflow.com/a/11730133/4758255
Your problem isn't permissions. It's impossible to have two apps with the same manifest package name.It must be unique. So system think that user try to reinstall/update old app with new signing certificate. From android developers blog
If the signing certificate changes, trying to install the new application on to the device will fail until the old version is uninstalled.
EDIT:
I run some tests with permissions. I think, behavior is very similar with application package name. Error occur only if 100% matching. Results:
app A(package test.test) vs app B(package test.test2)
package="test.test">
<permission
android:name="test2.example.h"
android:protectionLevel="signature" />
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="test.test2">
<permission
android:name="test.example.hr"
android:protectionLevel="signature" />
permission A - test.example.h vs B - test.example.h - DUPLICATE_PERMSSIONS error
test.example vs test.example.h - success
test.example.g vs test.example.h - success
uses-permission doesn't affect on errors/installations. But I think you can get SeciurityException in runtime, if try to use others permissions.
I am trying to show a live preview of the rear facing camera in Codename One. I use for that the native interface (I am targetting Android first).
To allow my app to use the camera without messing up with build hints, I added these lines in my Main Form :
if (Capture.hasCamera()){
Dialog.show("Appareil photo détecté", "Votre matériel est bien équipé d'un appareil photo!", "OK", null);
}
I did that because Codename One blog stated
android.hardware.camera & android.permission.RECORD_AUDIO - are triggered by com.codename1.Capture
However while debugging the app with the sources I got from CN1 under Android Studio on a real device (API LEVEL 19 aka Kit Kat) I always got a java.lang.RuntimeException: Fail to connect to camera service.
After a while I realized that the exception was due to the lack of the following permission in manifest.xml :
<uses-permission android:name="android.permission.CAMERA" android:required="false"/>
Please note that as stated in CN1 blog the line <uses-feature android:name="android.hardware.camera" android:required="false" /> was already added by CN1.
Now that I've added this line the live preview is well shown.
Why is this permission not automatically added in the manifest, should I really add it to the build hint ?
Moreover I have another project that uses the Camera to take photo and save them on the phone and the Camera permission is neither shown (in Android Application Info) nor requested during app installation whereas it works perfectly well. Please note that e.g. Twitter App shows "Take photos and record videos" in the app permissions so it does not seem to be a problem with my phone hiding camera permission.
EDIT November 20th 2016 :
Indeed Android Developer's guide states that
Note: If you are using the camera by invoking an existing camera app, your application does not need to request this permission.
That's why CN1 does not require this permission!
Thanks for helping me getting the permission management with CN1 right.
You need to add the following build hint:
android.xpermissions=<uses-permission android:name="android.permission.CAMERA" android:required="false"/>
You can also add this to the cn1lib so it is injected automatically.
In the past, you add the permission you want to your manifest and then it is requested when your user attempts to install your app. As of Android 6.0+, this has changed. Now you can just request a permission when your app needs it for the first time. After the user grants you permission, you don't need to ask again next time. Some benefits of this include keeping your user aware of why you need specific permissions and not requesting permissions that you don't actually need.
You can read more about how to implement it here: https://developer.android.com/training/permissions/requesting.html
There is no way to use a phones camera without asking for permission at some point.
I am trying to upload files using firebase. The code works fine on devices with only internal storage but while trying on devices with external storage(SD card) it shows User does not have permission to access this object. Code: -13021 HttpResult: 403 error.
My manifest file contains following permissions
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
The default security rules for storage buckets require you to sign in with firebase authentication. You can use any authentication method. At a minimum, you must you anonymous signin by:
enable anonymous signin in the "Auth" tab of the Firebase website
follow the steps here to add code to sign in: https://firebase.google.com/docs/auth/android/anonymous-auth#authenticate-with-firebase-anonymously
You can also set your rules to allow access to anyone -- including those who have not yet authenticated. But this is not recommended as your data will not be secure.
You will just need to use request.auth in your rules instead of just auth.
See StorageException: StorageException has occurred. User does not have permission to access this object.
Also Secure User Data to get more idea.
I hope its helps you.
Check if target SDK version in build.gradle is 23, if so you need to implement runtime permissions or change it to 22
Do not build your project with targetSdk set to anything higher than 22 if your project requires additional permissions, because you must then support Runtime Permissions. As a quick solution, change targetSdk to 22, clean and rebuild your project and you will be fine.
1.Go to your firebase console
2.Go to your app
3.Click on the authentication button in the left hand side
4.Click on the sign-in method tab
5.Hover on the anonymous item below in the list
6.Click on the pencil button at the right side of the item
7.Click on enable and then save
This should work
just go to the authentication and allow sign in method for anonymous and your problem will completely finish
This is my first time posting here. I'm not sure if this is the right place to ask this question, but I don't seem to find other more appropriate places. Here's my question anyways.
I understand that the API ActivityManager.forceStopPackage() is an internal one and can be called only from system process. However, it puzzles me that the built-in Task Manager app (with package name com.motorola.PerformanceManager) on my motorola atrix phone can directly call it without being a system process. There are two things that I verified.
First, it is non-system process from ps command:
app_64 13681 1379 170788 29820 ffffffff 00000000 S com.motorola.PerformanceManager
Second, it indeed calls the ActivityManager.forceStopPackage() API from its odex file (decompiled into smali, then into dex, and then into java). From the smali code, it is already clear that it calls this API.
I also checked its AndroidManifest.xml file which seems nothing special to me (the forum mistakenly recognizes the content as URLs and prevents me from posting them).
The manifest file does include the android.permission.FORCE_STOP_PACKAGES permission which is supposed to be a system one. A non-system app will still get permission denial error even with this permission. I tried using reflection to access this API with android.permission.FORCE_STOP_PACKAGES permission but still get the runtime error.
Now, how can the built-in Task Manager app call the internal API without being a system process.
One possibility is that the app is signed with the same platform private key. However, I'm not sure how I can verify that. Further, it is still supposed to be a system process with additional descriptions in the manifest file.
Hope someone can answer my question. Thanks.
The "android.permission.FORCE_STOP_PACKAGES" permission is protected by the platform signature.
If you have Android source code then check the declaration of the permission:
/frameworks/base/core/res/AndroidManifest.xml
...
<permission android:name="android.permission.FORCE_STOP_PACKAGES"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature"
...
You can see its protection level is signature, then check the SDK documentation for the explaination:
"android:protectionLevel"
http://developer.android.com/guide/topics/manifest/permission-element.html#plevel
"signature...A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval"
The permission is declared by the framework-res which is signed by the platform signature, so the application that wants to use the permission shall also be signed with the same signature.
/frameworks/base/core/res/Android.mk
...
LOCAL_PACKAGE_NAME := framework-res
LOCAL_CERTIFICATE := platform
...
Regards
Ziteng Chen