requestPermissions(permissionsToRequest.toArray(new String[permissionsToRequest.size()]), 101);
In Android, after Marshmallow version, is there any way to turn on dangerous permissions like accessing device's fine location, camera or microphone automatically without user's consultation? If not, why is it so? What is the reason behind it?
I wish I would be able to closely monitor my iPad by using my smartphone while I am at office and it would be good if it were possible to do it without user's consultation. I also know that once an app is installed and if a user accepts for a dangerous permission at least once, then it would not prompt for it again.
By the way, why it is known as dangerous permission and not something like sensitive permission, as it intrudes user's privacy and makes it possible to access stored files on any given user's mobile device?
Dangerous permissions
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps. For example, the ability to read the user's contacts is a dangerous permission. If an app declares that it needs a dangerous permission, the user has to explicitly grant the permission to the app. Until the user approves the permission, your app cannot provide functionality that depends on that permission.
To use a dangerous permission, your app must prompt the user to grant permission at runtime. For more details about how the user is prompted, see Request prompt for dangerous permission.
Related
Throughout my app I request permissions runtime, but for the READ_SMS permission, I would like to have that permission enabled on download from playstore. How can I request permissions from play store install instead of at runtime?
You can't. It used to be that all permissions were granted at install time. Now, important permissions like that can only be granted at runtime. This is to improve the user's security, allow them to prevent apps from accessing data they don't want to share without realizing it, and allow them to revoke permissions when no longer applicable.
How does I determine which permissions should I ask at runtime and which one is 'enough' to have declared in the manifest?
From the documentation:
System permissions are divided into two categories, normal and dangerous:
Normal permissions do not directly risk the user's privacy. If your app lists a normal permission in its manifest, the system grants the permission automatically.
Dangerous permissions can give the app access to the user's confidential data. If your app lists a normal permission in its manifest, the system grants the permission automatically. If you list a dangerous permission, the user has to explicitly give approval to your app.
See the documentation on normal permissions and dangerous permissions for more details.
Dangerous permissions should ask in runtime, normal enough in manifest. List of dangerous and normal permissions you can see here.
From docs:
System permissions are divided into several protection levels. The two
most important protection levels to know about are normal and
dangerous permissions:
Normal permissions cover areas where your app needs to access data or
resources outside the app's sandbox, but where there's very little
risk to the user's privacy or the operation of other apps. For
example, permission to set the time zone is a normal permission. If an
app declares that it needs a normal permission, the system
automatically grants the permission to the app. For a full listing of
the current normal permissions, see Normal permissions.
Dangerous
permissions cover areas where the app wants data or resources that
involve the user's private information, or could potentially affect
the user's stored data or the operation of other apps. For example,
the ability to read the user's contacts is a dangerous permission. If
an app declares that it needs a dangerous permission, the user has to
explicitly grant the permission to the app. Special Permissions There
are a couple of permissions that don't behave like normal and
dangerous permissions. SYSTEM_ALERT_WINDOW and WRITE_SETTINGS are
particularly sensitive, so most apps should not use them. If an app
needs one of these permissions, it must declare the permission in the
manifest, and send an intent requesting the user's authorization. The
system responds to the intent by showing a detailed management screen
to the user.
For details on how to request these permissions, see the
SYSTEM_ALERT_WINDOW and WRITE_SETTINGS reference entries.
You should always put every permission you want access to in the Manifest. Devices before Android Marshmallow cannot handle runtime permissions, so unless you are targeting only Marshmallow and above, this part is important.
You do not need to ask at runtime for any "Normal Permissions". Only permissions designated as "dangerous" are not given automatically.
If you're targeting Android Marshmallow and above, you've to request for dangerous permissions at runtime. You can find the list here. You should also read this.
I read that with Android 6.0, users need to manually allow apps to hold this permission by going to app advanced settings and enabling "Draw over other apps". I have a Nexus 5 with Android 6.0 but I don't seem to be prompted to enable this setting. When I install apps from the Play Store that require this permission, such as LastPass, it gets granted automatically.
Why is this so?
It is a new behaviour introduced in Marshmallow 6.0.1.
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
If instead the app is sideloaded, the permission is not automatically granted. You can try to download and install the Evernote APK from apkmirror.com. As you can see you need to manually grant the permission in Settings -> Apps -> Draw over other apps.
[The above information is from this post.]
If you want the app to be sideloaded, you show manually show a prompt and direct the user to enable Draw over other apps permissions from the settings. Have a look at Requesting permissions
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
Click here! This may help
There are mainly two types of permissions, they are
Normal Permissions
Dangerous Permissions
Normal permissions indicates that there's no great risk to the user's privacy or security in letting apps have those permissions. For example, users would reasonably want to know whether an app can read their contact information, so users have to grant this permission explicitly. By contrast, there's no great risk in allowing an app to vibrate the device, so that permission is designated as normal.
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps. For example, the ability to read the user's contacts is a dangerous permission. If an app declares that it needs a dangerous permission, the user has to explicitly grant the permission to the app.
In this case, SYSTEM_ALERT_WINDOW comes under Normal permissions, that is if an app declares in its manifest that it needs a normal permission, the system automatically grants the app that permission at install time. The system does not prompt the user to grant normal permissions, and users cannot revoke these permissions.
You can see the list of normal permissions in this link and dangerous permissions here.
i am making on application in marshmallow 6.0 but when i am trying to share a uri using Intent,i am not able to share image on facebook when the facebook permissions for storage is off through my app.
how to make facebook storage permissions to ON or how to prompt dialog for permissions to be granted while sharing link using our app.
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps. For example, the ability to read the user's contacts is a dangerous permission. If an app declares that it needs a dangerous permission, the user has to explicitly grant the permission to the app.
Check this tutorial, easy mode by google:
https://github.com/googlesamples/easypermissions
for more information:
http://developer.android.com/intl/es/guide/topics/security/permissions.html#normal-dangerous
I have few doubts.
Is it possible for Android application after installation, to ask user for permission for accessing certain functions? Like say the app A wants to read contacts for a specific purpose. If the user grants permission, then the activity will take place. Else it wont. Is it possible?
Is there a way of allowing user to select/de-select permissions during installation time?
I have read that using CyanogenMod grants user these kind of priveleges. Is there any solution for non-rooted user, apart from take-it-or-leave-it approach?
It would be great, but not, all permission must be granted during installation :-(
Only exception is access to the google profile, this will be authorized during first access.
I hope that a future android version will can do that.
Cyanogen can do opposite. You must grant all permissions during install, but you can explicitly remove them later. But it result in application crash very often. This is only for advanced users.