Throughout my app I request permissions runtime, but for the READ_SMS permission, I would like to have that permission enabled on download from playstore. How can I request permissions from play store install instead of at runtime?
You can't. It used to be that all permissions were granted at install time. Now, important permissions like that can only be granted at runtime. This is to improve the user's security, allow them to prevent apps from accessing data they don't want to share without realizing it, and allow them to revoke permissions when no longer applicable.
Related
requestPermissions(permissionsToRequest.toArray(new String[permissionsToRequest.size()]), 101);
In Android, after Marshmallow version, is there any way to turn on dangerous permissions like accessing device's fine location, camera or microphone automatically without user's consultation? If not, why is it so? What is the reason behind it?
I wish I would be able to closely monitor my iPad by using my smartphone while I am at office and it would be good if it were possible to do it without user's consultation. I also know that once an app is installed and if a user accepts for a dangerous permission at least once, then it would not prompt for it again.
By the way, why it is known as dangerous permission and not something like sensitive permission, as it intrudes user's privacy and makes it possible to access stored files on any given user's mobile device?
Dangerous permissions
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps. For example, the ability to read the user's contacts is a dangerous permission. If an app declares that it needs a dangerous permission, the user has to explicitly grant the permission to the app. Until the user approves the permission, your app cannot provide functionality that depends on that permission.
To use a dangerous permission, your app must prompt the user to grant permission at runtime. For more details about how the user is prompted, see Request prompt for dangerous permission.
I am adding PACKAGE_USAGE_STATS permission to my app. Since this is a special permission that the user needs to grant from a special settings page, I would not expect it to appear in the Google Play permission list when they install the app - and thus I expect it not to enforce manual update for my app. Will it enforce manual update for my app or it will allow auto update for existing users?
Adding a permission will cause, that users will have to update the app manually.
All the permissions, which are in your manifest file are listed on Google Play.
Doesn't matter if it's runtime permission or not.
How does I determine which permissions should I ask at runtime and which one is 'enough' to have declared in the manifest?
From the documentation:
System permissions are divided into two categories, normal and dangerous:
Normal permissions do not directly risk the user's privacy. If your app lists a normal permission in its manifest, the system grants the permission automatically.
Dangerous permissions can give the app access to the user's confidential data. If your app lists a normal permission in its manifest, the system grants the permission automatically. If you list a dangerous permission, the user has to explicitly give approval to your app.
See the documentation on normal permissions and dangerous permissions for more details.
Dangerous permissions should ask in runtime, normal enough in manifest. List of dangerous and normal permissions you can see here.
From docs:
System permissions are divided into several protection levels. The two
most important protection levels to know about are normal and
dangerous permissions:
Normal permissions cover areas where your app needs to access data or
resources outside the app's sandbox, but where there's very little
risk to the user's privacy or the operation of other apps. For
example, permission to set the time zone is a normal permission. If an
app declares that it needs a normal permission, the system
automatically grants the permission to the app. For a full listing of
the current normal permissions, see Normal permissions.
Dangerous
permissions cover areas where the app wants data or resources that
involve the user's private information, or could potentially affect
the user's stored data or the operation of other apps. For example,
the ability to read the user's contacts is a dangerous permission. If
an app declares that it needs a dangerous permission, the user has to
explicitly grant the permission to the app. Special Permissions There
are a couple of permissions that don't behave like normal and
dangerous permissions. SYSTEM_ALERT_WINDOW and WRITE_SETTINGS are
particularly sensitive, so most apps should not use them. If an app
needs one of these permissions, it must declare the permission in the
manifest, and send an intent requesting the user's authorization. The
system responds to the intent by showing a detailed management screen
to the user.
For details on how to request these permissions, see the
SYSTEM_ALERT_WINDOW and WRITE_SETTINGS reference entries.
You should always put every permission you want access to in the Manifest. Devices before Android Marshmallow cannot handle runtime permissions, so unless you are targeting only Marshmallow and above, this part is important.
You do not need to ask at runtime for any "Normal Permissions". Only permissions designated as "dangerous" are not given automatically.
If you're targeting Android Marshmallow and above, you've to request for dangerous permissions at runtime. You can find the list here. You should also read this.
I'm trying to grant some runtime permissions to my app automatically, these include ACCESS_FINE_LOCATION, READ_PHONE_STATE as well as ACTION_MANAGE_OVERLAY_PERMISSION. Do note that this requires at least Device Administrator access rights, which I have.
While the first two work flawlessly via
dpm.setPermissionGrantState(componentName, "com.my.app", Manifest.permission.READ_PHONE_STATE, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED);
dpm.setPermissionGrantState(componentName, "com.my.app", Manifest.permission.ACCESS_FINE_LOCATION, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED);
ACTION_MANAGE_OVERLAY_PERMISSION does not work at all. I believe this might be due to the fact that it's not part of Manifest.permission but instead android.settings.action.MANAGE_OVERLAY_PERMISSION. However it still is a permission that I want to be granted automatically.
Edit: While it seems that this permission is granted automatically to any app that requests it, this only is the case for apps distributed via the playstore. Unfortunately my App is NOT distributed that way.
include ACCESS_FINE_LOCATION, READ_PHONE_STATE as well as ACTION_MANAGE_OVERLAY_PERMISSION
ACTION_MANAGE_OVERLAY_PERMISSION is not a permission.
but instead android.settings.action.MANAGE_OVERLAY_PERMISSION
That is not a permission. That is an Intent action.
The permission that you probably want is SYSTEM_ALERT_WINDOW.
I was able to automatically grant this permission, from my device owner app:
devicePolicyManager.setPermissionGrantState(compName, this.packageName, Manifest.permission.SYSTEM_ALERT_WINDOW, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED)
You also need in your manifest:
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
After this Settings.canDrawOverlays() returns true, and the permission is granted in the settings app. Although unlike other permissions granted this way, it seems like the user can choose to disable it in settings. My targetSdkVersion is 26
It is a new behaviour introduced in Marshmallow 6.0.1.
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
If instead the app is sideloaded, the permission is not automatically granted. You can try to download and install the Evernote APK from apkmirror.com. As you can see you need to manually grant the permission in Settings -> Apps -> Draw over other apps.
These are the commits [1] [2] that allow the Play Store to give the automatic grant of the SYSTEM_ALERT_WINDOW permission.
I read that with Android 6.0, users need to manually allow apps to hold this permission by going to app advanced settings and enabling "Draw over other apps". I have a Nexus 5 with Android 6.0 but I don't seem to be prompted to enable this setting. When I install apps from the Play Store that require this permission, such as LastPass, it gets granted automatically.
Why is this so?
It is a new behaviour introduced in Marshmallow 6.0.1.
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
If instead the app is sideloaded, the permission is not automatically granted. You can try to download and install the Evernote APK from apkmirror.com. As you can see you need to manually grant the permission in Settings -> Apps -> Draw over other apps.
[The above information is from this post.]
If you want the app to be sideloaded, you show manually show a prompt and direct the user to enable Draw over other apps permissions from the settings. Have a look at Requesting permissions
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
Click here! This may help
There are mainly two types of permissions, they are
Normal Permissions
Dangerous Permissions
Normal permissions indicates that there's no great risk to the user's privacy or security in letting apps have those permissions. For example, users would reasonably want to know whether an app can read their contact information, so users have to grant this permission explicitly. By contrast, there's no great risk in allowing an app to vibrate the device, so that permission is designated as normal.
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps. For example, the ability to read the user's contacts is a dangerous permission. If an app declares that it needs a dangerous permission, the user has to explicitly grant the permission to the app.
In this case, SYSTEM_ALERT_WINDOW comes under Normal permissions, that is if an app declares in its manifest that it needs a normal permission, the system automatically grants the app that permission at install time. The system does not prompt the user to grant normal permissions, and users cannot revoke these permissions.
You can see the list of normal permissions in this link and dangerous permissions here.