According to react-native-firebase documentation in Notifications/Receiving notifications: Before you are able to send and receive Notifications, you need to ensure that the user has granted the correct permissions.
However, I can normally receive a push notification from the server which can open the application by tapping it, even though I haven't checked and requested any permission before. I've tested on Android only.
So my question is whether it is necessary to setup permission handling if the only thing required is to receive notifications from the server without handling them in the app.
As you can see here, in Android, notifications permission is in Normal permissions group and not in Dangerous permissions.
As mentioned:
If an app declares in its manifest that it needs a normal permission, the system automatically grants the app that permission at install time.
And:
To use a dangerous permission, your app must prompt the user to grant permission at runtime.
That's why your notification works without granting user's permission in runtime.
But for iOS, you must grant user's permission at runtime or it will not work.
Related
I want to enable phone permission by default for an Android application. On checking multiple posts I see that it is getting added up at runtime explicitly by user during installation. Can I avoid it and enable it by default?
I am adding the permission READ_PHONE_STATE in Android Manifest. But this doesn't enable it by default unless and until the user goes to the setting and enable it manually.
Permission needs to be requested from the user. If you try to use the feature without permission, it will crash the app. The permission needs to be in the manifest and you need to request permission from the user as well. There is no way to do it automatically.
Side note: I believe this permission specifically is under higher scrutiny when submitted to the Play Store. The announcement they sent last year mentioned that you'll only be able to use this permission if you provide a valid reason such as making an alternative dialer app.
I am developing an app and the manifest has included permissions INTERNET and SEND_SMS. There was no asking of permissions when the apk was installed by Android Studio to either an emulator or a real phone.
When I ran the app, which sends an SMS, there was a permission exception. I had to go to Settings, Apps and under Permissions, there is an option to enable SMS. After I enabled it, the app could send SMS'es.
When the app made a network call using HttpUrlConnection, it completed successfully! Under Settings Apps, there is no option for network or Internet or the like.
Why is it that making a network communication does not require any permission by the user?
Under Settings, Apps, why is there only one permission, SMS, listed for my app?
It's the developer responsibility to request the permission at the runtime.
Before accessing any danger permission. (Runtime Permission are supported from Android M(6.0))
Not all the permission need to be requested from the user. Only Danger Permission needs an approval from the user. Normal and Danger Permsission
Please follow this guide Runtime Permission
The permissions model was changed in Android 6.0. If the app targets API 23 or above than you need to request the user for the permissions in runtime. If the app targets below API 23 than the app gets the permissions during intall.
There are some permissions like "INTERNET" that will always be during intall.
You're running your app in Android SDK>=23.
Internet permission is under Normal permission so it does not show any permission prompt but Camera permission is under Dangerous Permission so it shows permission prompt.
If an app declares that it needs a normal permission, the system automatically grants that respective permission to the app.
Refer:
Reference -
Android Permissions
StackOverflow
Permission Requests
I got the below explanation from Android documentation, about the new permission model in Android M Preview. Please explain the texts in bold in simple words because I am confused.
If the app requests permissions in the manifest that fall under PROTECTION_SIGNATURE, and the app is signed with the same certificate as the app that declared those permissions, the system grants the requesting app those permissions on installation. Apps cannot request signature permissions at runtime.
Apps can define their own permissions via the manifest. This is referring to those permissions. So if I publish 2 apps, both signed with the same certificate, and app#1 defines a new permission with signature level protection and app#2 uses that permission (by stating so in its manifest) then the system will automatically grant the permission to app#2. Note that this is not new to Android Marshmallow. Only the selective grant/revoke is.
This article will help to explain permissions in general under Android: http://hiqes.com/android-security-part-2
Let me guess.
there are two apps, A and B, they was signed with the same certificate.
first at all, user start using A app, and request permissions EXAMPLE_PERMISSION under PROTECTION_SIGNATURE, then system gives a dialog and tips user that he need to grant it. user click GRANT.
And then, user launch B app, B app wants the same permission, the EXAMPLE_PERMISSION, and when it requests the permission, system auto grant that.
Because of A app has granted it, and A and B have the same certificate.
I guess so.
Regarding Google's recent announcement about Android M and Permissions model.
Per the official Android documentation:
Limited Permissions Granted at Install Time: When the user installs or
updates the app, the system grants the app all permissions that the
app requests that fall under PROTECTION_NORMAL. For example, alarm
clock and internet permissions fall under PROTECTION_NORMAL, so they
are automatically granted at install time. The system may also grant
the app signature and system permissions, as described in System apps
and signature permissions. The user is not prompted to grant any
permissions at install time.
Particular note that it says:
...the system grants the app all permissions that the app requests.
So, if the app does not have INTERNET permission in its AndroidManifest.xml, it won't be granted access to INTERNET in that case?
Or will an app require to add INTERNET permission in its manifest in order to be able to make network calls?
As for the specific android.permission.INTERNET permission, it is still mandatory for apps that will access the Internet. If a developer were to publish an app without defining it in the Android manifest, an exception will be thrown the first time a connection attempt is made, and the app will possibly crash. This is no different than before.
All that has changed is that there won't be a prompt to the user, the app will still require the permission in the manifest.
Please check this video from Google IO - https://youtu.be/f17qe9vZ8RM?t=18m10s
There is no more Internet permission - the app will have by default access to the internet. Their idea is that if you don't have access to the device data then you can not do anything dangerous
Kind Regards
I'm working on an app which contains some scripting support. The scripts executed by this app might require all sorts of permissions in the future, but it's difficult to predict which ones.
Is there a way to request additional permissions at runtime (like iPhone apps sometimes do) instead of specifying them all in advance in AndroidManifest.xml?
According to the Android documentation:
The permissions required by an
application are declared statically in
that application, so they can be known
up-front at install time and will not
change after that.
The Android M introduces a new app permissions model which streamlines the process for users to install and upgrade apps. If an app running on the M supports the new permissions model, the user does not have to grant any permissions when they install or upgrade the app. Instead, the app requests permissions as it needs them, and the system shows a dialog to the user asking for the permission.
User Grants Permissions at Run-Time: When the app requests a permission, the system shows a dialog to the user, then calls the app's callback function to notify it whether the permission was granted. If a user grants a permission, the app is given all permissions in that permission's functional area that were declared in the app manifest.
For more information check this link.