I have a few questions about privacy protection on Android and iOS. I've looked at Android documentation, but as a beginner I am not sure if I understand correctly (I put my understanding in square brackets). Especially, not finding the obvious way does not mean there are no workarounds to get the same information. Therefore, could any developer give advice on the following questions? Answers about iOS are also appreciated.
Can the user allow an app to use the microphone/camera/location only once (i.e. the system should always ask the user every time this app needs access)? [No, the "never ask again" option in the dialog is not meant for this purpose.]
If microphone/camera/location permission is given to an app, can it access these while in background? [Yes.]
Is it possible for an app (running in foreground) to obtain the list of other apps currently running or installed on the device? [Yes for installed ones, not sure about currently running ones.]
Can an app in background know what other apps are currently running and which one is in foreground? Can it possibly figure out whether the user is using the phone? [Not sure.]
Can an app (apart from the OS itself) take screenshots? [No.]
With regards to Android:
Can the user allow an app to use the microphone/camera/location only once (i.e. the system should always ask the user every time this app needs access)?
Not directly. They could have this effect by granting the permission, using the app, then going into Settings and revoking the permission. I suspect that few people do this. Offering a one-time-use-only option directly in the runtime permission dialog is an interesting option, though I suspect that Google would pass on it as making the flow too complicated.
If microphone/camera/location permission is given to an app, can it access these while in background?
Locations, yes, though with some limits on Android 8.0+ (for power savings). Microphone/camera, yes, though reportedly no longer starting with Android P.
Is it possible for an app (running in foreground) to obtain the list of other apps currently running or installed on the device?
Installed, yes. Running, not really, on newer versions of Android.
Can an app in background know what other apps are currently running
See above.
and which one is in foreground?
Not really, on newer versions of Android.
Can it possibly figure out whether the user is using the phone?
You can tell if the screen is on. IMHO, "whether the user is using the phone" has lots of possible definitions.
Can an app (apart from the OS itself) take screenshots?
I do not know how you are drawing the distinction here. An app can request screenshots and screen recordings through the media projection APIs on Android 5.0+, though this involves user acceptance. This acceptance is a one-time-per-process thing, so the user would have to grant access again in the future (akin to what you were seeking for microphone/camera/location).
Related
Sorry for the ambiguous title but I couldn't think of anything better than this.
I am trying to make a quiz app, in which:
when student starts test, he/she might not be able to do anything( back, go to home, recent, see notifications, open another app) until he/she finishes the test.
I had seen such a kiosk-like thing on the web.
There was a kiosk mode mentioned on the android developers documentation but I want to do it without rooting. It must start only when certain activity is started and must stop when some other activity closes.
Pretty sure that's not possible for a normal app running on a non-rooted device.
I'd be surprised (and a bit concerned) if it were, since it would allow malicious app developers to lock users out of their devices.
Google provides Android platform to developers to develop app which tune with google intention. Thats why google have Playstore to make Apps trustworthy between developer and users.
Rather than violating Android rules, Why not you try something which will respect Android flow.
Like:
1.Do your implementation based on Activity/Fragment Life-cycle method(OnCreate,OnStart,OnPause,etc).
2.Write algorithm(Business logic) such that users can not go out of your current screen otherwise they will loos session, etc.
Lets #BuildForBillions.
I've been using an application on my device and it allows access to both my camera and gallery even though I have denied access to both. In the applications permission tab, both Camera and Storage are deactivated.
The application is a popular Taxi app and my understanding was that if I deny the application permission to access content/sensors on my device, it would not allow the application access. This somehow overrides it.
My question is, is this a bug on the developers side or with Android itself? In my opinion it's pretty concerning with regards to user privacy. I've had a read through the Android Permissions Documentation and it states
"...that no app, by default, has permission to perform any operations
that would adversely impact other apps, the operating system, or the
user."
Which causes cause for concern as the application, by default has access to other apps.
To clarify the app's core functionality doesn't need access to my gallery or camera. I've also replicated this issue on numerous devices with different Android versions and the problem still persists.
My application will be running on hundreds of android devices belonging to a single owner and I may need to modify the software as an update at some point.
I decided I should include a feature to check with the server for updates and download them, which is currently working.
Installing the update is the difficult part. I need it done automatically. Preferably with no user interaction since there are hundreds of devices and it would be very time consuming to do each one manually.
This is the problem, even with the device rooted, I can not find a generic way that each device can install the update without system specific information.
I have read questions like this but can not find a proper answer: Install Android APK without prompt
The bottom answer executes but I can find no installed app, so I assume it failed.
What you want to do is not possible without some serious hacks. A private app store might be a better fit.
If your client is a Google Apps user, you can create a private channel in the Play Store.
Distribute Android apps in your organization
If not, you will have to rely on third party solution like these one:
Apperian Mobile Application Management
ManageEngine Mobile Device Manager
I didn't try any of these, so you will have to do some research to check that they fit your needs
We have project requirement where we need to force the user to upgrade the app in android and iOS both. And the application we have developed using the Hybrid technology phonegap + dojo.
I have few question with respect to that
Is it possible to make the user upgrade the app as soon as he opens the application
If yes then is there any API's available to perform this task in Android and iOS.
Is there any restriction from Apple and Android to make user upgrade forcefully.
Please can anyone help me in this. thanks a lot.
There is no API for this, but you can create a service that returns the version number of the latest allowed app or something to that effect, that can get checked on application launch and if it does not match you can ask the users to update.
I'm not sure if Apple/Google have any restrictions on this, but I've worked on a project that does this and there weren't any issues on either platform.
The only catch here is that if you already have an app in store then this might not be so feasible.
So to answer your questions:
No
No
Not 100% certain, but I don't think so.
Not if they don't want to. With mobile devices some people are sensitive about rationing out their limited bandwidth so there would be a small uproar if this was allowed.
It may be a bit late now if your app has already left the stable, but would it not be more user friendly for your app to check for updates and gently inform the user that if they do not update then the app will not be able to function until they do. If a user truly doesn't care about that sort of thing there are settings on there device to allow updates automaticly
I'm currently developing a small Android app that will not be on the Play Store. It is a private business application that will be used for a non-emergency transport company. The Android app will show drivers a list of pickups and drop-offs that they will have throughout the day and allow them to update the status of those trips. What I'd like to do is have some method of updating the app during off hours or when the device is idle. Ideally, it would be great if someone has already written some kind of Android updater that can run as a service. However, I certainly wouldn't mind writing this on my own.
Either way, all it needs to do is pull an APK from our servers and install that APK. I usually don't like doing things sneaky like this, but our clients want it to be this way so that they won't have to go to each device and press OK on permission prompts and they don't want to leave the responsibility of updating the software to the drivers.
I understand the security concerns, but it seems to me that there should be some way to allow an app to auto-update itself if the user permits it. Also, our app is signed and includes a certificate on the device to verify that the downloaded app is legit.
As CommonsWare mentioned it's not supported by standard android. If you take the path of creating your own firmware and installer take a look at the existing PackageInstaller. The required changes are not so complicated.
I did it for a couple of custom versions and it works.
Either way, all it needs to do is pull an APK from our servers and install that APK. I usually don't like doing things sneaky like this, but our clients want it to be this way so that they won't have to go to each device and press OK on permission prompts and they don't want to leave the responsibility of updating the software to the drivers.
This is not possible, except via custom firmware or on a rooted device.
it seems to me that there should be some way to allow an app to auto-update itself if the user permits it.
You are welcome to build your own customized version of Android that has this capability. Stock Android does not offer this, except to the firmware itself.