SecurityException when using uses-permissions - android

I have two apps : App1 and App2
In App1 specified permission like this
<uses-permission android:name="com.commonname.providers.app2.READ_LOGIN_TOKEN" />
In App2 specified peromission like this
<uses-permission android:name="com.commonname.providers.app1.READ_LOGIN_TOKEN" />
I have installed applications in order: first App1 then App2.
When I run App1 I received SecurityException, like this:
Writing exception to parcel
java.lang.SecurityException: Permission Denial: reading
com.commonname.providers.App1 uri
content://com.commonname.providers.app1/logintoken from pid=5550,
uid=10919 requires com.commonname.providers.app1.READ_LOGIN_TOKEN,
or grantUriPermission()
at android.content.ContentProvider.enforceReadPermissionInner(ContentProvider.java:608)
at android.content.ContentProvider$Transport.enforceReadPermission(ContentProvider.java:483)
at android.content.ContentProvider$Transport.query(ContentProvider.java:212)
at android.content.ContentProviderNative.onTransact(ContentProviderNative.java:112)
at android.os.Binder.execTransact(Binder.java:565)
Is exists way to request permissions again, while running application?
Or other way to grand access to this permission if application was installed first.
I have read this article https://github.com/commonsguy/cwac-security/blob/master/PERMS.md#android-50-behavior, and known depending from install order, but maybe exists some way.

It depens on your SDK version, if it higher than 23 you must request permissions runtime.

Related

Huawei phone write to external storage fails even that the permission added to the manifest

Hey I have developed an app that saves a picture to external storage using MediaStore library.
MediaStore.Images.Media.insertImage(
contentResolver,
takenImage,
imgName,
"Image Saved"
)
The function work on Samsung A30 and Xiomi devices however when testing on Huawei p90 it fails(not saving the image) and throwing permission denial exception:
java.lang.SecurityException: Permission Denial: writing com.android.providers.media.MediaProvider uri content://media/external/images/media from pid=15830, uid=10438 requires android.permission.WRITE_EXTERNAL_STORAGE, or grantUriPermission()
However I do have the android.permission.WRITE_EXTERNAL_STORAGE permission in the manifest, when the is running I am prompted with a permission request (dealing with the runtime permission via CameraKit function and package)
Anything I missed?
Please check in manifest for the desired permission.
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>

Trying to remove Android SMS and CALL_LOG permissions per Play Console, but can't find them

The Play Dev Console warns me that my app will be impacted by a policy change governing the use of SMS and CALL_LOG permissions, however I can't find that those permissions are used in my app. Here are the permissions the app uses, which I verified by opening the APK in Android Studio and reviewing AndroidManifest.xml:
com.google.android.c2dm.permission.RECEIVE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.GET_ACCOUNTS
android.permission.WAKE_LOCK
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.VIBRATE
android.permission.WRITE_SETTINGS
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.USE_FINGERPRINT
Are any of the above triggers for the SMS or CALL_LOG permission? Relevant information: This is an old app that I'm trying hard not to need to recompile, although it may be unavoidable.
I had the same problem, to solve the problem I changed the binary of the internal test because I only had changed the production binary.
OK, I think I found the answer. In Google's permissions documentation, they say that the READ_CONTACTS permission is a trigger for the *_CALL_LOG permissions, and this happens only if your minSdkVersion and targetSdkVersion are <= 15. This describes my situation in this aging app, so my next step will be to either try to minimally tweak it and sign it, or else bite the bullet and modernize the whole build.

App not working in all devices

I made a music player app. It runs properly in some devices but it crashes in some others. I am not able to understand the error. How do I fix it? All I understand is the first error and that is I have to take separate permission for read phone state permission.
Error 1:
java.lang.RuntimeException: Unable to create service beatbox.neelay.beatbox.MediaService: java.lang.SecurityException: Neither user 10103 nor current process has android.permission.READ_PHONE_STATE.
at android.app.ActivityThread.handleCreateService(ActivityThread.java:2804)
at android.app.ActivityThread.access$1900(ActivityThread.java:154)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1404)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:135)
at android.app.ActivityThread.main(ActivityThread.java:5292)
at java.lang.reflect.Method.invoke(Native Method)
at java.lang.reflect.Method.invoke(Method.java:372)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:904)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:699)
Caused by: java.lang.SecurityException: Neither user 10103 nor current process has android.permission.READ_PHONE_STATE.
at android.os.Parcel.readException(Parcel.java:1546)
at android.os.Parcel.readException(Parcel.java:1499)
at com.android.internal.telephony.ITelephonyRegistry$Stub$Proxy.listenForSubscriber(ITelephonyRegistry.java:544)
at android.telephony.TelephonyManager.listen(TelephonyManager.java:2514)
at beatbox.neelay.beatbox.MediaService.callStateListener(MediaService.java:612)
at beatbox.neelay.beatbox.MediaService.onCreate(MediaService.java:126)
at android.app.ActivityThread.handleCreateService(ActivityThread.java:2794)
... 9 more
This is the error that is submitted by the user.
Error 2:
Writing exception to parcel
java.lang.SecurityException:
External path: /storage/emulated/0/Android/data/com.android.providers.media/albumthumbs/1481126994678: Neither user 10199 nor current process has android.permission.WRITE_EXTERNAL_STORAGE.
at android.app.ContextImpl.enforce(ContextImpl.java:1443)
at android.app.ContextImpl.enforceCallingOrSelfPermission(ContextImpl.java:1475)
at android.content.ContextWrapper.enforceCallingOrSelfPermission(ContextWrapper.java:675)
at com.android.providers.media.MediaProvider.enforceCallingOrSelfPermissionAndAppOps(MediaProvider.java:6793)
at com.android.providers.media.MediaProvider.checkAccess(MediaProvider.java:5570)
at com.android.providers.media.MediaProvider.ensureFileExists(MediaProvider.java:4381)
at com.android.providers.media.MediaProvider.getAlbumArtOutputUri(MediaProvider.java:5834)
at com.android.providers.media.MediaProvider.makeThumbInternal(MediaProvider.java:5976)
at com.android.providers.media.MediaProvider.getThumb(MediaProvider.java:5897)
at com.android.providers.media.MediaProvider.openFile(MediaProvider.java:5466)
at android.content.ContentProvider.openAssetFile(ContentProvider.java:1427)
at android.content.ContentProvider.openTypedAssetFile(ContentProvider.java:1607)
at android.content.ContentProvider.openTypedAssetFile(ContentProvider.java:1673)
at android.content.ContentProvider$Transport.openTypedAssetFile(ContentProvider.java:430)
at android.content.ContentProviderNative.onTransact(ContentProviderNative.java:313)
at android.os.Binder.execTransact(Binder.java:458)
I have take permission for Android m both in manifest and in Java, and I'm not using any function of write external storage but then also it is showing this error.
On Android >=6.0, We have to request permission runtime.
Step1: add in AndroidManifest.xml file
Step2: Request permission.
Step3: Handle callback when you request permission.
Check this one: Permission at Run Time
Edit: I think you have similar Issue:
you must add this permissions
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
to AndroidManifest.xml file
It might be because some of the devices are running Android 6.0 or higher and others are not.
See https://developer.android.com/training/permissions/requesting.html
If the device is running Android 5.1 or lower, or your app's target SDK is 22 or lower: If you list a dangerous permission in your manifest, the user has to grant the permission when they install the app; if they do not grant the permission, the system does not install the app at all.
If the device is running Android 6.0 or higher, and your app's target SDK is 23 or higher: The app has to list the permissions in the manifest, and it must request each dangerous permission it needs while the app is running. The user can grant or deny each permission, and the app can continue to run with limited capabilities even if the user denies a permission request.

Android - Workaround the ACCESS_CONTENT_PROVIDERS_EXTERNALLY permission?

I'm building an application which gives this exception because i call some internal methods
Permission Denial: Do not have permission in call getContentProviderExternal() from pid=2520, uid=10047 requires android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY
java.lang.SecurityException: Permission Denial: Do not have permission in call getContentProviderExternal() from pid=2520, uid=10047 requires android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY
I did some search and i knew that android OS gives this permission only for the shell users,
I wonder if there exists any workaround this ..
Is there anything that would allow me to trick android and makes my application looks like a shell user?
Note: I tried to add the permission in the manifest file but obviously it didn't work.

Android SecurityException: no permission to uri

I try from my app to query content provider of an other app (not my app).
The provider in that app is defined with:
android:readPermission="android.permission.BIND_APPWIDGET"
android:grantUriPermissions="true"
From my app i added the user permission android.permission.BIND_APPWIDGET to manifest file but i get:
java.lang.SecurityException: Permission Denial: opening provider com.* from ProcessRecord{427afe60 29052:*/u0a72} (pid=29052, uid=10072) requires android.permission.BIND_APPWIDGET or com.*.ACCESS
Does anyone have and idea?
You can't give your application BIND_APPWIDGET since that is a signature|system permission. See the Android core resources manifest for more information.

Categories

Resources