I am following the instructions found here at android developer. These instructions say to add these two lines of code into the manifest:
<manifest ... >
<uses-permission android:name="android.permission.ACCOUNT_MANAGER" />
<uses-permission android:name="android.permission.INTERNET" />
...
</manifest>
The problem is that I now get an error on the "ACCOUNT_MANAGER" line saying "Permission is only granted to system apps".
My application is not going to be a system application and I need to authenticate to OAuth2 services. How can it be possible that ANY app that uses OAuth2 needs to be a system application?
Does anyone know how to use ACCOUNT_MANAGER without requiring my application to be a "system application"?
I've looked at this question and this question. They say that, for the permissions they have listed, the error is a "fake" error message. Does anyone know if the 'ACCOUNT_MANAGER error is a fake message? Can I tell the compiler to ignore this like the suggestions in these other posts?
From documentation
String ACCOUNT_MANAGER
Allows applications to call into AccountAuthenticators.
Not for use by third-party applications.
ACCOUNT_MANAGER permission can only be granted to system app
If your app requires AccountManager, you can create an AccountAuthenticator service like in this tutorial
Or you can request MANAGE_ACCOUNTS permission as explained in this answer
MANAGE_ACCOUNTS: The API documentation is not that clear about this
permission. But according to Bryans answer, an app can only
delete/modify an account it created itself. Of course it can create
any new account, and manage that.
Related
I installed a new application to release it to the play console. I installed Apk. First, I uploaded it to the open beta channel, but it always seems to be under review.
Later, after installing each apk, I get an e-mail about application permissions, they say that they do not comply with their privacy and sensitivity policies.
These appear in the permissions required by apk on the play console:
android.permission.ACCESS_NETWORK_STATE, android.permission.INTERNET, android.permission.READ_EXTERNAL_STORAGE, android.permission.WAKE_LOCK, android.permission.WRITE_EXTERNAL_STORAGE, com.google.android.c2dm.permission.RECEIVE
This is the content of mail:
Requested permissions do not match core functionality of the app
You declared Select Carrier Services and Device Automation as the core functionality of your app. However, after review, we found that your app does not match the declared use case(s). Learn more about permitted uses and exceptions.
Please either:
Make changes to your app so that it meets the requirements of the declared core functionality or,
Select a use case that matches your app’s functionality
Sensitive permission
Your app does not qualify for use of the requested permissions. Permission requests should make sense to users. You may only request permissions that are necessary to implement critical current features or services in your application. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes.
This is the my AndroidManifest.xml and permissions:
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
If anyone has an idea or can help I would be very glad.
Although I changed it 8 times and installed the apk, I did not get approval for how many days and I constantly receive the mail I sent the content above, every time I send an apk..
I just installed the OneSignal package and set it up like it is described in the docs. However, OneSignal always has/gets permissions from the user although there is no popup coming app asking the user for permissions. Maybe thats the usual way Android works but I am used to a popup asking for permissions (I am an iOS user).
Isn't Android asking the user for push notification permissions? Is that usual? And is that even machting with the GDPR regulations?
Or is all I need the AndroidManifest.xml which is taking care of asking for permissions?
Cause when I am installing my .apk on my test device Android IS NOT asking for further permissions although in the AndroidManifest.xml I am asking for push notification permission and location permissions!
This is the install screen:
This is the OneSignal code for the AndroidManifest.xml:
<!-- Optional - Add the necessary permissions (Choose one of those) -->
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/> <!-- Approximate location - If you want to use promptLocation for letting OneSignal know the user location. -->
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/> <!-- Precise location If you want to use promptLocation for letting OneSignal know the user location. -->
<!-- End optional permissions -->
<application ....>
<activity
android:name=".MainActivity"
android:label="OneSignal Example"
android:launchMode="singleTop"> <!-- Add this attribute to your main activity -->
</activity>
.....
In Android you only have to ask for permissions that they class as dangerous.
https://developer.android.com/guide/topics/permissions/overview
Only dangerous permissions require user agreement. The way Android
asks the user to grant dangerous permissions depends on the version of
Android running on the user's device, and the system version targeted
by your app.
You can find a table here that lists of permissions that are currently classed as dangerous.
https://developer.android.com/guide/topics/permissions/overview#permission-groups
Push Notifications is clearly missing from this list so you do not need to ask the user for permission to send them push notifications.
With regard to any other permissions, if OneSignal wants access to them and they are classed as dangerous (e.g. location) then the only way for them to get it is to show a dialog requesting the permission to access that information. Otherwise they won't have access to that information.
In iOS the system of permissions is much more rigorously controlled and before you do most things you have to ask permission.
this isn't really a big problem. I've got an Android App that stores user's passwords on a SQLite Database. So last week I launched an update that allows the user to export those passwords to their Google Drive. To do this, I've used the Google Drive Android API. I didn't add any special permission to the Application Manifest (AndroidManifest.xml) and it works fine (tested on KitKat4.4). But one of my friends told me that it might not work on Android 6.0+, because I should always ask for permissions. But I checked some samples and none of them had those permissions on the Manifest. Do you guys think it's necessary to add permissions? Perhaps INTERNET or GET_ACCOUNTS?
If you are using the Google Drive Android API you don't need INTERNET or GET_ACCOUNTS permissions.
The API automatically handles previously complex tasks such as offline access and syncing files. This allows you to read and write files as if Drive were a local file system.
Check the official Quickstart and the demos sample on GitHub. None of them is having special permissions in the AndroidManifest.xml.
BUT if you are using the Google Drive REST API for Android then you need INTERNET permission for sure.
If you follow the tutorials on Drive API using Android, you will see in the Step 4:Prepare the project that you need to add the permissions below in your code.
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
The permission "android.permission.INTERNET" is used if you want your application to connect/perform network operation.
For the "android.permission.GET_ACCOUNTS", it's stated in this documentation that:
Note: Beginning with Android 6.0 (API level 23), if an app shares the
signature of the authenticator that manages an account, it does not
need "GET_ACCOUNTS" permission to read information about that account.
On Android 5.1 and lower, all apps need "GET_ACCOUNTS" permission to
read information about any account.
For more information about different meaning/uses of android permission, check this page.
According to the Google Maps API documentation, INTERNET and ACCESS_NETWORK_STATE permissions will be automatically merged to project's manifest, meaning you don't have to specify them by yourself as long as calling API over Google Play services.
Couldn't find the same description for Google Drive API, though.
I have an app which use GCM and Billing. In order to make it Android M-ready i'm trying to implement the new permission model.
Unfortunately i can't find any informations about GCM and Billing permissions.
They don't appear in the normal permission list and are obviously not available with Manifest.permission.* because they are not under android.permission namespace.
Nevertheless , we still have to declare them in the manifest
<uses-permission android:name="com.android.vending.BILLING">
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE">
So how those permissions should be handled ? Are they automatically granted ?
Those permissions are granted automatically at install time:
checkSelfPermission("com.android.vending.BILLING") returns PERMISSION_GRANTED without ever asking the user.
As far as I understood the documentation and the behaviour of the most recent M preview, the only permissions that have to be requested at runtime are the ones that have a permission group, since the popups that are prompted to the user only mention permission groups.
I want to try some different ad providers for my android app.
Some of them want a lot permissions in the manifest which I don't always find appropriate.
(of course they all need android.permission.INTERNET since they fetch ads from their servers)
For example: Millenial Media wants android.permission.WRITE_EXTERNAL_STORAGE; a lot of other provider want android.permission.ACCESS_COARSE_LOCATION.
If I don't grant these permissions in the manifest does the app work correct anyway or could this cause problems?
And do I get ads from these providers anyway without these manifest-permissions?
Edit: it's hard to test all SDK's of the ad providers. For MoPub I know it still works if I don't give them android.permission.ACCESS_COARSE_LOCATION - and I get ads from them.
I think I will only get an Error when their SDK-Code is trying to use a Method which needs a permission - but they could catch this. So my question is more:
Do all ad providers handle this correct? And will they then refuse to send ads in general?
Edit-2:
Has anyone had errors/crashes because he didn't grant special permissions requested from the ad-providers SDK?
App will work fine but you will not get the adds.
these are compulsions , you need to add permissions in Android Manifest file .... its compulsion
From the official doc
If an application needs access to a feature protected by a permission,
it must declare that it requires that permission with a
<uses-permission> element in the manifest. Then, when the application
is installed on the device, the installer determines whether or not to
grant the requested permission by checking the authorities that signed
the application's certificates and, in some cases, asking the user. If
the permission is granted, the application is able to use the
protected features. If not, its attempts to access those features will
simply fail without any notification to the user.
This is the complete list of permissions you have to provide according to your needs