If I download an Android application, is it possible for one application to download the data of another application?
If an application asks permission for:
"Allow ABC to access photo, media, and files on your device"
Does giving permission mean it can now download all my personal photos?
Which files is it getting access too, my Gmail app's content i.e potentially all my emails?
is it possible for one application to download the data of another application?
That depends entirely on what "the data of another application" means:
All apps that request permission can access external storage, so if one app writes something to external storage, other apps can read it.
Apps cannot read the content of another app's internal storage or removable storage, except on rooted devices.
Apps can access anything published by another app via some API (e.g., a ContentProvider), subject to whatever security controls the app put on that API.
If an application asks permission for: "Allow ABC to access photo, media, and files on your device" Does giving permission mean it can now download all my personal photos?
If those "personal photos" are on external storage, then yes.
my Gmail app's content i.e potentially all my emails?
Not unless Gmail has a security flaw, or the app is using some API published by the Gmail app. In the latter case, usually some specific permission is required.
Related
Issue: Need to use Media Store API or No Access to Files
You have requested access to All Files Access permission but it appears that your app's core feature requires access to only Media Files or does not need access to any Files. In case your app needs access to Media Files, with the MediaStore API, apps can contribute and access media that's available on an external storage volume without the need for the access all files permission.
Please update your app so that the feature uses Media Store APIs and remove All Files Access (MANAGE_EXTERNAL_STORAGE) permission.
Policy: All Files Access Permission
Files and directory attributes on a user's device are regarded as personal and sensitive user data subject to the Personal and Sensitive Information policy and the following requirements:
Apps should only request access to device storage which is critical for the app to function, and may not request access to device storage on behalf of any third-party for any purpose that is unrelated to critical user-facing app functionality.
Android devices running Android "R" (Android 11) or later, will require the MANAGE_EXTERNAL_STORAGE permission in order to manage access in shared storage. All apps that target R or later and request broad access to shared storage ("All files access") must successfully pass an appropriate access review prior to publishing. Apps allowed to use this permission must clearly prompt users to enable "All files access" for their app under "Special app access" settings. For more information on the R requirements, please see this help article.
Read more about Use of All Files Access Permission
See Android storage use cases and best practices and how to access media files from shared storage
Address this issue in the Play Console.
I am working on whats-app status saver app, i don't understand how i can make it work on android 11. As storage all storage access got restricted and google rejected my update due to use of All files access (MANAGE_EXTERNAL_STORAGE) permission.
But i tested another app, which is working fine and even saving files at root directory too. This app ask for this permission Allow access to photo, media and files
and when i check permissions in app setting it says app has access to management of all files. Even app has all files permission never show me this screen to get full files access.
Just use Storage Access Framework to let the user pick the required directory.
ACTION_OPEN_DOCUMENT_TREE
I want to check if an app has been installed on a device before by writing a file into internal storage. Later on when user even re-installs the app, I can check the existence of the file(I'll write the file to some system folder that user won't bother with) to see if user has installed the app before.
I just want to know if this is do-able, or is Android against doing things like this? Do I need any permission from user to do this?
I do not want to user any hardware-specific identifier such as IMEI or Android ID. I also don't want to use Instance ID as it will get reset upon re-installation of the app.
You don't need permission to read/write files to the Internal storage of the app. However, once the user uninstall the app, any file stored in the Internal storage of the app is also deleted.
To do what you're trying to do, you would have to write a file to the external storage - which you need permission for.
Have a read through this:
https://developer.android.com/training/data-storage/files
I have an app that expects the user to buy content, and I want this content to be installed by the user by downloading payed apps that write the needed content to a directory, shared between the main app and all the present and future content apps.
Is there a way to authorize the main app and the content apps to access in read/write to that directory, while giving to all other generic apps only read authorization?
The main and the content apps share the certificate, could this be used for this job?
as per Google documentation,
By default, files saved to the internal storage are private to your
application and other applications cannot access them (nor can the
user). When the user uninstalls your application, these files are
removed.
Source: http://developer.android.com/guide/topics/data/data-storage.html
By default implies that it is only temporary and can be modified. So is there any way to modify this permission to allow your app to read internal storage files from other Apps ?
I am willing to access /data/data/com.Whatsapp to access my encryption key to study how Whatsapp actually generates the key and i need to done this using my App, not a rooted phone or anything.
So is there any way to modify this permission to allow your app to read internal storage files from other Apps ?
No. In the quoted passage above, please see the "nor can the user" part. You, as a user, do not have rights to access those files, let alone change permissions on them. The exception is a user who roots their device.