I'm trying to use a custom permission created by another application (Bazaar) in my app (It's a permission to use a market com.farsitel.bazaar.permission.PAY_THROUGH_BAZAAR). Normally it works right.
But if Bazaar is installed after my application. My app won't get the custom permissions (Which are created by Bazaar) and throws exception. I want to know If anybody else has faced a similar problem and what solutions do you have to it?
This is a desired behaviour.
In the textbook, Android Security Internals: An In-Depth Guide to Android's Security Architecture by Nikolay Elenkov(2014) said:
The system can only grant a permission that it knows about, which
means that applications that define custom permissions need to be
installed before the applications that make use of those permissions
are installed. If an application requests a permission unknown to the
system, it is ignored and not granted.
BTW, permissions are assigned to each application at the install time by PackageManager, it maintains some information of installed packages, such as package name, version and permissions, these info are stored in /data/system/packages.xml. If you want to query all permissions on device, you can try pm list permissions.
Related
I'm trying to get all the permission of 3rd party apps in real time. I can get static permissions from the manifest file but want to know is it possible to obtain live permission access from other apps. is it possible to get from the system log files?
XPrivacy is a tool which is able to inform you about permissions asked by any app on your device. You can allow the permission or deny it. It's more of a privacy tool but it can show you permissions of any app currently running.
If you plan on installing XPrivacy, you better use this installer
I'm building an Android app, and one of the permission I need is defined as:
android:protectionLevel="signature|system|development"
How do I get the signature protection level? Do I need to sign my application somehow?
Do I need to sign it with OEM ? (Samsung\HTC\LG)?
signature means that to be able to get access to the resource, your app have to be signed with the same certificate that the holder of the permission. If this is not your app you are trying to connect to, then you basically are out of luck. If that's system one then you are out of luck even more, This is documented here:
"signature"
A permission that the system grants only if the
requesting application is signed with the same certificate as the
application that declared the permission. If the certificates match,
the system automatically grants the permission without notifying the
user or asking for the user's explicit approval.
EDIT
Im trying to read logcat file through my application. this requires
the permission android.permission.READ_LOGS
You cannot access logs on stock ROM that are not created by your application. That's introduced for security reasons, so would not make sense to let you get it just because you need it. If you build own ROM, then you can have it, but then you should know this already.
I've just created a very simple Android application that captures an Intent, manipulates it a bit, and sends out a new Intent. I transferred the app to my phone with adb install, and now looking at the app's requested permissions, I'm seeing that it requires permissions I never asked for:
read phone status and identity
modify or delete the contents of your USB storage
test access to protected storage
There's nothing in my manifest file requesting permissions, and the app itself is dead simple (here's the source on GitHub). Are these extra permissions added because I installed it with adb install, perhaps? Or is there something in my app that merits requiring these permissions that I'm just not seeing?
You are missing a <uses-sdk> element with android:minSdkVersion. These permissions were added to Android after its initial release, and apps supporting very old Android devices have these permissions "grandfathered in".
You really should add <uses-sdk> and add android:minSdkVersion, saying how old of an Android device (from an API level standpoint) you are willing to support.
I am trying to use another third party application into my application. Basically using some of the services from third party app. But these services need custom permissions defined in the third party application. So I have added those permission in my applications manifest file.
Suppose if my application is installed before installing the third party application then it won't get those permissions and so if I try to access the services from third party app, I am getting Security exception.
Is there a way to ask for permissions again or any other suggestions.
The permissions you request in your manifest are the permissions your app will receive regardless of when it is installed. Period. The permissions granted to another application are accessible by that application only. If there is a permission you need to use, it should be in your manifest. If it is there, permission will be requested from the user upon installation.
This is actually a known limitation of custom permissions. Even if both apps where yours, the one that defines the custom permission needs to be installed first, otherwise you will get an exception. If you control both apps, you need to define it in both apps. Otherwise, there is really no workaround: a permission needs to be know to the system to be granted.
BTW, you can use a third-party permission, as long as it is not a signature permission, requiring your app to be signed with the same key.
I'm working on an app which contains some scripting support. The scripts executed by this app might require all sorts of permissions in the future, but it's difficult to predict which ones.
Is there a way to request additional permissions at runtime (like iPhone apps sometimes do) instead of specifying them all in advance in AndroidManifest.xml?
According to the Android documentation:
The permissions required by an
application are declared statically in
that application, so they can be known
up-front at install time and will not
change after that.
The Android M introduces a new app permissions model which streamlines the process for users to install and upgrade apps. If an app running on the M supports the new permissions model, the user does not have to grant any permissions when they install or upgrade the app. Instead, the app requests permissions as it needs them, and the system shows a dialog to the user asking for the permission.
User Grants Permissions at Run-Time: When the app requests a permission, the system shows a dialog to the user, then calls the app's callback function to notify it whether the permission was granted. If a user grants a permission, the app is given all permissions in that permission's functional area that were declared in the app manifest.
For more information check this link.