I have an app that expects the user to buy content, and I want this content to be installed by the user by downloading payed apps that write the needed content to a directory, shared between the main app and all the present and future content apps.
Is there a way to authorize the main app and the content apps to access in read/write to that directory, while giving to all other generic apps only read authorization?
The main and the content apps share the certificate, could this be used for this job?
Related
The docs talk about app-specific files and others like media files. Android is a multi-user environment, right?? It seems that in some instances at least, multiple users on a device all use the same instance of the app (google apps for instance). The Docs talk about "Files meant for your app's use only" i.e. app-preferences. How does android deal with user preferences for an app? Are most apps just single-user? In the case of a tablet for instance, does each user in the family have to install their own instance of an app?
Android is a multi-user environment, right?
Yes.
It seems that in some instances at least, multiple users on a device all use the same instance of the app (google apps for instance)
If you mean the same installed APK (or APK set), then yes.
How does android deal with user preferences for an app?
If you mean SharedPreferences, they are stored on internal storage. Each user gets their own view of internal storage, independent from that of any other registered user on the device. So, if there are 1,337 users, and each have used the app, there will be 1,337 SharedPreferences files, one per user.
In the case of a tablet for instance, does each user in the family have to install their own instance of an app?
No. However, depending on circumstances, some users may not have access to all of the installed apps (e.g., restricted profiles).
If I download an Android application, is it possible for one application to download the data of another application?
If an application asks permission for:
"Allow ABC to access photo, media, and files on your device"
Does giving permission mean it can now download all my personal photos?
Which files is it getting access too, my Gmail app's content i.e potentially all my emails?
is it possible for one application to download the data of another application?
That depends entirely on what "the data of another application" means:
All apps that request permission can access external storage, so if one app writes something to external storage, other apps can read it.
Apps cannot read the content of another app's internal storage or removable storage, except on rooted devices.
Apps can access anything published by another app via some API (e.g., a ContentProvider), subject to whatever security controls the app put on that API.
If an application asks permission for: "Allow ABC to access photo, media, and files on your device" Does giving permission mean it can now download all my personal photos?
If those "personal photos" are on external storage, then yes.
my Gmail app's content i.e potentially all my emails?
Not unless Gmail has a security flaw, or the app is using some API published by the Gmail app. In the latter case, usually some specific permission is required.
My company provides a number of Android applications that all need a central preferences entity. For example "user_id" which is an integer that would be the same across all applications. Now the user can have 1 or any number of my company's applications installed in any order.
What we've been doing is having a central file in the sdcard/Android/data directory. But this can be cumbersome as this external directory may need to be removed at uninstall time. I would like to provide a solution where uninstalling this external directory would not be necessary.
My first choice is a ContentProvider. But where we can have 1 or more applications installed in any order, I'm not sure this is feasible. And ALSO what would happen if you installed application 'A' which has a content provider, and then installed application 'B' which I guess would use that content provider provided by 'A', and after that user uninstalls application 'A'?
Being that I'm not an expert at content providers in Android, is this the way to go? Would there be another way I could do this without using an external file?
Thanks
/Loren
I am writing an app where one user will write a file through this app and share it with other users using a link. Other users will read the file using same mobile app. I am using 'Drive API for Android' to use the offline writing and incremental updates feature so that readers will be able to download only that part of file which is newly added or updated instead of full file download every time.
But unfortunately the file/folder created by this app by one user is not accessible through the same app on other devices. I am using method Drive.DriveApi.fetchDriveId with the folder id and getting following error message.
"Drive item not found, or you are not authorized to access it."
File/folder is accessible on same device with same id, but not accessible on other device, which indicates that second part of error message is the real reason.
With the current scope (Drive.SCOPE_FILE), I was hoping that file will be accessible as it is created by the same app, but it is not working.
So my question is "does Google Drive store device information also while creating files/folders and doesn't allow the same app on different devices to use it?" If not, it must be my mistake in the implementation, which I can debug further.
I had a similar issue but not with an android app but a JavaScript app (should not matter IMO) and I wanted to access a shared file not a folder. However, I guess my workaround could help you as well.
The first approach is using the full auth scope (see https://developers.google.com/drive/web/scopes)
https://www.googleapis.com/auth/drive
But that is not really desired since you should request as few rights as possible from your users. My work-around was therefore as follows:
I used the Drive UI Integration
Goto https://console.developers.google.com/apis/api/drive/drive_sdk
select the "Drive UI Integration" tab
fill out the form, I have used the following:
"Application Name"
The mandatory "Application icons"
activated "Automatically show OAuth 2.0 consent screen when users open my application from Google Drive" and entered my "CLIENT ID"
used a dummy url for "Open Url" (e.g., http://example.com)
provided a default file extension (this way your app will be suggested afterwards when the user opens a file)
save your changes
Add the following scope to your app
https://www.googleapis.com/auth/drive.install
The users will install your app when approving the requested rights
Request your users to open the shared files with your "dummy" app in the google drive folder, which will grant your app access to the file (as stated here: https://developers.google.com/drive/web/scopes -- https://www.googleapis.com/auth/drive.file = Per-file access to files created or opened by the app) -- notice that the user will see an error message when opening your dummy app. You should probably implement an open url with something saying "thank's for granting access to the file xYZ".
your app is now able to access the shared file.
I know, it is not very user-friendly but it works (at least now, might be that this is not intentional)
If you know a way to automatically open a file with an app by invoking some URL, then please let me know. (yet, that would kind of be a security issue in the Google API, so I guess it is not possible).
Since it is somewhat cumbersome, I will propose the following two options to the user (so she/he can decide on her/his own):
Give the app full access and don't be concerned about this issue at the cost of privacy (I am certainly not evil and would not do anything with the files, but might be that someone can hack my app and get access to the accounts and then... well, then the user would have wished to give my app less rights.)
Give only install rights in addition but with the pain to open every single file which the app needs access to. In my case this is relatively rare so it should not really bother the user.
I hope that helps.
Assuming this as a limitation of Drive API for Android, I am switching to Drive REST API. I found the functionality I was looking for in the Drive REST API i.e. incremental updates to the file and resumable downloads. Just that I need to manage some of the things on my own.
In that way, Drive REST API is complete and it can provide all the functionalities whereas Drive API for Android is constrained with lot of limitations. With no answers to my questions, I am assuming that it is not possible to share files with other users through Google Drive using Drive API for Android.
You can add full permissive drive scope -
https://www.googleapis.com/auth/drive
request scope using -
.requestScopes(new Scope("https://www.googleapis.com/auth/drive"))
instead of
.resuestScopes(Drive.SCOPE_FILE)
as per Google documentation,
By default, files saved to the internal storage are private to your
application and other applications cannot access them (nor can the
user). When the user uninstalls your application, these files are
removed.
Source: http://developer.android.com/guide/topics/data/data-storage.html
By default implies that it is only temporary and can be modified. So is there any way to modify this permission to allow your app to read internal storage files from other Apps ?
I am willing to access /data/data/com.Whatsapp to access my encryption key to study how Whatsapp actually generates the key and i need to done this using my App, not a rooted phone or anything.
So is there any way to modify this permission to allow your app to read internal storage files from other Apps ?
No. In the quoted passage above, please see the "nor can the user" part. You, as a user, do not have rights to access those files, let alone change permissions on them. The exception is a user who roots their device.