I'm trying to grant some runtime permissions to my app automatically, these include ACCESS_FINE_LOCATION, READ_PHONE_STATE as well as ACTION_MANAGE_OVERLAY_PERMISSION. Do note that this requires at least Device Administrator access rights, which I have.
While the first two work flawlessly via
dpm.setPermissionGrantState(componentName, "com.my.app", Manifest.permission.READ_PHONE_STATE, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED);
dpm.setPermissionGrantState(componentName, "com.my.app", Manifest.permission.ACCESS_FINE_LOCATION, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED);
ACTION_MANAGE_OVERLAY_PERMISSION does not work at all. I believe this might be due to the fact that it's not part of Manifest.permission but instead android.settings.action.MANAGE_OVERLAY_PERMISSION. However it still is a permission that I want to be granted automatically.
Edit: While it seems that this permission is granted automatically to any app that requests it, this only is the case for apps distributed via the playstore. Unfortunately my App is NOT distributed that way.
include ACCESS_FINE_LOCATION, READ_PHONE_STATE as well as ACTION_MANAGE_OVERLAY_PERMISSION
ACTION_MANAGE_OVERLAY_PERMISSION is not a permission.
but instead android.settings.action.MANAGE_OVERLAY_PERMISSION
That is not a permission. That is an Intent action.
The permission that you probably want is SYSTEM_ALERT_WINDOW.
I was able to automatically grant this permission, from my device owner app:
devicePolicyManager.setPermissionGrantState(compName, this.packageName, Manifest.permission.SYSTEM_ALERT_WINDOW, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED)
You also need in your manifest:
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
After this Settings.canDrawOverlays() returns true, and the permission is granted in the settings app. Although unlike other permissions granted this way, it seems like the user can choose to disable it in settings. My targetSdkVersion is 26
It is a new behaviour introduced in Marshmallow 6.0.1.
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
If instead the app is sideloaded, the permission is not automatically granted. You can try to download and install the Evernote APK from apkmirror.com. As you can see you need to manually grant the permission in Settings -> Apps -> Draw over other apps.
These are the commits [1] [2] that allow the Play Store to give the automatic grant of the SYSTEM_ALERT_WINDOW permission.
Related
Throughout my app I request permissions runtime, but for the READ_SMS permission, I would like to have that permission enabled on download from playstore. How can I request permissions from play store install instead of at runtime?
You can't. It used to be that all permissions were granted at install time. Now, important permissions like that can only be granted at runtime. This is to improve the user's security, allow them to prevent apps from accessing data they don't want to share without realizing it, and allow them to revoke permissions when no longer applicable.
I have an Application which is published by an APK, not through the Google play store.
Its takgetSdkVersion is 23.
On a 23(Marshmallow) device, I installed the Application with the APK(release build type) file and then I looked the permission setting of my Application right away.
It shows me that all permissions are enabled as a default.
Is it normal?
Permissions are divided into several protection levels which affects the requirement of runtime permission requests.There are three protection levels which are taken into consideration for third-party apps: Normal, Signature, and Dangerous permissions.
Normal permissions
System automatically grants the app that permission at install time
Signature permissions
The system grants these app permissions at install time, but only when the app that attempts to use a permission is signed by the same certificate as the app that defines the permission.
Dangerous Permissions
The user has to explicitly grant the permission to the app by prompting the user to grant permissions at runtime.
Note:
Since the permissions request-approve model has been enforced since Android Marshmallow, apps have targetSdkVersion < 23 won't have to implement it. Prior to marshmallow the permissions were granted at install time.
It shows me that all permissions are enabled as a default.
Is it normal?
No, its not normal. You might have granted the permissions previously and you are just updating the current version of app. Re-verify your targetSdkVersion.
I am developing an app and the manifest has included permissions INTERNET and SEND_SMS. There was no asking of permissions when the apk was installed by Android Studio to either an emulator or a real phone.
When I ran the app, which sends an SMS, there was a permission exception. I had to go to Settings, Apps and under Permissions, there is an option to enable SMS. After I enabled it, the app could send SMS'es.
When the app made a network call using HttpUrlConnection, it completed successfully! Under Settings Apps, there is no option for network or Internet or the like.
Why is it that making a network communication does not require any permission by the user?
Under Settings, Apps, why is there only one permission, SMS, listed for my app?
It's the developer responsibility to request the permission at the runtime.
Before accessing any danger permission. (Runtime Permission are supported from Android M(6.0))
Not all the permission need to be requested from the user. Only Danger Permission needs an approval from the user. Normal and Danger Permsission
Please follow this guide Runtime Permission
The permissions model was changed in Android 6.0. If the app targets API 23 or above than you need to request the user for the permissions in runtime. If the app targets below API 23 than the app gets the permissions during intall.
There are some permissions like "INTERNET" that will always be during intall.
You're running your app in Android SDK>=23.
Internet permission is under Normal permission so it does not show any permission prompt but Camera permission is under Dangerous Permission so it shows permission prompt.
If an app declares that it needs a normal permission, the system automatically grants that respective permission to the app.
Refer:
Reference -
Android Permissions
StackOverflow
Permission Requests
After all the hassle of searching on google, I have managed to request storage permission, to make my apps "compliant" with the new permission system introduced in android Marshmallow. But now, I noticed, I actually didn't need to make all that effort as permissions get granted by the system automatically without requesting. Just having the permissions in Manifest was enough.(seen while installing ES File Explorer, or my own apps). Is it necessary to ask for permissions on Android 6+?
This is what my Manifest.xml looks like:
android:versionCode="100"
android:versionName="1.0.0" >
<uses-sdk android:minSdkVersion="14" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
PS: I am using a Samsung Galaxy S7
Do we actually need to request permissions?
No. If you set target API to 22 or below(ANdroid 5.x) the permission system isn't set up and thus, when downloading the app the user has to grant every permission to download the app.
HOWEVER
The user can still revoke any permission on the "dangerous"-level. If your app uses any of these, you can't ask for them back either. In addition, it will cause crashes as the app will not be programmed to handle what happens when the app doesn't have access to the permissions.
You only need to ask for permission on the permissions that have the danger-level of "Dangerous". "normal"-permissions are granted automatically and can not be revoked. Here is a list of the dangerous permissions that you need to ask for.
Considering:
Revoking
User security(and privacy conserns from users who really care about this)
it is best to ask for permissions. This will also prevent crashes when permissions are revoked. even targeting API 22 and below, the permissions can still be revoked and cause problems where ever you call something that require these permissions.
Only when targeting API 23, and requesting permissions, can you control your app. You can ask for permissions where you need them, and without access you can block features and also let the user know what the permission is being used for, and giving the user the feeling that the permission isn't being used for something malicious or privacy-violating.
As mentioned in this answer to your question:
Yes, We need to request permission from user. Beginning in Android 6.0 (API level 23), users grant permissions to apps while the app is running, not when they install the app.
It is not a requirement, but if you target API 22(Android 5) the permissions are still asked for when the app is installed. A lot of apps would not be allowed to install if apps that targeted API 22 were "incompatible" with ANdroid 6.
If the device is running Android 5.1 or lower, or your app's target SDK is 22 or lower: If you list a dangerous permission in your manifest, the user has to grant the permission when they install the app; if they do not grant the permission, the system does not install the app at all.
Apps targeting Android 5.x and lower will still install the same way on Android 6: You cannot allow or disallow single permissions on install if the app targets API 22. Permissions can be revoked from settings, but no permissions can be blocked from install when it is targeting API 22.
In ANdroid Manifest, you still have to list all your permissions, both normal and dangerous. If the app targets API 23, it will require all the permissions on Android 5.x and lower, and request on API 23 and up(remember to check if the user is on API 23 or up before requesting).
To summarize:
Requesting is not a requirement. It is, however, a good idea to do so and make sure you design the app to only do what it has permission to. Thus: You do not have to request permissions, but it is a very good idea to do it.
When targeting API 23, no permissions are granted automatically. You have to ask for them. When targeting API 22, the permissions are automatically granted and consented to when the user installs the app.
Also note:
Android is progressing fast. Android 7(API 24 &25) also use the permission system. In a few years, all Android-devices may run on the permission system, at which point it is a good idea to already have integrated the permission-system into your app.
Yes, We need to request permission from user.
Beginning in Android 6.0 (API level 23), users grant permissions to apps while the app is running, not when they install the app. This approach streamlines the app install process, since the user does not need to grant permissions when they install or update the app. It also gives the user more control over the app's functionality; for example, a user could choose to give a camera app access to the camera but not to the device location. The user can revoke the permissions at any time, by going to the app's Settings screen.
System permissions are divided into two categories, normal and dangerous:
Normal permissions do not directly risk the user's privacy. If your app lists a normal permission in its manifest, the system grants the permission automatically.
Dangerous permissions can give the app access to the user's confidential data. If your app lists a normal permission in its manifest, the system grants the permission automatically. If you list a dangerous permission, the user has to explicitly give approval to your app.
However, the effect of that declaration is different depending on the system version and your app's target SDK level:
If the device is running Android 5.1 or lower, or your app's target SDK is 22 or lower: If you list a dangerous permission in your manifest, the user has to grant the permission when they install the app; if they do not grant the permission, the system does not install the app at all.
If the device is running Android 6.0 or higher, and your app's target SDK is 23 or higher: The app has to list the permissions in the manifest, and it must request each dangerous permission it needs while the app is running. The user can grant or deny each permission, and the app can continue to run with limited capabilities even if the user denies a permission request.
I read that with Android 6.0, users need to manually allow apps to hold this permission by going to app advanced settings and enabling "Draw over other apps". I have a Nexus 5 with Android 6.0 but I don't seem to be prompted to enable this setting. When I install apps from the Play Store that require this permission, such as LastPass, it gets granted automatically.
Why is this so?
It is a new behaviour introduced in Marshmallow 6.0.1.
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
If instead the app is sideloaded, the permission is not automatically granted. You can try to download and install the Evernote APK from apkmirror.com. As you can see you need to manually grant the permission in Settings -> Apps -> Draw over other apps.
[The above information is from this post.]
If you want the app to be sideloaded, you show manually show a prompt and direct the user to enable Draw over other apps permissions from the settings. Have a look at Requesting permissions
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
Click here! This may help
There are mainly two types of permissions, they are
Normal Permissions
Dangerous Permissions
Normal permissions indicates that there's no great risk to the user's privacy or security in letting apps have those permissions. For example, users would reasonably want to know whether an app can read their contact information, so users have to grant this permission explicitly. By contrast, there's no great risk in allowing an app to vibrate the device, so that permission is designated as normal.
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps. For example, the ability to read the user's contacts is a dangerous permission. If an app declares that it needs a dangerous permission, the user has to explicitly grant the permission to the app.
In this case, SYSTEM_ALERT_WINDOW comes under Normal permissions, that is if an app declares in its manifest that it needs a normal permission, the system automatically grants the app that permission at install time. The system does not prompt the user to grant normal permissions, and users cannot revoke these permissions.
You can see the list of normal permissions in this link and dangerous permissions here.