I'm currently studying the new permissions' system from Android (M and over). I need to find a way to see what permissions from all apps have been already consented by the user. For example, if a permission belongs to the dangerous protection level, I need to know if the user was already prompted with the accept/deny dialog (note that I know if that permission is currently denied or granted).
For now, I've discovered that if a permission has a dangerous protection level and it is currently granted, that means that the user has already consented to this permission (since denied is the default on the dangerous level). But if the permission is currently denied, the user may have decided to deny the permission or it may still be the default value (permission was not yet used/prompted to the user). Similarly, if the permission is from the normal protection level and it is currently denied, then the user explicitly denied this permission (since the default is granted). And so on for the other groups.
To sum up what I'm asking: I have access to all packages and all granted and denied permissions. What I want to know is if I have a way to know if the packages' permissions are consented by the user or if it is still the default value.
Thank you very much for any help. Let me know if you need any code or any further explanation.
Related
requestPermissions(permissionsToRequest.toArray(new String[permissionsToRequest.size()]), 101);
In Android, after Marshmallow version, is there any way to turn on dangerous permissions like accessing device's fine location, camera or microphone automatically without user's consultation? If not, why is it so? What is the reason behind it?
I wish I would be able to closely monitor my iPad by using my smartphone while I am at office and it would be good if it were possible to do it without user's consultation. I also know that once an app is installed and if a user accepts for a dangerous permission at least once, then it would not prompt for it again.
By the way, why it is known as dangerous permission and not something like sensitive permission, as it intrudes user's privacy and makes it possible to access stored files on any given user's mobile device?
Dangerous permissions
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps. For example, the ability to read the user's contacts is a dangerous permission. If an app declares that it needs a dangerous permission, the user has to explicitly grant the permission to the app. Until the user approves the permission, your app cannot provide functionality that depends on that permission.
To use a dangerous permission, your app must prompt the user to grant permission at runtime. For more details about how the user is prompted, see Request prompt for dangerous permission.
I have read Dengerous permission and Normal permission as well. but I didn't find this permission anywhere. I just want to know what kind of permission is it?
WRITE_SETTINGS
added in API level 1
String WRITE_SETTINGS
Allows an application to read or write the system settings.
Note: If the app targets API level 23 or higher, the app user must explicitly grant this permission to the app through a permission management screen. The app requests the user's approval by sending an intent with action ACTION_MANAGE_WRITE_SETTINGS. The app can check whether it has this authorization by calling Settings.System.canWrite().
Protection level: signature
Constant Value: "android.permission.WRITE_SETTINGS"
Special Permissions
There are a couple of permissions that don't behave like normal and dangerous permissions. SYSTEM_ALERT_WINDOW and WRITE_SETTINGS are particularly sensitive, so most apps should not use them. If an app needs one of these permissions, it must declare the permission in the manifest, and send an intent requesting the user's authorization. The system responds to the intent by showing a detailed management screen to the user.
Source: https://developer.android.com/guide/topics/permissions/requesting.html#perm-groups
The protection level is signature. You must ask the user to be granted this permission if your API level is greater than or equal to 23.
You can find the documentation on all permissions here,
and you can find the documentation for the permission you specified here.
I'm trying to grant some runtime permissions to my app automatically, these include ACCESS_FINE_LOCATION, READ_PHONE_STATE as well as ACTION_MANAGE_OVERLAY_PERMISSION. Do note that this requires at least Device Administrator access rights, which I have.
While the first two work flawlessly via
dpm.setPermissionGrantState(componentName, "com.my.app", Manifest.permission.READ_PHONE_STATE, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED);
dpm.setPermissionGrantState(componentName, "com.my.app", Manifest.permission.ACCESS_FINE_LOCATION, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED);
ACTION_MANAGE_OVERLAY_PERMISSION does not work at all. I believe this might be due to the fact that it's not part of Manifest.permission but instead android.settings.action.MANAGE_OVERLAY_PERMISSION. However it still is a permission that I want to be granted automatically.
Edit: While it seems that this permission is granted automatically to any app that requests it, this only is the case for apps distributed via the playstore. Unfortunately my App is NOT distributed that way.
include ACCESS_FINE_LOCATION, READ_PHONE_STATE as well as ACTION_MANAGE_OVERLAY_PERMISSION
ACTION_MANAGE_OVERLAY_PERMISSION is not a permission.
but instead android.settings.action.MANAGE_OVERLAY_PERMISSION
That is not a permission. That is an Intent action.
The permission that you probably want is SYSTEM_ALERT_WINDOW.
I was able to automatically grant this permission, from my device owner app:
devicePolicyManager.setPermissionGrantState(compName, this.packageName, Manifest.permission.SYSTEM_ALERT_WINDOW, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED)
You also need in your manifest:
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
After this Settings.canDrawOverlays() returns true, and the permission is granted in the settings app. Although unlike other permissions granted this way, it seems like the user can choose to disable it in settings. My targetSdkVersion is 26
It is a new behaviour introduced in Marshmallow 6.0.1.
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
If instead the app is sideloaded, the permission is not automatically granted. You can try to download and install the Evernote APK from apkmirror.com. As you can see you need to manually grant the permission in Settings -> Apps -> Draw over other apps.
These are the commits [1] [2] that allow the Play Store to give the automatic grant of the SYSTEM_ALERT_WINDOW permission.
I read that with Android 6.0, users need to manually allow apps to hold this permission by going to app advanced settings and enabling "Draw over other apps". I have a Nexus 5 with Android 6.0 but I don't seem to be prompted to enable this setting. When I install apps from the Play Store that require this permission, such as LastPass, it gets granted automatically.
Why is this so?
It is a new behaviour introduced in Marshmallow 6.0.1.
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
If instead the app is sideloaded, the permission is not automatically granted. You can try to download and install the Evernote APK from apkmirror.com. As you can see you need to manually grant the permission in Settings -> Apps -> Draw over other apps.
[The above information is from this post.]
If you want the app to be sideloaded, you show manually show a prompt and direct the user to enable Draw over other apps permissions from the settings. Have a look at Requesting permissions
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
Click here! This may help
There are mainly two types of permissions, they are
Normal Permissions
Dangerous Permissions
Normal permissions indicates that there's no great risk to the user's privacy or security in letting apps have those permissions. For example, users would reasonably want to know whether an app can read their contact information, so users have to grant this permission explicitly. By contrast, there's no great risk in allowing an app to vibrate the device, so that permission is designated as normal.
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps. For example, the ability to read the user's contacts is a dangerous permission. If an app declares that it needs a dangerous permission, the user has to explicitly grant the permission to the app.
In this case, SYSTEM_ALERT_WINDOW comes under Normal permissions, that is if an app declares in its manifest that it needs a normal permission, the system automatically grants the app that permission at install time. The system does not prompt the user to grant normal permissions, and users cannot revoke these permissions.
You can see the list of normal permissions in this link and dangerous permissions here.
for example,my app requests a permission in Manifest file,like android.permission.WRITE_EXTERNAL_STORAGE,how can i check whether the permission is denied by user or some security apps?
Call context.checkCallingPermission(permission)
permission -- The name of the permission being checked, as a String
Returns PERMISSION_GRANTED if you have the permission, or PERMISSION_DENIED if not.
See checkCallingPermission
As noted in the docs and the comments, there are some subtleties here.
Right now, android asks for the user to accept all the permissions an app asks for in the manifest on installation. In the upcoming M release, android will switch over to the iOS style of permissions with an "on needed" basis. (For certain permissions. See #Commonsware's comment for more details) Meaning whenever the user tries to use a feature that requires permission it will ask them to accept or deny. If they hit deny I imagine there will be an sdk positive and negative response button interface to implement.
As for right now in your dilemma, if the user rejects permissions they won't be able to use your app period.
You can use checkCallingPermission() to check weather the runningtime permission is denied by users or some apps.