I need to Turn ON/OFF Mobile data programmatically. For this issue I need to use MODIFY_PHONE_STATE permission.
As we know in latest Android versions it's not possible for non-rooted phones unless the app has system rights.
I know that exists some workaround how to sign the app as system app. But as I understand it's not possible to publish such app at the Play Store.
My question is the next - is it possible to get system rights officially? If it is possible which way I have to go to get them?
THe only way to get them is a rooted device, or to build the device image yourself. The idea of system permissions is that only apps which are trusted by the creator of the system (the OEM) can request them. You can also get them by rooting the device, because of how they're granted (its based on the directory the app is installed in, which can be accessed if you have root). But there is no way to do it without root or without creating your own OS image.
MODIFY_PHONE_STATE is a system-only permission so there's no way to get that permission unless you root your phone.
Related
I am building an application which needs to understand the reason behind a particular call dropping out. I found this API (https://developer.android.com/reference/android/telephony/PhoneStateListener#onCallDisconnectCauseChanged(int,%20int)) which does exactly what I need it do. However, it requires the Manifest.permission.READ_PRECISE_PHONE_STATE permission which upon further digging here (https://android.googlesource.com/platform/frameworks/base/+/refs/heads/master/core/res/AndroidManifest.xml) has the protection level signature|privileged and I am unable to grant this permission to my app.
I have rooted the device and used adb to transfer the apk file from the /data folder into /system/priv-app. The app opens fine however, I get a security exception when I try and register the listener. I have followed the advice here (https://source.android.com/docs/core/permissions/perms-allowlist#:~:text=Starting%20in%20Android%208.0%2C%20manufacturers,The%20privapp%2Dpermissions.) and setup a permissions.xml for my app in the /etc/permissions folder but this has had no impact.
I have full control over every device the app will run on so rooting etc is not a problem.
Is there any difference in the privileges of an Android DPC application and a system application? Will a system application be able to perform all the functions that a DPC can perform such as setting the device to Single Use Mode?
Well, there is no-such difference in privileges as far as the Android system is concerned.
If you look at the Android Platform Architecture, you will find that the even a normal user app have the same access to all the system resources as a system app.
Apps included with the platform have no special status among the apps the user chooses to install. So a third-party app can become the user's default web browser, SMS messenger, or even the default keyboard (some exceptions apply, such as the system's Settings app).
You can read about more differences in system and user app here.
Also, another interesting point to note is that on a production device there are only 3-processes that run as root, the Zygote, the app_process and the adbd (though it doesn't allow root access directly using adb). That means, all other apps run under their own user_id with different permissions and since Android doesn't differentiate between apps, two apps having same permissions are allowed same privileges and access to resources, regardless of the fact whether it is a system app or a user app.
Now, to answer your question, if a system app has the same privileges as the DPC app, then yes the app would be able to perform the given task (like setting the device to Single Use Mode) same as the DPC without any problem.
As a side note, if you are planning to create a DPC for you organisation, using the DPC SUpport Library is better than creating and shipping a system app.
P.S. To change a System setting your app would need the WRITE_SETTINGS permission.
How to create application auto reboot device with not rooted device?
I used method reboot in PowerManager with permission
<uses-permission android:name="android.permission.REBOOT" />
so occur error "neither user 10039 nor current process has android.permission.REBOOT"
May be reason is only system applications and applications signed with the same key that was used to sign the firmware will be able to get that permission.
Please suggest me a better way to create application auto reboot.
You cannot do a reboot from an ordinary SDK application. Only applications signed with the system firmware signing key can do this.
Copied from this answer,
Programmatically switching off Android phone
You need the system key to sign your app. See this post for details;
How to compile Android Application with system permissions
Reference and original answer here
I list all permissions of the new installed application on Android device. But I want to detect when an application uses these permission. For example, I installed an app and it uses READ_CALENDAR permission. It is not always read my calendar data. I want to detect the time it reads my calendar data. Is it possible?
No, I don't think this is possible. You would need to be able to monitor each external app, and you don't have the ability to know what they are doing (due to security restrictions on Android). In other words, your app doesn't have the ability to monitor the actions of other apps (not written by you) on the device.
I don't think you have access to the system at the level you would need to perform this (this may be possible on a Rooted phone, but I think that would still be difficult).
When you write an app you have to insert in the android manifest all the possible "uses permissions", for all the functionality that your app will use.
When someone installs your app, before the installation procedure, he can read all the permissions used from the app. If you accept to install it, the app will use all those permissions listed.
How to reset android phone to original status by program?
or Can we use adb to trigger sth?
Many thanks for replying~
Apart from through the Device Administration API, you cannot simply invoke a call and completely factory reset a device, that I'm aware of.
There happens to be a android.permission.MASTER_CLEAR permission, but in order for the system to actually grant you that, your app will need to have 'signature' or 'signatureOrSystem' permissions, according to a Google Groups thread. The only way to get one of those is to sign the app against the same certificate as the system, which basically means you either have to work for a device manufacturer or compile and sign your own firmware.
I remember that on API8 (2.2) or later, through the DeviceAdmin API, you can perform a factory reset.
But this is extremely dangerous to the users, isn't it?