We are moving our app to SDK 23 and realize that we need to explicitly handle permissions in the code.
Instead of going through the entire code base, is there a best practice (or an IDE shortcut) that would help us determine all the places where we may need to use 'ContextCompat.checkSelfPermission' for each permission in the app?
If you are using Android Studio try this:
1- Click on Hector the Inspector (the small icon of a man with a moustache at the very bottom-right of Android Studio). This will show up an option to Configure inspections.
2- Type 'Permissions' into the searchbar, and ensure that "Constant and Resource Type Mismatches" is checked.
3- Run Analyse > Inspect Code.
You need to check for permission each time you use the functionnality who requires it, because you do not know witch path the user will follow in your app.
Remove all permissions node in Manifest, test your app and identify every time you get a permission denied error.
In Android studio 2.2 a new feature is implemented to make it easier to move your app to SDK 23. It is still work in progress howerver.
It is shown here. It adds an option to the refactor menu, which automatically implements the necessary permission checks.
Related
We have a custom ROM for a device we are making and what I want to do is make our own custom Settings app to replace the settings app that comes already built in android.
I cant really find any documentation on how to even create a system app. It does not appear you can create it in Android Studio, I tried looking on the AOSP site and didnt find anything there related to creating system apps. The few things I did find were on here where you would put android:sharedUserId="android.uid.system" in your manifest and then has to be signed with the same key as the ROM but after that I cant find anything.
The settings app I want to create would need access to the framework.jar to be able to use the hidden framework API's.
Does anyone have any information or know where I can find this information on how to go about actually creating a system app?
You may want to research how to make a Device Tree Overlay (dto). Basically it is your code, reformatting the base code, into what you want. https://source.android.com/devices/architecture/dto?hl=en
Since you said you use Gradle, you should put first build you apk and put them in you vender folder, and next important thing is to create a mk/bp file to tell the Android build system how to deal with this pre-built apk.
P.S. If you system app highly depends on Android hidden api, make sure you have the right version of framework.jar in you Android Studio project, or, as what I alway did, create apps directly in AOSP, in this case, you can just check the code structure of the original Settings app in AOSP
this tutorial may help you.
I set my gradle for min API 18 and Tagret API23.
I use the new permission system as need for API23 and also write all the require permission in the manifest as in the old days.
On Device use API23 it is work O.K.
But when I put the APK on device with 5.1.1 also it show me all the require permission during installation and i accept it, it is look that it doesn't get them in the application itself.
I also check in the application setting of this APK on the device and see all the permission are there (there is no checkbox so I assume if it is written it is enable).
Does the new permission system together with the old way (permission in manifest ) has to addapt automaticly to the device API level, or I need to make any check during the application runtime?
I figure it out by myself. For install the new APK I have to remove the older one completely. If I just go to the setting->Application found the app and delete it by “remove completely” it is not enough. I have to go to the actionBar on top in the same window and by the 3 buttons ask to “remove for all users”. Only then it doesn't have any trace and when I install the new APK it gets the right permission automatically.
If I wanted to research how and where permissions [requested in the Mainfest.xml] were used in an Android app for the purposes of removing them is there an easy way of doing this? Does lint or findbugs offer some sort of support for tracking permissions used/abused in a project?
I came from the future to save your lives.
Here (in the future), LINT does check for missing permissions as you can see on LINT checks.
So, go to your AndroidManifest.xml and remove all tags <uses-permission> using Android permissions (meaning, don't delete permissions that belong to your app, such as UA_DATA and C2D_MESSAGE).
Then run LINT analysis. Click on Analyze then Inspect Code...
Look under Android -> Constant and Resource Type Mismatches
You should see all missing permissions.
Then you can just right-click them and select Apply fix "Add Permission". If you select this option, Android Studio will include one permission for every error. So you'll end up with multiple copies of the same permission on your Manifest file, just delete the duplicates. You can do it manually too.
Here is the description of the LINT rule:
ID ResourceType
Description
This inspection looks at Android API calls that have been annotated with various support annotations (such as RequiresPermission or UiThread) and flags any calls that are not using the API correctly as specified by the annotations. Examples of errors flagged by this inspection:
Passing the wrong type of resource integer (such as R.string) to an API that expects a different type (such as R.dimen).
Forgetting to invoke the overridden method (via super) in methods that require it
Calling a method that requires a permission without having declared that permission in the manifest
Passing a resource color reference to a method which expects an RGB integer value.
...and many more. For more information, see the documentation at http://developer.android.com/tools/debugging/annotations.html
I'm using Android Studio 2.1.2.
In your app manifest file you should have a tab "Merged Manifest" there you can see your final manifest and the permissions you request you can click on a permission to see where it came from. (who added it - ex': sdk or what code it came from)
There is also a simple way to remove a permission by adding to manifest:
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"
tools:node="remove" />
Also remember to add the tools at the top:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="...">
The way I would do it for an app for which I didn't write the code would be to remove the permissions one by one and test the app end-to-end each time. When it fails, narrow it down. If not, that permission may not be used.
You will have to try removing them one by one and checking i fthe app still works OK. This is not checked by lint in any way (it should be).
When they come back (they are currently down), you can upload your apk to this website (if that's ok with you) and let them statically analyse the permissions you are using: http://www.android-permissions.org/
Best way is to understand what the may actually do. If it is ever going to use the camera then you know you need the camera permission.
Or you could just learn what your app does and then go through the permissions and see which ones are extra. What does your app do, what phone features does it use. There should be some documentation somewhere on what it should do and what methods are in there
i have used eclipse, android sdk and phonegap to create a small application. I give it a test and create a test.apk package.
What i ma wondering is where can i set up some details about this app, like who made it, the app name, the version, an icon maybe, any other things i might need to setup.
I have a AndroidManifest.xml file and when i open it i get a nice gui but i don't know what to modify there
Im not sure what i need to set up and even if i need to.
A good tutorial is much appreciated. Thanks
You can set most of those things in the manifest file. If you want to include this information in your code, add license headers in all your classes, use java-doc etc.
If you want this information to be accessible in your app like from 'About' button, you have to handle it yourself.
Take a look at this example.
This details are to be filled when you upload it to android market. I dont think you set them in AndroidManifest.xml ! you can see the xml code , by clicking on the "source code" tab just below the UI .
Here's a tutorial that describes managing AndroidManifest.xml, the app name and icons from our AppLaud Eclipse plugin for PhoneGap Android.
What algorithm is used in Android Gesture recognition?Can I get the source code anywhere?
I will be using android gestures recognition feature and I need to know what are the basic requirements or criteria for Gesture recognition?How does it predict a score against matching gestures?Does it depend on number of gesture strokes?? or the size of gesture strokes?
Try checking the Android Api Source code
Is this what you're looking for? https://android.googlesource.com/platform/frameworks/base/+/master/services/java/com/android/server/accessibility/TouchExplorer.java
You can use IBM Wearables SDK for Android
it allows you to record gestures and then recognise them in your app
for more info:
https://github.com/ibm-wearables-sdk-for-mobile/ibm-wearables-android-sdk
I can't tell you how exactly it works since I haven't tried understanding the code and not sure if I'm capable at my current skill level. But to get the code in androidStudio (don't know if you are using that but maybe it's similar in other software?).
Create a GestureDetector:
private GestureDetector mDetector;
Select the GestureDetector, right click and goto Declaration (CTRL+B).
It takes you to the code. Inside that code you can also select methods and right click go to their declaration.
If it shows you that you don't have the code, I think something pops up to install it. If not you can install it like this:
Tools -> Android -> SDK Manager. In the tab SDK Platforms click on show package details below. Select sources you want to install. You can install sources for multiple versions so you can also check code of older versions if you'd want to.
You can also directly check the files on your computer, the path is something like this for example (if on windows):
C:\Users\yourUserName\AppData\Local\Android\Sdk\sources\android-22\android\view <-here is for example view code for android api level 22