I've been learning about the new permission model for Android Marshmallow however I have some confusion about the storage permissions.
android.permission-group.STORAGE is a dangerous permission which we must ask the user for.
In my use case, I am just writing to my app's private directory in the external storage.
I've read that for KitKat, we do not need to request these permissions if I am just storing data related to my app only.
I can just use Context.getExternalFilesDirs()
But this is for API 19 / 20
My app targets 16 so I'm assuming the above does not apply to me.
my main question is that I use the Glide library for image caching and the Android download manager to download a file which will be stored in my app's external directory so how do I handle the external storage permission for these components and do I need to if i am just using my app's private directory?
To write data to external storage that are app-private you need to use the WRITE_EXTERNAL_STORAGE permission on anything below API 19. Add this to your manifest:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" android:maxSdkVersion="18" />
Since Android 4.4 (API 19) you don't need this but if your application supports lower APIs as you said, then you need the above. More on android storage options can be found here.
Related
I want to find an updated answer that works from android 5/6/7 to 13 with less possible permission. I know there are answers like Android saving file to external storage storage but those are very old.
You can understand accessing and storing files on android better from the google's official documentation here, mainly app-specific storage vs permission requirement, i.e. if you want to save file which are app specific, you won't need permission whether it being internal or external storage, but if you want to access locations which are not your app-specific, you will need permission for both internal and external storage.
Also, this behavior of permission requirement has been adopted after a particular API level, so you can start writing you code as per your targetSdk version and keep including options down to your minSdk versions and have a common method for permission for reusing it wherever is required.
I'm creating a file manager app for which I need the All files access permission and for which the target SDK has to be 30 and above as per play store requirements. Will having the MANAGE_EXTERNAL_STORAGE permission be enough for my use on all the android versions i.e work for android 10 devices and below or is it only applicable for android 11+?
If no,how do I gain such access for android 10 and below devices since the storage access framework won't be adequate for my purpose.
Short answer: READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE are enough for your use case in pre Android 11 devices.
Long answer: Prior to the introduction of Android 10, there was no such thing as scoped storage; that is READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE would be sufficient for a file manager since you wouldn't be restricted to reading your app's dirs. After Android 11, Google changed things and "scoped" your write access to your dirs and your dirs alone (unless you got MANAGE_EXTERNAL_STORAGE and got the user to consent to all files access in system prefs).
Can we write data to external storage without adding write permission in the manifest ? Does Storage access Framework or Download manager gives any support for this?
It depends where you want to write the files and what SDK(s) you are targeting. If you want to write the files in your app's external directories (getExternalFilesDir(String) and getExternalCacheDir()) and you are targeting SDK19+, then the permission is not required. If you want to write in other areas or targeting SDK<19, then you need the permission. HOWEVER, based on my experience, there is a bug in some Lollipop versions out there that is causing the permission to still be required. So I usually put <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" android:maxSdkVersion="22"/> in my manifest.
Short answer: no. If there was an easy way to bypass required permissions they'd be pretty pointless. See the documentation below:
https://developer.android.com/training/basics/data-storage/files.html
To write to external storage, you need permission to write to external storage.
Why would you want to take an action you haven't received permission for anyway?
Maybe FileProvider is what you are looking for.
FileProvider is part of Support Library, available for all Android versions starting 2.3. The main goal of this API is to temporary open a private file to some targeted apps: you keep the file in your private folder, and let some other apps read or even write it via a secured ContentProvider. Permissions are revoked when your activity is destroyed.
More info
In my android app, I save some files to Environment.getExternalStorageDirectory() + "\MyApp" directory. This worked fine until android 6 marshmallow update. After marshmallow update, I cannot write to this directory.
As described in this answer, in marshmallow, apps need to ask for the permission from user at runtime before writing to external storage.
But, when I use context.getExternalFilesDir(null) instead of Environment.getExternalStorageDirectory(), I don't need to ask for any permission at runtime and it just works (path returned from context.getExternalFilesDir(null) is also inside the external storage directory).
Is this some kind of a coincidence or can I continue to write to context.getExternalFilesDir(null) without asking permission at runtime?
The documentation states:
Starting in KITKAT, no permissions are required to read or write to
the returned path; it's always accessible to the calling app. This
only applies to paths generated for package name of the calling
application. To access paths belonging to other packages,
WRITE_EXTERNAL_STORAGE and/or READ_EXTERNAL_STORAGE are required.
You will have read/write access to getExternalFilesDir() on Android 4.4+ without requiring any permissions.
I would recommend using a FileProvider if you need to support lower API levels.
<uses-permission
android:maxSdkVersion="18"
android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
reference: uses-permission-element
As i know PERMISSIONS are presented started since Android 6 and above
So no need to check permissions for API 16
Is it possible to write an android application than can gain access to files and documents on an android device and modify them (delete if possible), not necessarily resource files used by the OS but general user documents, provided that the user of the device allowed the application to do this?
PS. This is not for any unethical use but for academic purposes. :)
As long as you have the permission for it, you'll have no issues.
The OS segregates storage into two categories - Internal and External. Quoting the documentation:
External storage is the best place for files that don't require access
restrictions and for files that you want to share with other apps or
allow the user to access with a computer.
In order to read and write files there, you'll need this permissions on your manifest file:
<manifest [...]>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
</manifest>
WRITE_EXTERNAL_STORAGE is API Level 4, but 'starting API level 19, this permission is not required to read/write files in your application-specific directories returned by getExternalFilesDir(String) and getExternalCacheDir()' - catch being that files that your application creates there are considered private to the application.