Can someone tell me where in the docs it goes over how to ask for permissions to access the file system or other media?
If an app doesn't ask for permission during installation, this means it does not have permissions to ask for any data other than its own isolated storage space?
Permissions
If you're using Android 5.1 or lower all the permissions your app requires have to be declared on the AndroidManifest.xml file. As you can see on the docs.
Example:
<manifest xlmns:android...>
...
<uses-permission android:name="android.permission.INTERNET" />
<application ...>
...
</application>
</manifest>
If you didn't declare a permission on your manifest file, it was impossible to request a new one after installation, unless you updated your app requestion new permissions.
But that changed on Android 6.0 (API Level 23), where you can request permissions at runtime.
From the docs:
Beginning in Android 6.0 (API level 23), users grant permissions to
apps while the app is running, not when they install the app. This
approach streamlines the app install process, since the user does not
need to grant permissions when they install or update the app. It also
gives the user more control over the app's functionality; for example,
a user could choose to give a camera app access to the camera but not
to the device location. The user can revoke the permissions at any
time, by going to the app's Settings screen.
So instead of asking for all permissions on app install:
Starting from Android 6.0, permissions can also be requested like this:
For more information, check the training guide or this link.
File access
If you want to have write access the external file storage, you have to declare a permission for that, as it's stated on the docs.
To write to the external storage, you must request the
WRITE_EXTERNAL_STORAGE permission in your manifest file.
Example:
<manifest ...>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
...
</manifest>
And if you just want to read it, all apps already have that ability, but it might change in the future, so it's better to use this permission instead:
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
Every thing you need to know about system permissions is located here in the documentation :
Working with System permissions
Starting at API 23 (Marshmallow), the system will not ask permission at install time but at runtime when the developer thinks the permission is needed.
Related
I'm updating an app that doesn't need to use the camera or to record audio. I've removed the permissions from the manifest but the upload fails with
Your APK or Android App Bundle is using permissions that require a
privacy policy: (android.permission.CAMERA,
android.permission.RECORD_AUDIO).
I can see in generated manifests that the permissions get "injected".
This hasn't worked:
<uses-permission android:name="android.permission.CAMERA" tools:node="remove"/>
How do I stop that, or how do I tell the app that I will never, ever, ever want to use the camera?
I have an app in playstore and that app doesn't require any permission except
<uses-permission android:name="android.permission.VIBRATE"/>
Then why does my app uploaded to play store ask for access to photos/media/files even I have not written it in Manifest file.
https://developer.android.com/about/versions/android-1.6.html
WRITE_EXTERNAL_STORAGE: Allows an application to write to external storage. Applications using API Level 3 and lower will be implicitly granted this permission (and this will be visible to the user); Applications using API Level 4 or higher must explicitly request this permission.
Changed my minSdkVersion to 5 not id does not ask for any such permission.
I have an Android app,but when user click "Install" button,the app install directly and it didn't prompt up to ask for permission for user to accept directly.So,I need to request permission during runtime.
But what I need to do,when user click "Install" button,request all the permission needed before the app start downloading from Google Play just like the image below:
So far my manifest is look like this
<uses-feature android:name="android.hardware.camera" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
So what I need to add in order to achieve this?
You are welcome to have your targetSdkVersion below 23, which will force the request for permissions at install time.
Over time, seeing this permission dialog at install time will signal to prospective users that your app is obsolete and not being maintained. An increasing number of those prospective users will elect to not install your app as a result.
Also, bear in mind that users can still remove your requested permissions via the Settings app.
The runtime permissions was introduced since 5.0 Android.
The reason that most of users don't read permissions while installation.
So, all up-to-date API have to use runtime permissions.
Even default apps such as Google maps require runtime permissions.
https://developer.android.com/training/permissions/requesting.html
If you don't want to use runtime permissions you have to use old API version. but you have to check. Your app may crash.
For devices with android < 6.0 permissions are request at installation.
For devices with android > 6.0 permissions are request at runtime.
So if you want your app compatible with devices below and above 6.0, you need to declare permission in your Manifest.xml and request permission at runtime too.
The official guide
After all the hassle of searching on google, I have managed to request storage permission, to make my apps "compliant" with the new permission system introduced in android Marshmallow. But now, I noticed, I actually didn't need to make all that effort as permissions get granted by the system automatically without requesting. Just having the permissions in Manifest was enough.(seen while installing ES File Explorer, or my own apps). Is it necessary to ask for permissions on Android 6+?
This is what my Manifest.xml looks like:
android:versionCode="100"
android:versionName="1.0.0" >
<uses-sdk android:minSdkVersion="14" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
PS: I am using a Samsung Galaxy S7
Do we actually need to request permissions?
No. If you set target API to 22 or below(ANdroid 5.x) the permission system isn't set up and thus, when downloading the app the user has to grant every permission to download the app.
HOWEVER
The user can still revoke any permission on the "dangerous"-level. If your app uses any of these, you can't ask for them back either. In addition, it will cause crashes as the app will not be programmed to handle what happens when the app doesn't have access to the permissions.
You only need to ask for permission on the permissions that have the danger-level of "Dangerous". "normal"-permissions are granted automatically and can not be revoked. Here is a list of the dangerous permissions that you need to ask for.
Considering:
Revoking
User security(and privacy conserns from users who really care about this)
it is best to ask for permissions. This will also prevent crashes when permissions are revoked. even targeting API 22 and below, the permissions can still be revoked and cause problems where ever you call something that require these permissions.
Only when targeting API 23, and requesting permissions, can you control your app. You can ask for permissions where you need them, and without access you can block features and also let the user know what the permission is being used for, and giving the user the feeling that the permission isn't being used for something malicious or privacy-violating.
As mentioned in this answer to your question:
Yes, We need to request permission from user. Beginning in Android 6.0 (API level 23), users grant permissions to apps while the app is running, not when they install the app.
It is not a requirement, but if you target API 22(Android 5) the permissions are still asked for when the app is installed. A lot of apps would not be allowed to install if apps that targeted API 22 were "incompatible" with ANdroid 6.
If the device is running Android 5.1 or lower, or your app's target SDK is 22 or lower: If you list a dangerous permission in your manifest, the user has to grant the permission when they install the app; if they do not grant the permission, the system does not install the app at all.
Apps targeting Android 5.x and lower will still install the same way on Android 6: You cannot allow or disallow single permissions on install if the app targets API 22. Permissions can be revoked from settings, but no permissions can be blocked from install when it is targeting API 22.
In ANdroid Manifest, you still have to list all your permissions, both normal and dangerous. If the app targets API 23, it will require all the permissions on Android 5.x and lower, and request on API 23 and up(remember to check if the user is on API 23 or up before requesting).
To summarize:
Requesting is not a requirement. It is, however, a good idea to do so and make sure you design the app to only do what it has permission to. Thus: You do not have to request permissions, but it is a very good idea to do it.
When targeting API 23, no permissions are granted automatically. You have to ask for them. When targeting API 22, the permissions are automatically granted and consented to when the user installs the app.
Also note:
Android is progressing fast. Android 7(API 24 &25) also use the permission system. In a few years, all Android-devices may run on the permission system, at which point it is a good idea to already have integrated the permission-system into your app.
Yes, We need to request permission from user.
Beginning in Android 6.0 (API level 23), users grant permissions to apps while the app is running, not when they install the app. This approach streamlines the app install process, since the user does not need to grant permissions when they install or update the app. It also gives the user more control over the app's functionality; for example, a user could choose to give a camera app access to the camera but not to the device location. The user can revoke the permissions at any time, by going to the app's Settings screen.
System permissions are divided into two categories, normal and dangerous:
Normal permissions do not directly risk the user's privacy. If your app lists a normal permission in its manifest, the system grants the permission automatically.
Dangerous permissions can give the app access to the user's confidential data. If your app lists a normal permission in its manifest, the system grants the permission automatically. If you list a dangerous permission, the user has to explicitly give approval to your app.
However, the effect of that declaration is different depending on the system version and your app's target SDK level:
If the device is running Android 5.1 or lower, or your app's target SDK is 22 or lower: If you list a dangerous permission in your manifest, the user has to grant the permission when they install the app; if they do not grant the permission, the system does not install the app at all.
If the device is running Android 6.0 or higher, and your app's target SDK is 23 or higher: The app has to list the permissions in the manifest, and it must request each dangerous permission it needs while the app is running. The user can grant or deny each permission, and the app can continue to run with limited capabilities even if the user denies a permission request.
As mentioned in the documentation, the WRITE_EXTERNAL_STORAGE permission should not be a requirement starting from API level 19. Hence, I've written this to the manifest:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"
android:maxSdkVersion="18"/>
However, when running my app which uses Google Maps V2 and thus needs access to the external storage, I get a SecurityException:
java.lang.SecurityException: The Maps API requires the additional following permissions to be set in the AndroidManifest.xml to ensure a correct behavior:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
The phone I'm running the app is KitKat (4.4) which is API level 19. To my understanding, the app should be able to run fine without the permission. Why do I get the error anyway?
the WRITE_EXTERNAL_STORAGE permission should not be a requirement starting from API level 19
Only if you are using methods on Context, like getExternalFilesDir(), to get at standard locations on external storage that are specific for your app. For other locations, such as the paths reported by methods on Environment, you still need the permission.
Or, to quote the documentation that you linked to:
For example, beginning with Android 4.4 (API level 19), it's no longer necessary for your app to request the WRITE_EXTERNAL_STORAGE permission when your app wants to write to its own application-specific directories on external storage (the directories provided by getExternalFilesDir()).
Also, third-party libraries are welcome to require that you have this permission for their own reasons.
Why do I get the error anyway?
It looks like MapsV2 is validating that you have the permission as part of its setup process. That is the prerogative of MapsV2. Perhaps they are looking to work with external storage outside of the limited areas that do not require this permission. Perhaps they aren't but failed to update the permission check in their code. MapsV2, being closed source, is difficult to analyze for this sort of thing.
According to the WRITE_EXTERNAL_STORAGE documentation (emphasis mine):
Starting in API level 19, this permission is not required to
read/write files in your application-specific directories returned by
getExternalFilesDir(String) and getExternalCacheDir().
The Google Maps API is presumably using directories on the external storage that are not specific to your application, and thus you need to include the permission for all API levels.