According to Google's official document
https://developers.google.com/cloud-messaging/android/client#add-config
Your + ".permission.C2D_MESSAGE" permission to prevent other Android applications from registering and receiving the Android application's messages. The permission name must exactly match this pattern—otherwise the Android application will not receive the messages.
If we declare permission pattern wrong for example: PACKAGE_NAME.gcm.permission.C2D_MESSAGE
our app should not recieve any notifications. But i can receive notifications. How is it possible?
Does system only looks for a permission ends with .C2D_MESSAGE?
Related
How do i retreive RCS messages in android. I can retreive SMS/MMS using contentproviders, is there any URI for RCS messaging availlable for android?
I found that my device has this contentprovider availlabe so I tried using this :
Uri.parse("content://com.gsma.services.rcs.provider.chat/chatmessage")
but this gives me a Security Exception like This :
java.lang.SecurityException: Permission Denial: opening provider com.sec.internal.ims.servicemodules.tapi.service.provider.ChatProvider from ProcessRecord{31c3db7 9607:com.sol.testsms/u0a403} (pid=9607, uid=10403) requires com.gsma.services.permission.RCS or com.sec.imsservice.WRITE_IMS_PERMISSION
after adding the permissions stated in the error message I still get the error.
Can anyone help with this?
I try to develop anti-smishing solution, which listen in background and analyze new SMS.
If I'm not default SMS app, I can only read the SMS.
I found information about some exceptions in use of SMS permission group for Anti-Phishing, where I have access not only to read, but also to write.
How does it work? For now I'm not able to write or edit any SMS in Android Studio. When Google accepts my request/form I will have some extra code for exception or something like it?
https://support.google.com/googleplay/android-developer/answer/10208820?hl=en&ref_topic=2364761#zippy=%2Cwyj%C4%85tki
My questions specific only for Android 6 (starting from v23 of SDK). I need to get all SMS, even draft for future processing. Nothing special here, used the following peace of code:
context.getContentResolver().query(Uri.parse("content://sms/"),
new String[] {...}, null, null, null)
And this work perfect for Android 5, meaning that I get all SMS messages including draft. But at all devices with Android 6, I get only sent and received messages and NO DRAFT. Try to make my app default SMS before trying to query SMS – but no luck, at Android 6 i still cannot get draft messages. What the problem?
I've already found some related posts
SMS missing from content provider results on Android Marshmallow
But this do not solve my issue at all.
For Marshmallow you need to add run time permissions to read messages .
Check permission like this
int permissionCheck = ContextCompat.checkSelfPermission(getApplicationContext(), Manifest.permission.READ_SMS);
If permission denied tha ask at run time like that
ActivityCompat.requestPermissions(this, new String[]{{Manifest.permission.READ_SMS}, PERMISSIONS_REQUEST_READMESSAGE);
to access draft this is URI for content provider.
Content provider for draft is
content://sms/draft
Note: dont forget to add permissions
<uses-permission android:name="android.permission.READ_SMS"></uses-permission>
I believe what your looking for is found in this answer. It provides a list of URI's for accessing the different SMS boxes. The one specifically for the draft SMS messages is
content://sms/draft
Query on URI content://sms/draft will return only the draft messages that are stored in SMS provider.
Default android messaging application implementation stores the draft messages within the application and will not add the drafts to SMS provider.
Only the draft messages that are part of SMS provider (can added using SMSManager's hidden API addTextMessageDraft) will be returned as results when query on URI content://sms/draft is performed.
I've a problem with content provider and custom permissions.
Let's suppose that App A have a content provider containing wonderful informations. These informations are a little bit intrusive, that's why it's better to have a permission to read them.
Let's suppose that App B is a 3rd party application and want to access to the content provider of A.
Let's suppose that the permission to read into the content provider is "com.custom.a.readpermission".
In A manifest, there is :
<permission android:name="com.custom.a.readpermission"/>
<provider android:name="com.a.provider.MyProvider"
android:exported="true"
android:authorities="com.a.provider.MyProvider"
android:readPermission="com.custom.a.readpermission"/>
In B manifest, there is :
<uses-permission android:name="com.custom.a.readpermission"/>
So, now, if I install A; after, I install B. B can access to the data.
But, if I install B before A, I get :
java.lang.SecurityException: Permission Denial: opening provider com.a.provider.MyProvider requires com.custom.a.readpermission
So, how to manage a custom permission in that case ?
So, how to manage a custom permission in that case ?
Your primary options are:
Use a built-in system permission, as opposed to a custom one. This is a good idea in general, if the nature of the sensitive data is similar to other data already defended by built-in permissions.
Catch this exception and tell the user that they need to uninstall A and B and install them in the proper order.
If A and B are both by the same author, use a protectionLevel signature permission and have the same <permission> element in both A and B. Then the installation order will not matter, and the user won't be bothered with any prompts to agree to this permission.
However, bear in mind that prior to Android 5.0, the fact that option #3 works means that any app installed before A could do the same thing as B does, except downgrading the protectionLevel from signature to normal. This is a known vulnerability. Android 5.0 requires that custom permissions are defined on a "first one in wins" basis, and the second and subsequent apps trying to define the same <permission> have to be signed by the same signing key as the app that actually did define it.
In truth, permissions are great for pre-installed apps and the OS itself, but defining custom permissions at the app level is... less than great.
I was trying to create a content provider serving to all Apps in system; kept getting security permission error when ran other Apps to read.
Could anyone help to show me the sample of how to compose read permission in Manifest, because I cannot access developer.android.com even by VPN in PRC...shame...thanks a lot...
To quote the developer docs:
Content Provider Permissions
A provider's application can specify permissions that other applications must have in order to access the provider's data. These permissions ensure that the user knows what data an application will try to access. Based on the provider's requirements, other applications request the permissions they need in order to access the provider. End users see the requested permissions when they install the application.
If a provider's application doesn't specify any permissions, then other applications have no access to the provider's data. However, components in the provider's application always have full read and write access, regardless of the specified permissions.
So you would need to declare a permission for the content provider in your manifest, such as:
<permission android:name="com.your.app.permission.READ_MY_PROVIDER"
android:label="#string/read_permission"
android:description="#string/read_permission_description"
android:protectionLevel="normal" />
As a child of the <application> element. The protection level should be normal if you want all apps to be able to access it, or signature if it should only be accessible by apps you have signed with the same key.
And add that permission to the provider like so:
<provider
...
android:readPermission="com.your.app.permission.READ_MY_PROVIDER"
... />
Then, request the same permission in the other apps, and they will be able to access your content provider:
<uses-permission android:name="com.your.app.permission.READ_MY_PROVIDER">