May be I am missing something, but is there a way to quickly know all the places I have to update with the new permission checks needed for Android apps using sdk23?
As a developer this change is very frustrating considering the multiple places that need to be updated. I would like to make sure I don't forget/miss any of them.
I am talking about finding where it will be needed to use these two functions before using the permissions qualified as 'Dangerous'
ContextCompat.checkSelfPermission()
ActivityCompat.requestPermissions()
https://developer.android.com/training/permissions/requesting.html
Dangerous permissions
https://developer.android.com/guide/topics/security/permissions.html#normal-dangerous
EDIT
In some cases the code throws SecurityException like when trying to use location without the granted permission. But in other cases it just returns null like here
AccountManager.get(context).getAccountsByType("com.google")
Using Android Studio, open the Analyze menu and run Inspect Code... In the results, open Android and then Constant and Resource Type Mismatches. Look for entries that start with "Call requires permission..."
Related
We make some libraries that clients implement in their apps and now we are looking to update them to support Android 6.0 new permissions model.
My question is if there is any way to request dangerous permissions in runtime from our libraries (mostly static classes) instead of asking the client to request those permissions prior to using our libraries.
I have been messing with it but it just seems not possible for me, looks like it has to be made from an Activity which we do not have.
Am I right or is there any way to do it?
Thanks in advance.
looks like it has to be made from an Activity which we do not have.
Correct. That is because the permission-request logic depends heavily on startActivityForResult() and onActivityResult(), wrapped to handle permission requests.
Plus, requesting permissions needs to be tightly tied into the overall application flow, and a UI-less library will have no way of knowing whether it is appropriate to be attempting to request a permission at this time.
You are welcome to check whether you have the permission, via ContextCompat.checkSelfPermission(), as that has no UI. So, you might use this to check, at the entry point(s) of your library, whether you have the requisite permissions to do your work, rather than just let the SecurityException or whatever happen.
Google official library for android runtime permissions both java & kotlin
Library name: EasyPermissions
Java-library
Kotlin-library
I'm working on an old project of my company and want to look up the manifest for unused components. Doing this I found the permission android.permission.WRITE_OWNER_DATA in manifest file, but I don't know for what reason the app does need it.
Every documentation I found says that this permission "Allows an application to write (but not read) the owner's data." That's okay, but I want to know for what API / method I need the permission so I can look up the existing code, if I need it!
Thank you for your help!
Greetings,
Jamic
I don't think you need the permission nowadays, the only reference I found is in some old android versions' contact provider; the permission was removed in version 9.
From what I uderstand, there is no way to do something like
if(have certain permission){
//do something that requires the permission
}
where the application can request optional permissions.
For example I want to track usage of my app only if the user accepts to being tracked. But still allow the user to download and use the app with tracking disabled if he dosen't agree.
Is this at all possible ? If not, what is the reasoning behind not supporting this feature ?
EDIT: to clarify, Im referring to Android permissions, like using the camera or looking at the contact list.
According to the Android documentation:
The permissions required by an application are declared statically in
that application, so they can be known up-front at install time and
will not change after that.
User needs to be informed about the permissions while installing the application. Asking them at run time would be a security risk. A rouge application can use clickjacking to make user accept the permission..
If your are really talking about Android permissions, such as camera. Use the :
http://developer.android.com/guide/topics/manifest/uses-feature-element.html
<uses-feature android:name="android.hardware.camera" android:required="false" />
This means the app can also be used on a device which does not have a camera.
For your example (asking the user permission to track him/her)
You can do this with any language you want. Because your permission is not something like Android permissions.
Just ask the user a question, with a checkbox. Save the value of the checkbox (using SharedPreferences) and use the value in your if statement.
What would be the best strategy to define custom (application specific) permissions in Android?
I have an application of which part of it is accessible without requiring a login. But part of the application functionality is to be restricted to users who actually have logged in. I was trying to think of the best way to do this on Android and was thinking on the lines of defining a permission in the android manifest. But is this is the right tool for the job?
I come from a world where user permission are as easy as putting annotations on the class #admin, #manager. Nothing of that I suppose in the Android world.
Also my concern is I do not want the user to see my custom permissions while installing the app since it might just confuse/scare him for no reason.
Wanted to ask how people approach this issue? Do they just hardcode a utility method isLoggedIn() and call it before executing anything that requires permission?
I maintain a cookie when a user logs in. If that cookie is not set, I give them the un-authenticated experience. If the cookie is set, I use it to make service calls.
For instance, let's take android.permission.GET_PACKAGE_SIZE.
Searching for this string in Android 1.6 *.xml source files only points to a single application that uses it, frameworks\base\tests\AndroidTests.
So the next step is to search through the .java files in a hope that I'll eventually find the code that might look like it queries for package size.
Is this the supposed way of discovering permission use?
The Manage Applications UI uses the API protected by this permission. It probably doesn't request the permission in its manifest because it runs as the system user ID so is implicitly getting the permission.
For applications in general, yes you can look at their AndroidManifest.xml to find the permissions. This is complicated by shared user IDs, which allow multiple applications to run as the same uid, and thus share permissions; any such app requesting a permission grants that permission to all such apps. The settings app, which has the Manage Applications UI, uses the "system" shared user ID so gets all such permissions available to the system.
Generally speaking, you find out what permissions you need because they are referenced from APIs you want to use, normally in the docs, occasionally by exceptions.
Conversely, if a given permission is not cited in the docs, except where it is named (e.g., on Manifest.permission), then it is probably a system permission that you are ineligible to hold unless you are working on alternative firmware.
And, if you are working on alternative firmware, you'd be well-versed in searching the source code. I use Google Code Search, personally, such as this search for your desired permission.
So, in the case of GET_PACKAGE_SIZE, the only place you find it in the docs is in Manifest.permission, and the only place the source code requires it is in a non-SDK method, so I suspect you cannot hold it.
Just check the docs.
GET_PACKAGE_SIZE : Allows an
application to find out the space used
by any package.
http://developer.android.com/reference/android/Manifest.permission.html
EDIT
I may have mis-understood the question. If you want to know what code is using a permission value. Then you will in fact have to dig through the source yourself.