Once again I require your help stackoverflowers!
I've been working on a SDK and now need to verify that the user granted the permissions for stuff like location or file writing.
Verifying is fine, but I think I should ask for the permission if it's needed. The thing is, I have absolutely no access to any activities. I might use the appContext to check for the permissions, but I can't listen to onRequestPermissionsResult like this.
Is there a clever way to ask for permission from my side or should I ask the developers using my SDK to ask the permissions timely so I can use the feature I (and they) need later on?
Thanks for the help!
Personally I'd prefer SDKs to let me as the developer handle when to ask permissions as I may need to give the user some warning, handle it in advance or do other things before prompting them.
If you look at SDKs like Google Play Location services it leaves the handling of the location permissions to the developer and simply adds a warning to the calls that could fail by stating it may throw a SecurityException.
There is also an annotation they use called android.support.annotation.RequiresPermission which you could use to help users of your SDK. Using this annotation will give you the above mentioned Exception warning / error.
Example from official documentation:
#RequiresPermission(anyOf = {Manifest.permission.ACCESS_COARSE_LOCATION, Manifest.permission.ACCESS_FINE_LOCATION})
public abstract Location getLastKnownLocation(String provider);
And as result
I think that you have to declare permissions into documentation and delegate permission-trouble to your sdk users, because library may be part of Model and it mustn't manipulate with UI (permission dialogs)
You can't call permission dialog without activity
Related
When I try to setup Instabug bug reporting like this:
BugReporting.setInvocationEvents(
InstabugInvocationEvent.SHAKE,
InstabugInvocationEvent.SCREENSHOT
);
The permission request alert is shown. And I don't understand why. Can't Instabug application use environment folders?
As described in documentation:
Generally, the permission request doesn't appear unless the user attempts to use any of the features requiring the permission. The only exception, if you set the invocation event to be Screenshot. Then, the storage permission will be requested when the application launches.
But is there any way to avoid this?
I am maintaining two android developper tools intent-intercept
and ContentProviderHelper
that declare as many required permessions as possible to work with as many apis (Intents or Contentproviders) as possible.
If i want to use target-api android-6.0 (M) and newer i have to implement an api to ask os/user to grant permission for a certain
api call.
And that is my problem: i donot know in advance which api-call(Intents or Contentproviders) require which permission.
As developper tools the app-s should work with any api.
How can I solve this? Is there a api/lib that tells me which Manifest.permission.XXXX are neccessary to invoke Intents or Contentprovider
or why last call failed?
Do i have to ask for all permissions even if they are not required?
Is there a api/lib that tells me which Manifest.permission.XXXX are neccessary to invoke Intents or Contentprovider
No.
or why last call failed?
Catch the SecurityException, then examine the message of the SecurityException and see if it contains the name of a dangerous permission.
I use crittercism for my app. Here is what i do to initialize Crittercism:
I only use the following permission:
<uses-permission android:name="android.permission.INTERNET"/>
and i initialize Crittercism like the following:
Crittercism.initialize(getApplicationContext(), "MY_APP_ID");
I do nothing else.
I can see some information about app installs etc, but i cannot see crash reports. I do the following when i click a button in my app and deliberately crash the app:
public void onClick(){
Integer i = null;
i++;
}
But i cannot see the crash report of this situation. Can anyone tell me why? Do i need to add mappings.txt file etc.?
Thanks
As the official Crittercism documentation says, you need more permissions.
Add the following permissions to your app’s AndroidManifest.xml file.
INTERNET
Required. Used to report data to Crittercism.
ACCESS_NETWORK_STATE
Optional. Allows providing network connectivity information such as carrier and network type.
READ_LOGS
Optional. Allows collecting logcat data to be attached to crashes and handled exceptions.
GET_TASKS
Optional. Allows augmenting crash reports with information on the activity running during a crash.
Documentation
You probably need "GET_TASKS" in order to have crash reports.
I found the problem.
It seems that in the developer console, the platform was set to IOS, i changed it to Android and i can see crash reports now.
Using the beta 3.0 SDK on Android, I'm opening a Facebook Session with a simple session.openForRead() call with basic permissions (email).
As soon as I want to publish a message on a user's wall I'm re-authorizing the session with session.reauthorizeForPublish() including the new publish permissions (publish_actions) in the ReauthorizeRequest object.
As soon as the last request succeeded, a call to session.getPermissions() only returns the last requested permissions (publish_actions), but loses all of the previous read permissions (email).
The documentation of ReauthorizeRequest's parameter permission clearly states "additional permissions to request", so I'm currently not quite sure why the session loses all the other permissions after a request?
Many thanks,
Alex
Alex, sorry you are running into this. This is a bug in the SDK that we are working on fixing prior to the final release. In the meantime, there are a couple of workaround approaches you could try.
While the Session object's notion of its permissions is out of sync with the Facebook service, the access token associated with the Session still has those permissions and can still be used to make Graph API calls requiring any of the permissions it has been granted (unless the user has subsequently revoked any of them, of course). So if your application logic allows you to disregard the results of the Session.getPermissions() call (for instance, if your UI flow implies the user must have already granted a certain permission prior to reaching a certain step in the flow, so you can assume it is present), you can go ahead and make Graph API calls that require those permissions regardless of what getPermissions says -- real truth about what permissions are associated with the token lives in the service, not in the Session object.
If your app logic is such that you need to check whether a certain permission has been granted, unfortunately right now you may need to keep track of the permissions separately,
perhaps by declaring an ArrayList<String> somewhere that you append the new permissions to, perhaps in your Session.StatusCallback whenever the session is opened, and clear it whenever the session is closed. (You could also make a call to "me/permissions" each time the state transitions to OPENED_TOKEN_UPDATED and store the results.) This should be considered only a temporary workaround until the real fix is available. Hope this helps.
While developing a Launcher (Homescreen) application for Android, I've come into a security exception I don't understand.
When calling the
[bindAppWidgetId()][1] method from
within my Launcher Activity, I get
this security exception :
08-19 11:30:11.689: ERROR/AndroidRuntime(6032): java.lang.SecurityException: bindGagetId appWidgetId=99 provider=ComponentInfo{com.android.music/com.android.music.MediaAppWidgetProvider}: User 10034 does not have android.permission.BIND_APPWIDGET.
I first thought I had forgotten the BIND_APPWIDGET permission in my manifest, but it is definitely there.
The android api documentation states this :
"You need the APPWIDGET_LIST
permission. This method is to be used
by the AppWidget picker."
I tried to add the permission android.permission.APPWIDGET_LIST, but it doesn't solve the issue.
Also, I've looked at the manifest of the Settings application from the android sources that contains the AppWidgetPickActivity code : there's a special line that asks to share user id :
"android:sharedUserId="android.uid.system"
Could it be related to my problem ?
If anyone has an idea that would be great !
Cheers,
Laurent
I've found an answer!
BindAppWidgetId() is deliberately not available to applications! (security problems).
"The android.permission.BIND_APPWIDGET
permission is a system permission. You
can only get that permission if your
package is installed as a system
package (installed in /system/app in
stead of /data/app) or sign you app
with a certificate that's the same as
your android image. So basicly this
means you can only use this permission
if you are also the creator of the
android image on your platform/phone."
Here are the links to this information :
http://groups.google.com/group/android-developers/browse_thread/thread/231245ba6d1e690f/047b9d3f776d7e54?lnk=gst&q=bindAppWidgetId#047b9d3f776d7e54
http://groups.google.com/group/android-developers/browse_thread/thread/f24e0f484a79d529/ef84188e8533a125?lnk=gst&q=bindAppWidgetId#ef84188e8533a125
A quick Google search reveals that android.permission.APPWIDGET_LIST is a usable permission, even though it's not listed in the API docs.