What is the best way to access the app usage database on Android, without using the API?
In particular, I would like to make a local copy of the database behind this API:
http://developer.android.com/reference/android/app/usage/UsageStats.html
There's no best way, other than the API. You may or may not receive the permission to access this data. On this page it says:
NOTE: This API requires the permission
android.permission.PACKAGE_USAGE_STATS, which is a system-level
permission and will not be granted to third-party apps. However,
declaring the permission implies intention to use the API and the user
of the device can grant permission through the Settings application.
It reads as though you might get the permission if you declare it and the user grants it... or you might not, as it will not be granted to third-party apps.
Related
i have a question related to Android app run time permissions.
Is it preferrable/allowed practice for developers to save users' permission preferences i.e. each user has allowed/denied any permission, on our remote server database?
Offcourse we are asking run time permission for every feature we want to use, but is it preferrable that we log on server that if user has allowed for any permission or not, please let know. Thanks
Android framework has restricted the developers to ask only those permissions which are necessary to implement a specific feature and that too if there's no other way to implement the feature without that specific permission. In your case, it seems like you have already taken care of the permissions and just want to hold the result of the asked permissions.
So the answer is YES, You can save this data and it's even considered good practice for handling permissions. Here's the reference from the official android documentation.
Greater flexibility in granting permissions
Users can deny access to individual permissions at the time they’re requested and in settings, but they may still be surprised when functionality is broken as a result. It’s a good idea to monitor how many users are denying permissions (e.g. using Google Analytics) so that you can either refactor your app to avoid depending on that permission or provide a better explanation of why you need the permission for your app to work properly. You should also make sure that your app handles exceptions when users deny permission requests or toggle off permissions in settings.
https://developer.android.com/training/permissions/usage-notes
I have an app using this method: getLine1Number from TelephonyManager
According to Android Documentation, this method needs READ_PHONE_STATE runtime permission. When I call this api without giving this permission, my app crashes. However, If I grant this app with the signature permission READ_PRIVILEGED_PHONE_STATE and without giving the READ_PHONE_STATE permission, the api works and the app does not crash.
Why is it the case?
the reason is simple, some APIs in order to work read permission from the android system as they are trying to access user-private data. Android, designed as a secure OS, would grant permissions to expose such data to these APIs. Some permissions needs to be explicitly agreed upon by the user, while some only need to be registered to keep track of.
Not including these permissions in the Manifesto will cause a permission not granted error and the app will crash as your source code probably does not have logic to deal with that.
I have made an application say "TestApp" which contains a content provider. Content provider shares the database access to all other application. Is there a mechanism in android which allows only few other application having a particular type of permission to access content provider of "TestApp"?
I don't want applications which do not have that specific permission to access the content provider of "TestApp".
Being a newbie i don't know the standard that a question asked should have.
Please help.
You could look at providing a custom permission in your application.
Custom permission question in stackoverflow
Developer.android.com
Please be aware that this could pose a security issue to your application.
The usual way to do this is to set android:protectionLevel="signature" on your permission. This will restrict access to only applications signed with the same certificate as the application which declares the permission. These applications may declare a <uses-permission> tag to gain access.
See also the general security tips article.
That said, be careful what you protect with this. It will prevent random applications the user installs from getting access to your data, but not if the user truly wishes to bypass these protections. If the user wants to give an application the ability to circumvent this, then the user can do so. This protects only against other applications gaining access when the usual security measures are in force.
I have few doubts.
Is it possible for Android application after installation, to ask user for permission for accessing certain functions? Like say the app A wants to read contacts for a specific purpose. If the user grants permission, then the activity will take place. Else it wont. Is it possible?
Is there a way of allowing user to select/de-select permissions during installation time?
I have read that using CyanogenMod grants user these kind of priveleges. Is there any solution for non-rooted user, apart from take-it-or-leave-it approach?
It would be great, but not, all permission must be granted during installation :-(
Only exception is access to the google profile, this will be authorized during first access.
I hope that a future android version will can do that.
Cyanogen can do opposite. You must grant all permissions during install, but you can explicitly remove them later. But it result in application crash very often. This is only for advanced users.
I am new to Android and have a question regarding protection level "Signature" for permissions in AndroidManifest.xml.
The Android reference document states about "Signature" protection level:
A permission that the system grants only if the requesting application
is signed with the same certificate as the application that declared
the permission. If the certificates match, the system automatically
grants the permission without notifying the user or asking for the
user's explicit approval.
This implies that permissions which have protection level "Signature" are not available to use by normal application and can only be used Android Dev Team.
What I am wondering about is that how many applications in Android Market or on other sites can have these permissions? Like an application which is used for recording calls has android.permission.DEVICE_POWER in addition to other permissions. Is Android system really granting this permission to this application while installation?
When I tried to use the permission "READ_INPUT_STATE" (new in 2.2) I got the following error in LogCat:
06-28 09:28:34.943: WARN/PackageManager(60): Not granting permission android.permission.READ_INPUT_STATE to package com.example.wheredoyoulive (protectionLevel=2 flags=0x8444)
The same is true for permissions with Protection Level "SignatureOrSystem". There exists a caller application which has CALL_PRIVILEGED permission in addition to other permissions.
Please help me and clear my doubts.
Regards
Abhishek
I believe the purpose of the "Signature" permission level is for two applications by the same developer to be able to share data seamlessly without bothering the user. The READ_INPUT_STATE permission is not intended to be used in applications:
Allows an application to retrieve the current state of keys and switches. This is only for use by the system.
See http://developer.android.com/reference/android/Manifest.permission.html#READ_INPUT_STATE
Facebook home uses this,
once you install it you'll notice that it doesn't request ANY permissions, but explicitly requires that the facebook app be installed, this is so that the system can grant it the necessary permissions by proxy of the Facebook app.
Typically what happens is the Facebook app with advertise facilities for other apps to read your status and news feed, normally these apps would need to explicitly request permission to use them if they are signed under a different certificate or rather private key.