I am checking my app's permissions against the new permission model on Android 6.0
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
targetting the app on API23 , using Appcompatv7-r23, installing the signed app via adb on emulator device Android 6.0 and running it:
at runtime nothing new happens, the app works well as before API 23, and it seems that all those permissions are automatically granted on install time.
I inserted ContextCompat.checkSelfPermission() for RECORD_AUDIO permission and it soon returns "PERMISSION_GRANTED".
Is it possible that those three permissions are retained as not dangerous by the new permission model?
Is mine a valid test?
It is still in dangerous category and not granted at install for those app, targeting Android M
My test was not valid because emulator was not running on API23 platform, although I have chosen API23 on device's definition.
Related
The android developer documentation are pretty misleading and i can't seems to understand the bottom line.
My app contain the following permission:
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
And i need to add this new "normal" permission
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
Will this effect users with autoupdate enable? would they need to accept app new permission?**
Google docs
https://developer.android.com/guide/topics/permissions/requesting.html
https://developer.android.com/training/permissions/requesting.html
If you add a normal permission
The app is able to update without asking user for granting permissions.
CHANGE_WIFI_STATE is a normal permission.
If you add a dangerous permission
Beginning in Android 6.0 (API level 23), users grant permissions to apps while the app is running, not when they install the app. This approach streamlines the app install process, since the user does not need to grant permissions when they install or update the app.
[...]
If the device is running Android 5.1 or lower, or your app's target SDK is 22 or lower: If you list a dangerous permission in your manifest, the user has to grant the permission when they install the app; if they do not grant the permission, the system does not install the app at all.
If the device is running Android 6.0 or higher, and your app's target SDK is 23 or higher: The app has to list the permissions in the manifest, and it must request each dangerous permission it needs while the app is running. The user can grant or deny each permission, and the app can continue to run with limited capabilities even if the user denies a permission request.
Source: https://developer.android.com/training/permissions/requesting.html
That means users running Android 5.1 or older will not update the app automatically and will have to confirm new dangerous permissions before update. If your app has target SDK version lower than 23 users running Android 6+ will also have to confirm the update.
I built an application that uses the following permissions:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
When i try to install it manually on my android device (Android version 6.0.1) i get the following message:
Do you want to install this application? it does not require any special access.
But in fact it does require some special accesses, by the way, when i test on Devices with android 5.1 and prior, i was shown the permissions and asked to accept them.
this is a problem because i have to manually toggle the permissions on in the android settings in application management when on android 6.0.1 so the application works normally.
is there anything i have to add to my code to fix the issue for android 6+ ?
Another strange issue i noticed, at the page of my application on Playstore (close alpha testing for now) i get the following message in Permission details under developer section:
Item not found.
and this i get only on my android 6.0.1 device, and not in devices with prior versions.
Because the android M permission handle it differently, you need to ask the permissions at runtime
Take a look here :
https://developer.android.com/training/permissions/requesting.html
You need to ask for permissions at runtime in android 6+. This is the reason why no permission is asked when you are installing your application like its asking in android lollipop. Visit android developer page to learn how to ask for permission for android M and above visit : https://developer.android.com/training/permissions/requesting.html
Is it possible to avoid runtime permission with admin permission?
I have to change something in Settings.System, but unfortunately on Android M, I have to ask user to allow me...
Permission of WRITE_SETTINGS has been revoked from user apps (as in not system apps) in api23. From looking into source code in android we can see the following protection levels for this permission:
<permission android:name="android.permission.WRITE_SETTINGS"
android:label="#string/permlab_writeSettings"
android:description="#string/permdesc_writeSettings"
android:protectionLevel="signature|preinstalled|appop|pre23" />
which means you can gain this permission by either:
1.Targetting sdk lower then 23 in your manifest
2. By having system signature, by having app preinstalled in system (/app or /priv-app) or by gaining permission through appop (not relevant).
So, as user app targeting sdk23 you cannot gain this permission. Target sdk 22 and lower for gaining this permission from manifest. it works fine.
I am trying to develop an application where I have to use a permission "android.permission.READ_NETWORK_USAGE_HISTORY" which is protected by "signature|system" protection level.
To use this permission I have copied my apk to /system/app/ location of android 4.4.2 avd to make my application work as a system app.
But when I run the app i get a SecurityException
Caused by: java.lang.SecurityException: NetworkStats: Neither user 10052 nor current process has android.permission.READ_NETWORK_USAGE_HISTORY.
I have properly specified the permission in manifest and even installed my app as a system app which should sufficient to use any api protected by above mentioned permission.
Now the question is why am I getting the security exception when my app is eligible to get that permission.
Permission Details :
https://android.googlesource.com/platform/frameworks/base/+/master/core/res/AndroidManifest.xml
Try to add below permissions as well to your manifest:
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
You can't just say that an app has become a system app by just copying it into system/app folder.The main pre-requisite to make an app as a system app is that the app needs to be signed by the same signing keys with which other system apps on the device have been signed with.For a hardware device,these are the keys which the manufacturer uses while signing the OS on the device.
I've got an Android App on Google Play and when installing it, it says it has the Persmission "System Tools - test access to protected storage. Allows the app to test a permission for USB storage that will be availavle on future devices".
I don't really understand that permission and I don't know which permission in my manifest activates this.
I use following permissions in my manifest.xml
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
ANDROID:It has added a new permission that needs to be added for jelly bean. Please read this article for more details:
http://www.androidguys.com/2012/06/29/jelly-bean-has-new-permission-option-to-read-external-storage/
There is a new developer option to turn on read access restriction, for developers to test their applications against how Android will behave in the future. So, when you hop into the development options on your Jelly Bean device, don’t be surprised to see this new option. We won’t see the permission in Android 4.1.0, but most likely in 4.1.1, and its intention is to keep your device more secure.
Currently this permission is not enforced and is used for testing on devices that have enabled Protect USB storage under Developer options in the Settings app on a device running Android 4.1 or higher.