I want to use a library in my project? But I do not want this lib to have permission to access files, database or download something from network in my app. How can I achieve my aim ?
The library is provide by others, I need use some function in it, but i do not want it has permission to hack my app. Maybe i need something like sandbox to run this lib, but I do not know how to achieve this?
In your library projects, you can remove the permissions from manifest.
In terms of jar lib, there is no problem. Because jar libraries are going to use the app permissions only.
Related
I am writing an SDK to be used in other applications, to enable them to use our service. Obviously, I am writing a library for that.
Note that user here means user of SDK.
The questions:
I need to have an activity in my library. Do users have to declare my activity in their application to use it? Can I have activity defined in the manifest of my library, export library as aar? Does this work?
My library needs some permissions, like to check if internet is available or not. Like the above issue, can I have my permissions defined in manifest of my library?
aar or jar? What is the difference, beside the things mentioned in Google docs. Any support issues with aar, idk like lower API versions not supporting it or other IDEs (Eclipse? Still used?) not supporting it? I mean some practical issues with aar, if there is any.
I'm also open to any documentation or any link to help me.
I have developed for Android in the past, last time was when Android Studio was just released in alpha. It seems like a new world now :)
I need to have an activity in my library. Do users have to declare my activity in their application to use it? Can I have activity defined in the manifest of my library, export library as aar? Does this work?
Users don't need to declare library activities in app manifest. It will work. But don't forget to declare theme inside your library style file and apply on your activities(Activities which are in library).
My library needs some permissions, like to check if internet is available or not. Like the above issue, can I have my permissions defined in manifest of my library?
All permissions which you need inside library module you can mention it inside library manifest. But you have to take care of asking risky permissions. Let say if your library need WRITE_EXTERNAL_STORAGE permission so whenever you are going to call library activity you need to ask such permission at run time. You will get more here
aar or jar? If you are going for pure android then go for aar. You will get more discussion on here
aar or jar?
both:
jar (standard non-android-library) with android independant code (java-interfaces, java-datastructures, datatransportation via webservice, businesslogic, ......).
benefit: the jar can be junit-tested without android on a desktop pc
benefit: the jar can be reused in java desktop apps.
aar (android specific library) gets the android specific data/code (manifest with requested-internet-permissions, activity with resources, code for requesting android permissions, android-sqlite-database).
the aar has dependencies to the jar
I successfully use this seperation in my android projects ToGoZip and APhotoManager
I want to use a library in my project. But I do not want this library to have permissions to access files, database or download something from the network in my application. How can I achieve my aim?
The library is provided by others, I need to use some function in it, but I do not want it to have permission to hack my app. Maybe I need something like a sandbox to run this library, but I do not know how to achieve this.
If you are embedding the library (JAR or .so) in your app, then you cannot limit its access. The library code is running in the context of your app and is effectively "linked" with your code. It has access to anything your app's process does since it is running within it.
If you want separation, you would need to isolate the library into another APK package and interface with that package via binder or Intent. Even then, you would need to ensure the other package was not using shared user IDs (which is the default) and you would probably want to sign it with a different key.
I'm developing an Android library which provides ways to reach into various system services and gather data for analysis. My classes make use of various system service managers (like WifiManager) to gather the data.
I'd like to structure the manifest of my library such that it doesn't grab all the possible permissions that all of these features require. Instead, I'd like to leave it up to the app consuming that library to declare only the permissions that it will need, which might be a smaller subset of what's used by the library.
This actually works in practice, because the manifests all get merged together during the build process, so the app ends up with the permissions it needs to use the features of the library. However, since the <uses-permission> tag isn't in the library's manifest, the code is all lit up with warnings from Android Studio.
Is there a way to annotate my library code such that the permission check is ignored?
Of course I can simply turn off the "Constant and Resource Type Mismatches" inspection in my Android Studio settings, but that won't help anyone else who's trying to use the library. I tried finding a reference to this inspection in the documentation (so I could kill it with #SuppressWarnings but haven't found it yet.
Is this even a worthwhile approach?
…or should I, instead, have the library grab all the permissions it needs, which would force a consumer of the library to turn off the ones it doesn't need using the tools:node="remove" property in its manifest? The problem here is that, as I add features to my library, my library's consumers would repeatedly have to circle back and explicitly remove those new permissions as well. I feel like that's not a great model and I'd rather leave the permission requests to my consumers.
Consider the following conversations on the subject —
Android: New permissions added behind my back after library updates (StackOverflow)
Hey, Where Did These Permissions Come From? (CommonsBlog)
In just randomly right-clicking around the issue I was able to choose the Suppress for method context command in Android Studio and it added the following annotation:
#SuppressWarnings( "ResourceType" )
So… yay! There's the answer to which annotation to use.
I'm still interested, though, in what people's thoughts are regarding the approach in general. Please feel free to hash that out in the answers section. ^_^
I want to download files from internet in my Android Native application. I was searching for reference to it on the net but couldn't find any.
Could somebody please tell me if it is even possible and if it is what to look for or where?
Is there a ported C++ library that can do this?
Thanks
There are C libraries that can do Internet access - libcurl comes to one's mind - but why not use Android's builtin Java stack?
Check your manifest to make sure you allow internet access, modify information on sim card, etc.
Now you have access to the sim card and the internet. From that point on, you can do that stuff.
Also, I noticed you mentioning a C++ library? Android is done in java mostly unless you are doing something cross platform like the cocos-2d-x which is written in C++
I have a particular collection of code along with some XML files that I need to share with every application I will make.
At the moment I can't because as far as I am aware there is no way to do this. This seems like a massive oversight by the development team.
If the code needs changing, I have to change it in every app that I create - and will create in the future.
Are there any ways to share code in android yet?
I am using Eclipse for development.
You can create an Android library project. The TicTacToeMain sample project in the SDK shows how to reference your created library project.
You can reference a third party JAR like you would any Java project. Or are you talking about something else?
As for sharing XML files, I think you may have to just copy them to each project, but I'm not certain about that.
You can reuse particular Activity classes in applications other than the one they were installed with. Is that sufficient?
To do that, you need to set android:exported="true" in the Activity's declaration in AndroidManifest.xml. http://developer.android.com/guide/topics/manifest/activity-element.html has more details.