When I add the permissions
"INTERNET"
"ACCESS_NETWORK_STATE"
to my app and upload it to Google Play, people who download the app see the message "this app doesn't require any special permissions".
Are the following permissions "special" for Google Play?
"ACCESS_WIFI_STATE"
"READ_PHONE_STATE"
I'm using a mobile ad SDK that claims to perform better if it is granted all four permissions. But I don't want to scare off some users by asking for too many permissions.
The permission READ_PHONE_STATE has to be accepted by users, ACCESS_WIFI_STATE doesn't.
Somebody asked already about the link between Android Permissions and Permission Groups - the selected answer links to the actual mapping file for the permissions of Android.
So the permissions you mentioned are belonging into the following groups and protection levels:
INTERNET: NETWORK (dangerous)
ACCESS_NETWORK_STATE: NETWORK (normal)
ACCESS_WIFI_STATE: NETWORK (normal)
READ_PHONE_STATE: PHONE_CALLS (dangerous)
Based on Google's explanation about the protectionLevel, "special permissions" (as you call it) are permissions marked as "dangerous" (as Google calls it).
But hey, INTERNET is dangerous! Why aren't users asked about this permission? Because.
Google has also given each app Internet access, effectively removing
the Internet access permission. Oh, sure, Android developers still
have to declare they want Internet access when putting together the
app. But users can no longer see the Internet access permission when
installing an app and current apps that don’t have Internet access can
now gain Internet access with an automatic update without prompting
you.
Related
Now that Android 6.0 becomes more popular among users, I've asked myself what the consequences of the selective permission granting are.
Let's assume I had a free ad-supported version of an app. It will obviously need internet permission to query ads. Now the user is able to deny that permission and apps could not be queried. The consequence I am thinking of is to deny app function if not all the permissions are granted. But this would make the permission model pointless for my app. It would be an "all or nothing" scenario. Is that thinking correct? I am interested in your thoughts.
Another thought I had was: Is the permission of internet access granted to AdMob automatically, by any chance? This would prevent users from disablings ads simply by takingvaway the internet permission. As AdMob is a Google company and this functionality is implemented in the Google Play Services, I guess that could be possible?! Any thoughts on this?
Let me know what you think.
Update: Admob also wants to have Location Info. So even though Internet does not need permission, the question still is interesting.
#mad: in android 6.0, your app never ask your to allow internet permission. because internet not part of user's privacy in android 6.0
(in sort user not able to deny internet permission) only on/off internet from device!
so don't worry about it. you app work same in android 6.0 as previous version of android.
you have to ask user for permission only if you are using, CAMERA, CONTACTS, LOCATION, MICROPHONE, Phone, STORAGE ...etc..
LOCATION: when you fetch location from your app and pass to any 3rd party app. in this case you must have to ask user to allow location permission. otherwise its not needed like Google Play service or In-App Purchease.(both fetch user location where app installed or product purchase but when we use both library in our app we must not have to ask location permission).
is there any way for hide the android manifest Permissions for some reasons and user couldnt see during installing the app?
Taken from the support page from Google Play:
Google Play shows you which permission groups an app will be able to
access. This information can help you decide whether you want to
install the app.
The whole sole purpose of those permissions is for people to see what your app can access and decide whether they want to share (all) that information with you.
In Android L and lower, this is impossible. If you do not ask for a permission, you will get a crash when you try to access the thing that needs permission. Thus, you cannot hide permissions from users.
In Android M, the whole permission idea is changed: instead of asking for lots of permission at the install, the app is installed without permissions, and when you need a specific permission, for example for camera, the user will have the option of accepting or declining the permission. Thus, the user will have a clearer view of what a permission is asked for.
Regarding Google's recent announcement about Android M and Permissions model.
Per the official Android documentation:
Limited Permissions Granted at Install Time: When the user installs or
updates the app, the system grants the app all permissions that the
app requests that fall under PROTECTION_NORMAL. For example, alarm
clock and internet permissions fall under PROTECTION_NORMAL, so they
are automatically granted at install time. The system may also grant
the app signature and system permissions, as described in System apps
and signature permissions. The user is not prompted to grant any
permissions at install time.
Particular note that it says:
...the system grants the app all permissions that the app requests.
So, if the app does not have INTERNET permission in its AndroidManifest.xml, it won't be granted access to INTERNET in that case?
Or will an app require to add INTERNET permission in its manifest in order to be able to make network calls?
As for the specific android.permission.INTERNET permission, it is still mandatory for apps that will access the Internet. If a developer were to publish an app without defining it in the Android manifest, an exception will be thrown the first time a connection attempt is made, and the app will possibly crash. This is no different than before.
All that has changed is that there won't be a prompt to the user, the app will still require the permission in the manifest.
Please check this video from Google IO - https://youtu.be/f17qe9vZ8RM?t=18m10s
There is no more Internet permission - the app will have by default access to the internet. Their idea is that if you don't have access to the device data then you can not do anything dangerous
Kind Regards
How can you update data with Internet connection, but without any permission, like in this android app?
https://play.google.com/store/apps/details?id=org.youcorp.matchschedule.eu http://img5.fotos-hochladen.net/uploads/screenshot2014ty0vjlxsu7.png
You have to write the permission android.permission.INTERNET in the Manifest file. There's no way around it. But as of the latest Play Store update (4.8.19), the Internet Permission won't show up on the dialog. That's why the text says "does not require any special permissions".
Google also states this in the following Support document (Click)
"These days, apps typically access the Internet, so network communication permissions including the “full Internet access” permission have been moved out of the primary permissions screen."
That app you are linking to has full network permissions.
I have noticed that for few apps containing ads, they will ask for READ_PHONE_STATE permission. After tracking down their bytecode, I find they call TelephonyManager.getDeviceId(). Is it necessary for app containing ads ask for DeviceID? It's malicious to me because it seems that these apps will leak my private information.
Admob at least doesn't require that permission. All it needs is Internet access permission.
I can't tell if other providers require more permissions.