I recently got interested in anything android.
I figured if you install apps on your android device, they have a lot of rights.
This is pretty scary, at least i think.
A program like whatsapp is able to view and store and sent pretty much all of the device its information.
However my questions is, how can whatsapp view and copy and edit contacts, if the whole contacts thing ( stored in /data ) is root ? If i try to access the folders from my computer it gives me an error, that i do not have permission to view it.
So what in the whatsapp apk is used to extract the contact information from a root folder ?
I am very thankful for help !
Greetings,
So what in the whatsapp apk is used to extract the contact information from a root folder ?
Most likely, they use the ContactsContract API to read contact data. They hold the READ_CONTACTS permission, which allows them to use this API. They also hold the WRITE_CONTACTS permission, which allows them to modify contacts.
On Android, there are public APIs that allow you to read Contact data. These require permissions.
A list of permissions can be found here:
Android Manifest Permissions
The permissions I imagine you are referring to are READ_CONTACTS and WRITE_CONTACTS. The actual data is accessed by a Content Provider. Content providers allow you to access data on the phone such as contacts, music, photos etc.
In WhatsApp's case, they will not be accessing any root folders, but using the Content Provider API which exposes the user's contacts.
Related
According to Google's introduction https://developer.android.com/work/managed-profiles.html, personal files in SD cards are not accessible by work profile application. However, we can see all files in DocumentsUI(application provided by system) by click "personality" after sending Intent(ACTION_GET_CONTENT), moreover file name, size and date are shown, which seems that files are readable. But when we use the uri from onActivityResult I got FileNotException (EACCES: permission denied) if I do reading operation (READ_EXTERNAL_STORAGE permission is already granted). Can we access these personal files from a work profile applications? If yes, how can I read and write them?
Thanks in advance!
Reference question # Access SD card data from android for work app, is the answer true?
With more test, I'm able to access some video/audio/picture files from DocumentsUI(by system). But for more files provided by 3rd-party application(such as file explorer), failure still exist. I suppose that the result depends on file providers. If content uri returned with read permission granted, application in work profile is able to read.
How can we ensure that certain applications are not able to access my data stored in content provider where in certain other applications can access that? Basically I need to allow some application of my interest to access my data stored in Content Provider but I do not want all the applications to be able to access that data. How can I achieve this?
Thanks.
The easiest way is to protect the content provider with a permission you define. Make it a signature a permission so only apps signed with your certificate are allowed to get it.
See:
http://developer.android.com/guide/topics/security/security.html
http://developer.android.com/reference/android/R.styleable.html#AndroidManifestProvider
http://developer.android.com/guide/topics/manifest/provider-element.html
If doing this based on certificates is not sufficient, you will need to write the permission checks yourself. This is done by calling Binder.getCallingUid() for incoming calls to your applications, and deciding whether the given uid has permission to access your provider. Actually implementing a different policy that is actually secure requires a lot of careful thought and design, though.
In the AndroidManifest.xml, at the screen with the properties of your ContentProvider, you have two fields:
Read Permission
WritePermission
So, you can define secure strings (also it may be path to some file) that are permissions for acces to your ContentProvider.
Applications that want to access your content provider must have that ones added in their UsesPermission elements.
I know this is not a technical question but I've searched a lot of time and can't find a suitable answer:
I would like to change the permissions of my app. You can find the app here: https://play.google.com/store/apps/details?id=io.trigger.forge2dd999d0f14b11e1bc8612313d1adcbe&feature=search_result#?t=W251bGwsMSwyLDEsImlvLnRyaWdnZXIuZm9yZ2UyZGQ5OTlkMGYxNGIxMWUxYmM4NjEyMzEzZDFhZGNiZSJd
If you look at "Permissions" it says:
YOUR PERSONAL INFORMATION
READ CONTACT DATA
Allows the app to read all of the contact (address) data stored on your tablet. Malicious apps may use this to send your data to other people. Allows the app to read all of the contact (address) data stored on your phone. Malicious apps may use this to send your data to other people.
And I would like to remove this so that the app does not read contact data of a user. Can someone tell me please how to do that?
Thanks,
enne
If the app doesn't actually access the contacts API, then you can safely remove the corresponding <uses-permission/> from your AndroidManifest.xml file and rebuild your APK.
http://developer.android.com/guide/topics/manifest/uses-permission-element.html
Just to add to Jeremy's answer about , looks like the permissions you are using are: android.permission.READ_PROFILE and android.permission.READ_CONTACTS
You need to remove those. For more details check this out:
http://developer.android.com/reference/android/Manifest.permission.html
Is there a way to get the user's first name or entire name? I mean the user of the phone
does it require special manifest permissions?
Yep, starting in ICS you can read the profile of the device owner (which requires the READ_PROFILE permission):
http://developer.android.com/reference/android/provider/ContactsContract.Profile.html
Specifically the DISPLAY_NAME column should have their name. Or you could look up the StructuredName data item to get their GIVEN_NAME:
http://developer.android.com/reference/android/provider/ContactsContract.CommonDataKinds.StructuredName.html
What exactly do you mean? You may be able to access the name in certain ways:
You can try to access their information stored in a Google account, requiring the GET_ACCOUNTS permission
You could, as Vinayak.B suggested, try to glean the info from the contacts, requiring the READ_CONTACTS and the READ_PHONE_STATE permission, although I think this is a hit-or-miss option.
There is also a READ_PROFILE permission, which I think is an interesting way to go, but I don't have any experience with that, so I can't tell you whether or not it's a fruitful venture.
I would try the GET_ACCOUNTS option first, since they must have a Google account to download your app. It also seems a little less invasive to me
I really hope this answers your question, but if it doesn't, you really need to provide more information.
Do you mean from device Contact list? if yes, get the source code and which permission from here : http://tutorials-android.blogspot.in/2011/11/how-to-call-android-contacts-list.html
I need to read a db file from a different application. The db file is created by the specific provider app & my application has to read this db file and take a back up. Not able to access the file : Permission Denied.
Is it possible to read the file created by a different app? I think it may not be possible as per the android design, but just wanted to confirm whether it is possible by setting any permission.
Thanks,
Grace.
No its not possible to read a db file from a different app in Android unless both apps are from the same publisher. It is part of the android security model that the application DB files are set as readable only by the application publisher in question.
This is done by each publisher being given their own user id on the device.
The only work rounds are
Root you android device ( If you break it you get to keep both pieces ) and run your app with elevated privs.
Look to see if the app in question has some kind of published API for querying their data.
Hope this helps
Peter