I want to enable android.permissions.STATUS_BAR in my app. Is it possible to do so, given that I am targeting possibly non-rooted phones?
From what I understand, android.persmissions.STATUS_BAR is a System persmission and can't be used.
In android terms it falls under signatureOrSystem permission. The meaning is (taken from Android Manifest DOCS)...
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.
Have a look at the following links as well. They might help you find a workaround...
How to disable statusbar in android
Why are these permissions being refused?
Preventing status bar expansion
Related
I am getting very conflicting information regarding the use of android.permission.READ_LOGS Android permission. Firstly, the Android Documentation website does not specify the protection level of this permission. It is neither classified as normal, nor dangerous. They do specify the following:
"Not for use by third-party applications, because Log entries can
contain the user's private information."
Some websites say not to use it for the same privacy concerns.
However I have some issue with that:
When I tested this permission in my app on Android 7.1.1 (Nexus 5X) and Android 4.4.2 (old Samsung 8" tablet), neither of them prompted me that the app required this permission. Both said that the app requested "no special permissions". This only happens if the permission is deemed "normal", in which case it is automatically granted.
Secondly, using this permission, I can only view logs from logcat pertaining to my app, which does not log any personal information. Hence, I don't violate any privacy either. I thought this permission may allow me to see other app's logs, causing privacy issues.
So, if this is the case, then is it deemed safe to use this permission in a production version of the app? It would help me a lot in debugging strange bugs users face if they can send me a logcat by the press of a button.
EDIT: Ok, now I am quite confused. It appears that I don't need to explicitly specify this permission in the manifest either.
Is READ_LOGS a normal or dangerous Android permission?
Neither. As of Android 7.1, it is signature|privileged|development. That basically means that apps signed as part of the firmware build or installed on the privileged partition can hold the permission, but nothing else can.
the Android Documentation website does not specify the protection level of this permission
Correct. READ_LOGS is still in the SDK, for backwards-compatibility reasons, but ordinary apps have not been able to hold it since Android 4.1, which came out five years ago.
This only happens if the permission is deemed "normal", in which case it is automatically granted.
No.
I thought this permission may allow me to see other app's logs, causing privacy issues.
It did, on Android 4.0 and earlier.
then is it deemed safe to use this permission in a production version of the app?
Well, bear in mind that there has never been a documented and supported way for apps to access LogCat contents. Most likely, you're using one of the script-kiddie solutions that have been posted, such as running the logcat command and capturing its output. So, it is entirely possible that there are devices, now or in the future, that will not support your particular approach towards accessing LogCat. So, the permission is not your problem; the lack of a supported API for LogCat access is your problem.
Personally, I'd use a logging library to log the content to both a file and to LogCat, using the file for whatever your app needs it for.
So I have this app that I made before the Android M came out, the app has permissions such as Camera(using custom camera within the app) Write & Read from external storage and System Alert permission I installed the app to my phone which has android 6.0 and the app was able to run normally and without any restrictions. I was able to use the camera, save files into sdcard & show a custom view using the WindowManager API.
please take a note that the target SDK for the app is android lollipop.
my question: is this even possible? the OS let apps that has target SDK smaller than M to run perfectly without asking for permissions? and if this is actually the default behaviour that android developers implement?
P.S: the identified question is not really applicable for my question. and i don't see any similarity between them at all.
Yes, it is possible. But that can give you a big problem. If the user deactivates some permission your app simple crushes because the permission is no longer available. The OS ask the user "This app was developed for a previous android version. disabling this permission can cause unexpected closing of the app" (ore some thing similar). In conclusion this is the normal behaviour because the android version that you are using to compile your app is before permissions needed to be confirmed by the user.
https://inthecheesefactory.com/blog/things-you-need-to-know-about-android-m-permission-developer-edition/en
this link explains all you need to now about your question .
Yes, if your app has targetSdkVersion below 23, it will work on M and above without asking any permissions (they will be asked during installation).
But if user will revoke any permission himself, app will crash. It was made by Google to get backwards compatibility with old applications that does not support new Permissions API.
You can read more about it here.
Here is quote from that page:
If the device is running Android 5.1 or lower, or your app's target
SDK is 22 or lower: If you list a dangerous permission in your
manifest, the user has to grant the permission when they install the
app; if they do not grant the permission, the system does not install
the app at all.
Is there a way to tell if a certain Android permission is required by which Android APIs? For example, which APIs will require the GET_TASKS or REBOOT permissions? My app, inherited from someone who's long gone, has these permissions listed in the manifest. I don't think we are using them, but I'm also afraid that if I remove them, there will be bad consequences. Any ideas on how to deal with this?
Both of these permissions are quite specialized, and only have a few uses.
android.permission.REBOOT
First of all, this permission has a protection level of signatureOrSystem, so unless your application is part of a custom ROM or you have access to the signing keys for the platform you are installing it on, the application won't even be granted the permission.]
It is required to call PowerManager.reboot()
android.permission.GET_TASKS
This permission is only marked dangerous, so your app can actually obtain this one.
There are two calls in ActivityManager that require this permission, getRecentTasks() and getRunningTasks() to get information about the current application tasks in the system. It's often used by custom Launcher applications to populate task lists.
HTH
PScout was a tool that analysed Android SDK and generated a map that maps Android permissions to methods that require those permissions.
Original PScout website doesn't work anymore but I extracted the mapping from original PScout and pushed it to Github. You can easily check it out and parse it if you need it.
Here you can find all methods that PScout found which require Android permissions.
PScout results- map of Android permissions and methods that require those permissions
Take out each piece then run in. If it continues to work keep what is deleted and move down the list of permissions.
I'm wondering about how is a signatureOrSystem permissions enforced on custom ROMs.
Docs say:
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificates as those in the system image.
Where is this certificate? In case I'm using a custom ROM, say CyanogenMod, can I obtain their certificate, which I'm assuming is freely available, and sign my application so that it could use such a permission (only with that ROM of course)?
Thanks ;)
For CygenMod the platform key is here: https://github.com/CyanogenMod/android_build/tree/gingerbread/target/product/security.
As of Android 4.4 putting the app in "/system/priv-app" will also enable granting of permissions marked as "signatureOrSystem" regardless of what key the app is signed with. In theory older androids would do the same for an app on "/system". However, I was not able to get this to work.
As of Android 5.1 all apps in /system/priv-app may have to be in subfolder with their name to work.
Notice: The special handling of "/system/priv-app" is currently an undocumented feature.
Can somebody explain to me what are the benefits of Android System App over a "normal" app
(besides that fact that a system app cannot be uninstalled)?
Special permissions?
There is some confusion here.
First, if you are talking about "system app" as just being one with FLAG_SYSTEM set, all this means is that the app is located on the /system partition, which is the read-only partition that is basically the firmware of the device. (It can only be modified as part of an OTA firmware update.) These apps can't be removed simply because they are on a partition that can't be modified.
The only thing special about a system application beyond this is that there are a handful of signature permissions that can also be granted to any app on the system image. For example there is a permission to directly talk with the package manager to install an app (without going through the system UI) that such an app can have; this is useful for any app store / market pre-loaded on a device.
Being signed with the platform certificate is an orthogonal concept -- such an app can be either on the system image or installed as a third party app (though obviously in almost all cases these come pre-installed). Such apps have access to a whole suite of low-level permissions for interacting with the platform. Very few apps are signed with this certificate; it is only for core platform applications. Unless you are working with a hardware vendor on a device, you won't have access to this.
All of the platform's certificates (whether they be available to all apps, require an app be signed with the platform cert, or are available to apps installed on the system partition) are declared by the platforms manifest, just like any other app:
https://android.googlesource.com/platform/frameworks/base/+/master/core/res/AndroidManifest.xml
There are permissions that can only be obtained by systems apps. For example the permission brick can be requested by every app but it is only granted to apps that are signed as system apps. There are some other features that make more sense I think directly installing and removing apps would be a system only permission too.
From your explanation I guess you mean the the pre-installed applications (like the Browser or the Messages app). You can take a look in these apps at https://android.googlesource.com. (search for platform/packages/apps/...).
You will find that these application are no difference to your own custom developed Apps, except you can't remove them. They cannot be removed as they provide the basic functionality to operate your phone / device. So, same security constraints apply there.