From what I uderstand, there is no way to do something like
if(have certain permission){
//do something that requires the permission
}
where the application can request optional permissions.
For example I want to track usage of my app only if the user accepts to being tracked. But still allow the user to download and use the app with tracking disabled if he dosen't agree.
Is this at all possible ? If not, what is the reasoning behind not supporting this feature ?
EDIT: to clarify, Im referring to Android permissions, like using the camera or looking at the contact list.
According to the Android documentation:
The permissions required by an application are declared statically in
that application, so they can be known up-front at install time and
will not change after that.
User needs to be informed about the permissions while installing the application. Asking them at run time would be a security risk. A rouge application can use clickjacking to make user accept the permission..
If your are really talking about Android permissions, such as camera. Use the :
http://developer.android.com/guide/topics/manifest/uses-feature-element.html
<uses-feature android:name="android.hardware.camera" android:required="false" />
This means the app can also be used on a device which does not have a camera.
For your example (asking the user permission to track him/her)
You can do this with any language you want. Because your permission is not something like Android permissions.
Just ask the user a question, with a checkbox. Save the value of the checkbox (using SharedPreferences) and use the value in your if statement.
Related
May be I am missing something, but is there a way to quickly know all the places I have to update with the new permission checks needed for Android apps using sdk23?
As a developer this change is very frustrating considering the multiple places that need to be updated. I would like to make sure I don't forget/miss any of them.
I am talking about finding where it will be needed to use these two functions before using the permissions qualified as 'Dangerous'
ContextCompat.checkSelfPermission()
ActivityCompat.requestPermissions()
https://developer.android.com/training/permissions/requesting.html
Dangerous permissions
https://developer.android.com/guide/topics/security/permissions.html#normal-dangerous
EDIT
In some cases the code throws SecurityException like when trying to use location without the granted permission. But in other cases it just returns null like here
AccountManager.get(context).getAccountsByType("com.google")
Using Android Studio, open the Analyze menu and run Inspect Code... In the results, open Android and then Constant and Resource Type Mismatches. Look for entries that start with "Call requires permission..."
What would be the best strategy to define custom (application specific) permissions in Android?
I have an application of which part of it is accessible without requiring a login. But part of the application functionality is to be restricted to users who actually have logged in. I was trying to think of the best way to do this on Android and was thinking on the lines of defining a permission in the android manifest. But is this is the right tool for the job?
I come from a world where user permission are as easy as putting annotations on the class #admin, #manager. Nothing of that I suppose in the Android world.
Also my concern is I do not want the user to see my custom permissions while installing the app since it might just confuse/scare him for no reason.
Wanted to ask how people approach this issue? Do they just hardcode a utility method isLoggedIn() and call it before executing anything that requires permission?
I maintain a cookie when a user logs in. If that cookie is not set, I give them the un-authenticated experience. If the cookie is set, I use it to make service calls.
Is there a way to get the user's first name or entire name? I mean the user of the phone
does it require special manifest permissions?
Yep, starting in ICS you can read the profile of the device owner (which requires the READ_PROFILE permission):
http://developer.android.com/reference/android/provider/ContactsContract.Profile.html
Specifically the DISPLAY_NAME column should have their name. Or you could look up the StructuredName data item to get their GIVEN_NAME:
http://developer.android.com/reference/android/provider/ContactsContract.CommonDataKinds.StructuredName.html
What exactly do you mean? You may be able to access the name in certain ways:
You can try to access their information stored in a Google account, requiring the GET_ACCOUNTS permission
You could, as Vinayak.B suggested, try to glean the info from the contacts, requiring the READ_CONTACTS and the READ_PHONE_STATE permission, although I think this is a hit-or-miss option.
There is also a READ_PROFILE permission, which I think is an interesting way to go, but I don't have any experience with that, so I can't tell you whether or not it's a fruitful venture.
I would try the GET_ACCOUNTS option first, since they must have a Google account to download your app. It also seems a little less invasive to me
I really hope this answers your question, but if it doesn't, you really need to provide more information.
Do you mean from device Contact list? if yes, get the source code and which permission from here : http://tutorials-android.blogspot.in/2011/11/how-to-call-android-contacts-list.html
Android has lots of permission as default, http://developer.android.com/reference/android/Manifest.permission.html
My question is am I able to define my own created permission? If yes how can I define and implement it?
Declaring and Enforcing Permissions
To enforce Permissions there are many functions like Context.checkCallingPermission() , Context.checkPermission() to check whether the Application has the specified permission.
For instance, let's take android.permission.GET_PACKAGE_SIZE.
Searching for this string in Android 1.6 *.xml source files only points to a single application that uses it, frameworks\base\tests\AndroidTests.
So the next step is to search through the .java files in a hope that I'll eventually find the code that might look like it queries for package size.
Is this the supposed way of discovering permission use?
The Manage Applications UI uses the API protected by this permission. It probably doesn't request the permission in its manifest because it runs as the system user ID so is implicitly getting the permission.
For applications in general, yes you can look at their AndroidManifest.xml to find the permissions. This is complicated by shared user IDs, which allow multiple applications to run as the same uid, and thus share permissions; any such app requesting a permission grants that permission to all such apps. The settings app, which has the Manage Applications UI, uses the "system" shared user ID so gets all such permissions available to the system.
Generally speaking, you find out what permissions you need because they are referenced from APIs you want to use, normally in the docs, occasionally by exceptions.
Conversely, if a given permission is not cited in the docs, except where it is named (e.g., on Manifest.permission), then it is probably a system permission that you are ineligible to hold unless you are working on alternative firmware.
And, if you are working on alternative firmware, you'd be well-versed in searching the source code. I use Google Code Search, personally, such as this search for your desired permission.
So, in the case of GET_PACKAGE_SIZE, the only place you find it in the docs is in Manifest.permission, and the only place the source code requires it is in a non-SDK method, so I suspect you cannot hold it.
Just check the docs.
GET_PACKAGE_SIZE : Allows an
application to find out the space used
by any package.
http://developer.android.com/reference/android/Manifest.permission.html
EDIT
I may have mis-understood the question. If you want to know what code is using a permission value. Then you will in fact have to dig through the source yourself.