Why exactly uses-permission
Ex :
<uses-permission>android:name="android.permission.ACCESS_NETWORK_STATE"/>
is needed to access various modules of Android. How is it that just adding one single line that too by the same programmer who is coding it, is actually providing security? I am new to Android programming and this is looking funny. Kindly explain what is the exact use of quoting the <uses-permission>
Google made a whole page to describe the concept. Go through it and you will know the reason.
http://developer.android.com/guide/topics/security/permissions.html
EDIT: In addition to above information. These required permissions are shown to the user at the time of installing the application. They are even visible at the google play store for each app. While most users don't see reqd permissions before installing, some might check them out and if its interfering with their privacy more than required they may not install it or even give bad reviews on play store. These are mentioned in AndroidManifest so Google doesn't have to go through all the scenarios to check what all services the application might request in future.
Whatever permissions you have added in <uses-permission> are actually used later at installation time of your application. User will be asked that this applications require following permissions: Access network states. And if user accepts, the application can be installed. Else application won't be installed.
Refer to this for ore clarification.
Related
Play Store update apps automatically if there are no change in permissions. But skype asked me to update app and when I clicked on update button I found this popup.
So if there is no permission changed then why play-store showing this dialog.
Actually I developed an app and in that app I did not change any permissions and got same dialog, checked their documentations related to automatic updates but didn't find anything.
This happen to me too, and it took a bit of debugging to figure out. If you go to the app page (before clicking update), and scroll to the very bottom, there is a link to "Permission Details". In my case, it showed "Use accounts on the device", which corresponded to android.permission.USE_CREDENTIALS. You may have a different permission, but if you have the same new one as mine, read on for how I debugged and fixed it.
I didn't add this permission, but doing a grep of my entire build, I saw:
./app/build/intermediates/exploded-aar/com.google.android.gms/play-services-wallet/8.3.0/AndroidManifest.xml: <uses-permission android:name="android.permission.USE_CREDENTIALS"/>
So I suspect some update to google-play-services (or perhaps moving from selective API includes to the whole API include, as delineated in https://developers.google.com/android/guides/setup) caused me to use the google-play-services file and it's AndroidManifest.xml dependencies, including this new permission I never needed. There's more information on this in: Why are permissions being automatically added to my AndroidManifest when including Google Play Services library
By going back to using individual google-play-services packages, I was able to remove Wallet and it's USE_CREDENTIALS, which should help make my installs seamless again.
Incidentally, Android 6.0 Marshmellow removed this permission entirely (see USE_CREDENTIALS not available in new Android M API ), so maybe that has something to do with it? Where Wallet started depending on it automatically in some recent-or-not-so-recent update, since they assumed it'd be automatic in Marshmellow builds, and some apps are now including the permission dependency without being aware of it?
I have added the following permissions onto my app:
full network access
view network connections
When installing the app the Play Store says: "APP_NAME does not require any special permissions". I assume that the two permissions are not considered special.
However they are listed in the permissions section of the app webpage on the store website. They fall under the "other" category.
How may we know which permissions are not considered special if we want to avoid adding them to the app? Is there a list anywhere?
You are looking for the Review App Permissions
Google Play prioritizes the permissions that are most important for
you to make an informed decision, displaying them front and center.
A concise idea about it has been described on this blog about the Permission Groups change.
Welcome to StackOverflow, do try to post (almost only) code related questions here. Refer Help to read more on why code related Qs.
Is there a way to tell if a certain Android permission is required by which Android APIs? For example, which APIs will require the GET_TASKS or REBOOT permissions? My app, inherited from someone who's long gone, has these permissions listed in the manifest. I don't think we are using them, but I'm also afraid that if I remove them, there will be bad consequences. Any ideas on how to deal with this?
Both of these permissions are quite specialized, and only have a few uses.
android.permission.REBOOT
First of all, this permission has a protection level of signatureOrSystem, so unless your application is part of a custom ROM or you have access to the signing keys for the platform you are installing it on, the application won't even be granted the permission.]
It is required to call PowerManager.reboot()
android.permission.GET_TASKS
This permission is only marked dangerous, so your app can actually obtain this one.
There are two calls in ActivityManager that require this permission, getRecentTasks() and getRunningTasks() to get information about the current application tasks in the system. It's often used by custom Launcher applications to populate task lists.
HTH
PScout was a tool that analysed Android SDK and generated a map that maps Android permissions to methods that require those permissions.
Original PScout website doesn't work anymore but I extracted the mapping from original PScout and pushed it to Github. You can easily check it out and parse it if you need it.
Here you can find all methods that PScout found which require Android permissions.
PScout results- map of Android permissions and methods that require those permissions
Take out each piece then run in. If it continues to work keep what is deleted and move down the list of permissions.
I’ve been building some android apps using the website ibuildapp.com
But the thing is that each app requires so many permissions despite the app does not use these features. My question is, can the app send personal information to their servers?
Are you asking if the app can send information to ibuildapp.com servers, or servers in general?
Apps should request permissions only when they need them to provide major functionality. I don't know anything about ibuildapp.com, but if it's requesting a lot of permissions it goes high on my "suspect" list.
permission.READ_CONTACTS, permission.READ_CALENDAR, permission.READ_PROFILE, among others, are not to be handed out lightly! The full list of permissions is listed at
Android.Manifest.Permission javadoc, along with documentation.
I'm an iBuildApp team developer, so I can answer your question. :)
The only reason why we ask all these permissions in every app is that this is how our service works at the current moment.
It has great number of widgets (i.e. page types / functions), every widget has it's own permissions needed. One of our features is that you can manage your app on the fly (modify content, change pages' types etc.), while in most cases there is no necessity to rebuild native app: all the changes will be visible in already built ones. This means that all the modules are built in inside an app (while, as mentioned before, every widget needs it's own permissions).
So in the main: yes, if an app (I assume not specifically our app, but any app) asks for some permissions then it can potentially use them in "bad" way.
But as for us: no. We're not interested in your personal data. We're only interested in providing an excellent service.
Hi i'm ibuildapp android developer.
You can unzip recieved apk file and edit manifest file. As soon as you've done zip it.
I'm wondering if it's possible to get Android permission dynamically without using AndroidManifest just with some codes, because I've some OSGi bundles running on Android and without Android permission they are restricted in functionality.
Thanks for your answers, yes it complicates the user experience and it's also dangerous for the user if that mechanism is provided
No this is not possible.
You can't alter the contents of an already installed APK. It would be very dangerous to allow such a behavior anyway as the whole permissions system is meant to allow the user to first read what permissions an Application requires so he can judge if it is ok or not.
No, sorry, you must request all permissions via the AndroidManifest.xml file.
Yes, i found this line in http://developer.android.com/guide/topics/security/security.html:
Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.
Guys now from Android 6.0 Marshmellow onward, you can ask users at runtime to allow permissions dynamically, I found of it, have a look at this link. I hope it will help you getting idea.