When Android 4.1 JellyBean (API 16) was announced at Google I/O, it introduced the following permission:
READ_EXTERNAL_STORAGE
Provides protected read access to external storage. In Android 4.1 by default all applications still have read access. This will be changed in a future release to require that applications explicitly request read access using this permission. If your application already requests write access, it will automatically get read access as well. There is a new developer option to turn on read access restriction, for developers to test their applications against how Android will behave in the future.
http://developer.android.com/about/versions/android-4.1.html#Permissions
I have an application that tagets API 16 and requires the WRITE_EXTERNAL_STORAGE permission. I am preparing to deploy an update and noticed that the READ_EXTERNAL_STORAGE permission is now listed as a required permission in the developer portal. It was not listed as a required permission in Google Play for an update deployed last week. This application does not explicitly request the READ_EXTERNAL_STORAGE permission.
Will users who have already granted the WRITE_EXTERNAL_STORAGE permission for this application be prompted to grant the additional, implicit READ_EXTERNAL_STORAGE permission when they update the application?
Update:
We have since released the app and JellyBean devices are automatically updating without requesting the READ_EXTERNAL_STORAGE permission. In a future release when I explicitly declare the requirement for READ_EXTERNAL_STORAGE, will users who have already granted the WRITE_EXTERNAL_STORAGE permission be asked to grant the READ_EXTERNAL_STORAGE permission?
Since API 19 (Android 4.4) you must explicitly specify READ_EXTERNAL_STORAGE permission. Yes, if you have WRITE_EXTERNAL_STORAGE permission you will be implicitly granted READ_EXTERNAL_STORAGE but if you need a read-only access to external storage you must specify READ_EXTERNAL_STORAGE.
Prooflink: http://developer.android.com/reference/android/Manifest.permission.html#READ_EXTERNAL_STORAGE
You won't have to explicitly declare READ_EXTERNAL_STORAGE so long as you have WRITE_EXTERNAL_STORAGE. Previously the OS didn't enforce readonly access to the external storage, that is changing and you must request it now. But if you have write access you implicitly get read access.
From http://developer.android.com/training/basics/data-storage/files.html
If your app needs to read the external storage (but not write to it), then you will need to declare the READ_EXTERNAL_STORAGE permission
...
However, if your app uses the WRITE_EXTERNAL_STORAGE permission, then
it implicitly has permission to read the external storage as well.
Related
I have an app using this method: getLine1Number from TelephonyManager
According to Android Documentation, this method needs READ_PHONE_STATE runtime permission. When I call this api without giving this permission, my app crashes. However, If I grant this app with the signature permission READ_PRIVILEGED_PHONE_STATE and without giving the READ_PHONE_STATE permission, the api works and the app does not crash.
Why is it the case?
the reason is simple, some APIs in order to work read permission from the android system as they are trying to access user-private data. Android, designed as a secure OS, would grant permissions to expose such data to these APIs. Some permissions needs to be explicitly agreed upon by the user, while some only need to be registered to keep track of.
Not including these permissions in the Manifesto will cause a permission not granted error and the app will crash as your source code probably does not have logic to deal with that.
I'm trying to grant some runtime permissions to my app automatically, these include ACCESS_FINE_LOCATION, READ_PHONE_STATE as well as ACTION_MANAGE_OVERLAY_PERMISSION. Do note that this requires at least Device Administrator access rights, which I have.
While the first two work flawlessly via
dpm.setPermissionGrantState(componentName, "com.my.app", Manifest.permission.READ_PHONE_STATE, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED);
dpm.setPermissionGrantState(componentName, "com.my.app", Manifest.permission.ACCESS_FINE_LOCATION, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED);
ACTION_MANAGE_OVERLAY_PERMISSION does not work at all. I believe this might be due to the fact that it's not part of Manifest.permission but instead android.settings.action.MANAGE_OVERLAY_PERMISSION. However it still is a permission that I want to be granted automatically.
Edit: While it seems that this permission is granted automatically to any app that requests it, this only is the case for apps distributed via the playstore. Unfortunately my App is NOT distributed that way.
include ACCESS_FINE_LOCATION, READ_PHONE_STATE as well as ACTION_MANAGE_OVERLAY_PERMISSION
ACTION_MANAGE_OVERLAY_PERMISSION is not a permission.
but instead android.settings.action.MANAGE_OVERLAY_PERMISSION
That is not a permission. That is an Intent action.
The permission that you probably want is SYSTEM_ALERT_WINDOW.
I was able to automatically grant this permission, from my device owner app:
devicePolicyManager.setPermissionGrantState(compName, this.packageName, Manifest.permission.SYSTEM_ALERT_WINDOW, DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED)
You also need in your manifest:
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
After this Settings.canDrawOverlays() returns true, and the permission is granted in the settings app. Although unlike other permissions granted this way, it seems like the user can choose to disable it in settings. My targetSdkVersion is 26
It is a new behaviour introduced in Marshmallow 6.0.1.
Every app that requests the SYSTEM_ALERT_WINDOW permission and that is installed through the Play Store (version 6.0.5 or higher is required), will have granted the permission automatically.
If instead the app is sideloaded, the permission is not automatically granted. You can try to download and install the Evernote APK from apkmirror.com. As you can see you need to manually grant the permission in Settings -> Apps -> Draw over other apps.
These are the commits [1] [2] that allow the Play Store to give the automatic grant of the SYSTEM_ALERT_WINDOW permission.
I'm trying to update my application to support v23 properly especially in terms of the new permission model. Unfortunately I'm kinda confused when it comes to the GET_ACCOUNTS permission. According to Table 1 (Dangerous permissions and permission groups) the GET_ACCOUNTS permission is classified as dangerous though when you look at the Manifest.permission docs the Protection Level is set to normal which basically means that I don't need to request the permission from the user.
I've looked at the App Info -> Permissions page and the contacts permission can be revoked which seems to indicate that it is indeed a dangerous permission.
So basically the questions are:
Is it really a dangerous permission?
Is this permission required for GCM if my app is targeting only API-Level 14 and higher? (seems like this isn't the case)
Yes, the permission is dangerous since dp3. And no with the latest Google play services, this permission is not needed to use GCM.
Just looking through the permissions for my app, and I was wondering if I need the android.permission.READ_EXTERNAL_STORAGE in my Manifest when using android:installLocation="auto".
I have had a look at the developer docs which do not mention anything about permissions, but other documentation states that I do need the permission to read from external storage:
In order to read or write files on the external storage, your app must acquire the READ_EXTERNAL_STORAGE or WRITE_EXTERNAL_STORAGE system permissions.
Also, the documentation about the permission states:
Allows an application to read from external storage.
Any app that declares the WRITE_EXTERNAL_STORAGE permission is implicitly granted this permission.
This permission is enforced starting in API level 19. Before API level 19, this permission is not enforced and all apps still have access to read from external storage. You can test your app with the permission enforced by enabling Protect USB storage under Developer options in the Settings app on a device running Android 4.1 or higher.
Also starting in API level 19, this permission is not required to read/write files in your application-specific directories returned by getExternalFilesDir(String) and getExternalCacheDir().
Therefore I am not sure whether or not I do need the permission for the installLocation attribute in the Manifest file, as it means my app will read from external storage, but as I said before, the documentation specifically on App Install Location doesn't mention permissions.
Do I need the permission?
You do not need the permission.
Before Android 6.0, android:installLocation would not affect your app's internal storage (e.g., getFilesDir()). It would only affect where your APK is located. Hence, the permission does not apply.
Android 6.0 now allows users to dedicate removable storage (e.g., a micro SD card) as a place for installing apps. In this case, your internal storage happens to be on an encrypted partition put on the removable storage. However, this is still not external storage, and so the permission does not apply.
I have noticed in an application I wrote, in-spite of me not specifying any permission in the manifest file, the application throws up permissions granted, such as
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_PHONE_STATE
What is all that about? I was not even aware my application needs to write into external store, and I am pretty sure it doesn't need to. So why are these permission being granted when I never requested for them?
Thoose two were default in earlier API versions. Read more about it: here.