I written 2 apps.
First app has only service and second one has an Activity. I am starting the service in 1st app from activity in 2nd app. In Service I am modifying audio settings so, I need android.permission.MODIFY_AUDIO_SETTINGS in manifest.
My question is in which manifest file I have to add this permission. Why I am asking because if I add this permission in Service app manifest I am getting warning Exported service does not require permission.
If anybody know it, post the solution.
You need to add this permission to application, not service. Permissions for services are to let you limit who can access them which is something different. You need to add
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
to your Manifest, above <application> block of application that does the audio settings change.
Related
I have main application A that uses other apps as plugins, lets say B, C and D. I have no control over what app will be installed first.
How do I define signature level permission so only main app A can start plugin apps B, C and D?
Plugins don't have UI so user can't start them manually but I need to make sure only my main app can launch them. I tried defining the permission in plugins like so:
<permission
android:name="my.custom.permission.START_PLUGIN"
android:protectionLevel="signature"/>
And then in my main app:
<uses-permission android:name="my.custom.permission.START_PLUGIN" />
This doesn't seem to be correct approach. Can anyone tell me the correct way to achieve what I described above? Thanks.
EDIT: My plugins are implemented as bound services with AIDL interface.
To answer my original question, to make my example work, all you have to do is add permission attribute to your application components you want to protect. This is done in Manifest.xml file.
Let's say you have activity called MyActivity that you want only your apps with START_PLUGIN permission to be able to launch. So in your plugin, you do:
<permission
android:name="my.custom.permission.START_PLUGIN"
android:protectionLevel="signature"/>
and:
<activity
android:name=".MyActivity"
android:permission="my.custom.permission.START_PLUGIN"/>
The last one will ensure that only apps with START_PLUGIN permission can access that activity. So all you need to do is in app that should start this plugin use the permission like so:
<uses-permission android:name="my.custom.permission.START_PLUGIN" />
To decide if you want to use permission with signature level protection, or sharedUserId as suggested by #pskink in comments, consider following:
sharedUserId tightly couples both (or more) apps, enables them to access not only specific activities but their files (even SharedPreferences) and views and basically removes any level of separation
custom permission enables to to specify which parts of your app are to be protected, leaving you with more control but also with the need for IPC like AIDL
Links:
sharedUserId Android Reference
How to access data of app with sharedUserId
AIDL Reference
Android permission protection levels
I came across with the following issue. I have an activity that uses to permissions: recording audio and writing to external storage and returns the result to those activities that started it with an intent.
I want to make sure that only those other apps could launch it, that have both uses-permissions.
I tried the following declaration in manifest file, but it seems to be incorrect, as android does not allow double use of android permission attribute in activity.
<activity
android:name="some_name"
android:label="some_label"
android:permission="android.permission.RECORD_AUDIO"
android:permission="android.permission.WRITE_EXTERNAL_STORAGE"
</activity>
Is there any way to make this possible with android?
You can crate a custom permission which can be android.permission.RECORD_AUDIO and android.permission.WRITE_EXTERNAL_STORAGE (Both in one permission) and then put that permission in your Activiy.
I am trying to use "android.permission.PACKAGE_USAGE_STATS" in my app. Here it says that NOTE: This API requires the permission android.permission.PACKAGE_USAGE_STATS, which is a system-level permission and will not be granted to third-party apps. However, declaring the permission implies intention to use the API and the user of the device can grant permission through the Settings application.
It seems that I will need the user to explicitly give my app the permission to give access to the access the usage stats.
In addition, I used the intent code below to open the screen to allow user to give access to my app, but my app is not in the list.
Code I used:
Intent intent = new Intent(Settings.ACTION_USAGE_ACCESS_SETTINGS);
startActivity(intent);
When *startActivity(intent)' is fired (or going to *Settings>Security>Apps with Usage Access), a blank screen below pops up, my app is not part of it.
Bottom line question is -- How to use UsageStatsManager in Android Lollipop? Anyone tried it?
This is what worked for me.
<uses-permission xmlns:tools="http://schemas.android.com/tools"
android:name="android.permission.PACKAGE_USAGE_STATS"
tools:ignore="ProtectedPermissions" />
You can simply make this on the manifest, ignoring just this permission error:
<uses-permission
android:name="android.permission.PACKAGE_USAGE_STATS"
tools:ignore="ProtectedPermissions"/>
The AndroidManifest.xml error can be fixed by disabling lint errors. Specifically
Security - SignatureorSystemPermissions
I guess after that the settings app will show your app.
I have an applications which has different activities. One of those activities can be called from other applications.
Is there a way to set permission that this certain activity can be called only from specified applications (e.g. com.other.application and com.different.application). I would configure those allowed applications in AndroidManifest.xml or somewhere else.
Thanks
You can define your own permission and only allow apps that request that permission access the functionality.
Define Permission
<permission android:name="uk.co.packagename.mypermission"/>
Set permission on activity
<activity android:permission="uk.co.packagename.mypermission" android:name=".ActivityName"/>
Use Permission
<uses-permission android:name="uk.co.packagename.mypermission"/>
You can either declare your activity to be accessible or not by outside of the application package, but for some application accessible or for some not is not feasible.
To make private an activity to your application you need to set property of Activity in manifest: exported=false;
I want to define a permission in my Android app, and let other third-party apps to use. This permission is used to restrict calling of my modules. That is, third-party apps must request the right permission to call my module, just like using system permissions defined by Android system, android.permission.INTERNET or so.
In my test, I defined the permission in my app, say "my.apps.permission.my_permission", and then install it on emulator. In some of my Activities, android:permission="my.apps.permission.my_permission" property is added. This property forces the apps calling my activities must have the right permission "my.apps.permission.my_permission". Then in a test app, request the permission in AndroidManifest.xml, <uses-permission android:name="my.apps.permission.my_permission" />
The problem is, in the test app, which will call my permission-required activities, when I call startActivity(), I got a SecurityException : Permission Denied. But, if I defined a permission with the same name in the test app, everything works fine.
And, the followings are my conclusions:
1) It seems that, the permission defined in my app, "my.apps.permission.my_permission", is not visible to other third-party apps. How to make it visible, so that other apps can use my permission just like the ones defined in Android system?
2) Even is visible, Android won't check user-defined permissions with name conflicting.(I test this by define a permission with name "android.permission.INTERNET" in test app and overrides the system-defined one, and require "android.permission.INTERNET" in my app, and still, everything works fine.) If so, every other apps can define a permission with the same name that my module requires, and cheat my app. Is that right?
Anyone can help?
Thanks a lot!
I got the answer.
My own app, which defined the permission for other apps to use, must be installed before other apps who want to use my permissions. Otherwise, those apps must be re-installed, to use my permissions. No other operations or codes are needed, just <uses-permission android:name="my.apps.permission.my_permission" />, the same as other system defined permissions.
And, several apps may define permissions with the same name, conflicting with each other. The first installed app occupies the conflicting permission name, others won't overwrite or change the original permission.