Android App build with Adobe Flash Builder requires STICKY BROADCAST permission. Why? - android

Yesterday I wanted to deploy/publish my first Android app at google play store but get stuck on the STICKY_BROADCAST permission that is needed/added.
Explanation on the google play store permission tab of the app:
SEND STICKY BROADCAST
Allows the app to send sticky broadcasts, which remain after the broadcast ends. Malicious apps may make the tablet slow or unstable by causing it to use too much memory. Allows the app to send sticky broadcasts, which remain after the broadcast ends. Malicious apps may make the phone slow or unstable by causing it to use too much memory.
I don't want that users may think that my app is an evil or slow app (BECAUSE I DON'T USE ANY STICKY_BROADCAST functionality in my CODE). How can i remove this permission or is it required by Adobe Air? Just one article found on the adobe site (with sort of same question) but without an answer.
In the app.xml configuration I defined only two permissions:
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.VIBRATE"/>
I use the internet connection to get some configuration for the app. I use the vibrate ane of adobe examples to vibrate the phone when the user tap the screen.
Why is the permission SEND STICKY BROADCAST needed/added to the package when I deploy/publish the app and what can I do to avoid it. Or better: Is there a way to avoid this permission?

I have the same problem and I just discovered it was caused by the adobe air I packaged together with my apk file.
Either you tell the user to download adobe air or get a newer version of flex.
Sorry I am late, I started working with flash just last week.

Related

Delphi 11.2 - Phone Dialer does not works

I am using Delphi 11.2 and the call phone function on android does not works anymore. When I start the app it's stop to working. Using the Delphi samples PhoneDialer project the same error.
Any idea ?
Regards.
Although it's trivial, I think it may be best to document it as an answer.
Many of the resources on the phone require that the user grants permission for using them. The purpose of this mechanism is to stop viruses and badly behaved applications from running without the user's knowledge.
Phone is such a resource. You will need to grant your app permission to use it. It is not enough that your app checks if it has been granted or if you have registered the PhoneDialerService.

Security threat by a BroadcastReceiver with GooglePlay's permissions

Does the following situation create a security threat?
Image a situation.
You have a device without GooglePlay services installed.
You create a broadcast receiver with android:permission="com.google.android.c2dm.permission.SEND" permission (this permission is held by GooglePlay services) and install this app on the device.
The app does not check if GooglePlay services are available on the device.
Is it possible for a malicious software to exploit this developer mistake?
It's not very likely that this would cause a problem. There's minimal issue with this because:
This permission is defined by Google for GCM (which has been replaced by FCM.) It is used to ensure that only senders who hold this permission can send that Intent to the registered receivers. It's a small amount of security in the grand scheme of things, though.
Even if a different app / service defined this same permission to fake it on a device where GMS is not present, the normal payload of the Intent is likely going to have some type of extra data in it so Google's receiver (what is specified in your manifest) can verify its content before doing anything with it.
Starting with Android 4.4.3, checks were added to the system so that system bundled apps/services (e.g. GMS) permission definitions take precedence over 3rd party apps. This prevents 3rd party apps from re-defining permissions in an attempt to back-door a system app permission. Not exactly the same situation you describe, but still important.

Force stop packages in android

hi everybody
i need some help please does anyone know how can i put this in my manifest tag in androidmanifest.xml file:
android:sharedUserId="android.uid.system"
==>because when i do the deployment failed .
and how can i use this permission :
<uses-permission android:name="android.permission.FORCE_STOP_PACKAGES" />
==>because xamarin studio tell me it's a unknown permission
to use this:
ActivityManager am = (ActivityManager)GetSystemService (Context.ActivityService);
am.forceStopPackage(PACKAGE_NAME);
_Any help will be appreciated _
Setting the sharedUserId to android.id.system actually means declaring your app to belong to the system. You cannot do that unless your app is actually signed with the system certificate. In order to get that certificate, you would have to negotiate with the manufacturer of the device. The only possibility you would actually be able to get the system key is running a firmware on your device that you built and signed yourself.
ActivityManager.forceStopPackage() is reserved for system applications and there is no chance to use it in a user-space application.
You can find various explanations on the Internet and on SO, e.g. here: Android Permission Denial: forceStopPackage()
If your goal is to quite your app, I would direct you to this question:
Is quitting an application frowned upon?
Which sums up how and why you might close your own application.
Actually terminating the application is near impossible, but sending it to the back ground or finishing all activities gets the similar effect of being gone from the screen. This is by design and is explained in the article
To close other applications is either a ROOT only or system specific. So your application could request root permission on android if available. Otherwise, I believe it is possible to negotiate a app with some root access through google play but I assume it is very complicated.

Android Call Blocker Code for Android 3.0 and above

I googled for an example source code for blocking calls and came across this EXAMPLE, But later I came to know that Google has updated their policy and
android.permission.MODIFY_PHONE_STATE
is an system level permission from android version 2.3, I have very important module placed on blocking a specific call.
How do I get a system level permission?
Please let me know if there is any way I can do this in my application. Its very important for the product and cannot be released without this functionality.
Please Help!
Thanks in advance
At least as of Android 5.0, MODIFY_PHONE_STATE has the following definition:
<permission android:name="android.permission.MODIFY_PHONE_STATE"
android:permissionGroup="android.permission-group.PHONE_CALLS"
android:protectionLevel="signature|system"
android:label="#string/permlab_modifyPhoneState"
android:description="#string/permdesc_modifyPhoneState" />
Your app can only hold this permission and use it to modify the phone state if it is signed by the firmware's signing key (the "your own custom ROM" scenario from Marcin's comment) or if your app is installed on the system partition. The latter can be accomplished by having your app pre-installed on the device (or having a rooted device user move your app to the system partition, as I understand it).

Scan the Application during the installation process in android

i just want an application that would scan the installing application and decide whether to deny the installation process or not basing upon the package name ?
Fortunately, this is not possible, for obvious security reasons. Malware authors would really like it if they could block other applications from being installed.
Do you want an application which self-checks for integrity?
Or an application which check ANY other new application?
On the former, I would suggest to put some piece of code on the main activity which checks this. But if you are trying to have some sort of 'anti-hacking' feature it would be quite pointless, as it would simply be needed to remove those lines.
On the latter, that would be more complicated and, also, how would you know the 'correct' package name?
Third party security applications such as Lookout, McAfee, Avast, etc. run with the same limited permissions and capabilities as any other Android application. That said, it's not possible for any Android application to "man-in-the-middle" an application installation process for security checks or any other purpose. As mentioned by others, this would have negative security implications, as it would allow any application to modify or deny the installation of other apps.
As a third party app, the best you can do is to monitor installed packages using a broadcast receiver that listens for android.intent.action.PACKAGE_ADDED intents, or use FileObserver to trigger a security review once the app is written to the file system. At this point if you detected an application you wanted to uninstall, you would still have to ask the user for their approval to uninstall the application.
FWIW, device manufacturers have the capability to make low-level modification to provide this capability, but I assume this is out of scope for your case.

Categories

Resources