I'm wondering if it's possible to get Android permission dynamically without using AndroidManifest just with some codes, because I've some OSGi bundles running on Android and without Android permission they are restricted in functionality.
Thanks for your answers, yes it complicates the user experience and it's also dangerous for the user if that mechanism is provided
No this is not possible.
You can't alter the contents of an already installed APK. It would be very dangerous to allow such a behavior anyway as the whole permissions system is meant to allow the user to first read what permissions an Application requires so he can judge if it is ok or not.
No, sorry, you must request all permissions via the AndroidManifest.xml file.
Yes, i found this line in http://developer.android.com/guide/topics/security/security.html:
Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.
Guys now from Android 6.0 Marshmellow onward, you can ask users at runtime to allow permissions dynamically, I found of it, have a look at this link. I hope it will help you getting idea.
Related
I am getting very conflicting information regarding the use of android.permission.READ_LOGS Android permission. Firstly, the Android Documentation website does not specify the protection level of this permission. It is neither classified as normal, nor dangerous. They do specify the following:
"Not for use by third-party applications, because Log entries can
contain the user's private information."
Some websites say not to use it for the same privacy concerns.
However I have some issue with that:
When I tested this permission in my app on Android 7.1.1 (Nexus 5X) and Android 4.4.2 (old Samsung 8" tablet), neither of them prompted me that the app required this permission. Both said that the app requested "no special permissions". This only happens if the permission is deemed "normal", in which case it is automatically granted.
Secondly, using this permission, I can only view logs from logcat pertaining to my app, which does not log any personal information. Hence, I don't violate any privacy either. I thought this permission may allow me to see other app's logs, causing privacy issues.
So, if this is the case, then is it deemed safe to use this permission in a production version of the app? It would help me a lot in debugging strange bugs users face if they can send me a logcat by the press of a button.
EDIT: Ok, now I am quite confused. It appears that I don't need to explicitly specify this permission in the manifest either.
Is READ_LOGS a normal or dangerous Android permission?
Neither. As of Android 7.1, it is signature|privileged|development. That basically means that apps signed as part of the firmware build or installed on the privileged partition can hold the permission, but nothing else can.
the Android Documentation website does not specify the protection level of this permission
Correct. READ_LOGS is still in the SDK, for backwards-compatibility reasons, but ordinary apps have not been able to hold it since Android 4.1, which came out five years ago.
This only happens if the permission is deemed "normal", in which case it is automatically granted.
No.
I thought this permission may allow me to see other app's logs, causing privacy issues.
It did, on Android 4.0 and earlier.
then is it deemed safe to use this permission in a production version of the app?
Well, bear in mind that there has never been a documented and supported way for apps to access LogCat contents. Most likely, you're using one of the script-kiddie solutions that have been posted, such as running the logcat command and capturing its output. So, it is entirely possible that there are devices, now or in the future, that will not support your particular approach towards accessing LogCat. So, the permission is not your problem; the lack of a supported API for LogCat access is your problem.
Personally, I'd use a logging library to log the content to both a file and to LogCat, using the file for whatever your app needs it for.
i need to disable particular permissions for installed apps like android.permission_INTERNET from manifest file programmatically. Is there any way to do that.
I googled a lot. But i can only read the permissions. How to modify that without reinstall and root. kindly help me to resolve this.
Thanks in advance.
i need to disable particular permissions like android.permission_INTERNET from manifest file programmatically. Is there any way to do that.
Without root? That is not possible. One app cannot change the permissions of another app, even through the device administration API.
This cannot be possible for normal mobiles. We can try this one in rooted mobile only. But still we can get the permissions of other apps in our app without root. For example app, just see here.
Why exactly uses-permission
Ex :
<uses-permission>android:name="android.permission.ACCESS_NETWORK_STATE"/>
is needed to access various modules of Android. How is it that just adding one single line that too by the same programmer who is coding it, is actually providing security? I am new to Android programming and this is looking funny. Kindly explain what is the exact use of quoting the <uses-permission>
Google made a whole page to describe the concept. Go through it and you will know the reason.
http://developer.android.com/guide/topics/security/permissions.html
EDIT: In addition to above information. These required permissions are shown to the user at the time of installing the application. They are even visible at the google play store for each app. While most users don't see reqd permissions before installing, some might check them out and if its interfering with their privacy more than required they may not install it or even give bad reviews on play store. These are mentioned in AndroidManifest so Google doesn't have to go through all the scenarios to check what all services the application might request in future.
Whatever permissions you have added in <uses-permission> are actually used later at installation time of your application. User will be asked that this applications require following permissions: Access network states. And if user accepts, the application can be installed. Else application won't be installed.
Refer to this for ore clarification.
Is there a way to tell if a certain Android permission is required by which Android APIs? For example, which APIs will require the GET_TASKS or REBOOT permissions? My app, inherited from someone who's long gone, has these permissions listed in the manifest. I don't think we are using them, but I'm also afraid that if I remove them, there will be bad consequences. Any ideas on how to deal with this?
Both of these permissions are quite specialized, and only have a few uses.
android.permission.REBOOT
First of all, this permission has a protection level of signatureOrSystem, so unless your application is part of a custom ROM or you have access to the signing keys for the platform you are installing it on, the application won't even be granted the permission.]
It is required to call PowerManager.reboot()
android.permission.GET_TASKS
This permission is only marked dangerous, so your app can actually obtain this one.
There are two calls in ActivityManager that require this permission, getRecentTasks() and getRunningTasks() to get information about the current application tasks in the system. It's often used by custom Launcher applications to populate task lists.
HTH
PScout was a tool that analysed Android SDK and generated a map that maps Android permissions to methods that require those permissions.
Original PScout website doesn't work anymore but I extracted the mapping from original PScout and pushed it to Github. You can easily check it out and parse it if you need it.
Here you can find all methods that PScout found which require Android permissions.
PScout results- map of Android permissions and methods that require those permissions
Take out each piece then run in. If it continues to work keep what is deleted and move down the list of permissions.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Is there any way to ask permission programmatically?
as my app requires the permission<uses-permission android:name="android.permission.CALL_PHONE" />
most of my users aren't happy cause on installation there's a text "paid services" (or sth) because in my app I have to make calls.
Afaik there IS a solution to NOT write permissions in the manifest, but ask for them as they are used.
How can I achieve this?
You cannot change permissions of existing app, but you may create two different apps, one with CALL_PHONE permission, and another one without it. And let the people decide which one they want to install.
Although I'm one of the developers who would like to see some hybrid permission system in place, there is no solution as of today, at least according to the docs.
Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.
Source