I was working on understanding what the implications of granting a package a particular permission are. To my utter disbelief I could not find any material which would answer the questions satisfactorily.
1.) What permissions are reserved to be used by whom?
2.) What level of effect does granting a permission to an application have, in security aspects.
3.) What kind of permission does a user need to beware of and understand completely what the repercussion might be (at install time.)
4.) How to identify when an application is misusing a permission granted to it?
I hope with a series of example programs and bits and pieces of documentation we can organize a clear working model for permission on android. I hope people would paste code for relevant examples in an attempt to understand this and help us develop better applications as well as develop user understanding on how secure they are.
thanks
Shouvik
EDITED:What I eventually intend to achieve out of this discussion is that when I cluster a group of permissions, I should be able to get a concise picture of what my application will be capable of doing to my data. I then should be able to weigh those risks with the application installed and determine if its worth the risk. Please note, I am not here to suggest that all apps request perms for malicious use! I am here for that 0.1% of apps which might do it with that intent! =)
Don't take my word for it. Here is a link I came across in the discussion group which puts my idea into a clear perspective. http://groups.google.com/group/android-developers/browse_thread/thread/88b69b590c4d1482/d4bfb0e544d8a3a9?lnk=gst&q=permissions#d4bfb0e544d8a3a9
1) There is a list of permissions (List) a developer can request for his application. Also look at: Security and Permissions
2) If a user installs the application and allows the permissions the application asks for, the application is allowed to do access certain parts of the android system. (for instance, if a application asks the READ_CONTACTS-permission and you grant it, the application can read the contacts from your phonebook, ...)
3) It depends on you feeling concerning security and the trustworthiness of the application you install. If you don't trust the developer of an application, you shouldn't install it.
If an application asks for rights you don't think it really needs, don't install it. (If a simple "ToDo List" app asks permission to make outgoing calls ...)
Which one you should be aware of is a BIG topic - the link under 1) describes the permissions and what an application can do with it - should be a start ...
4) If you grant a permission the application can use it and you can't control in which way it's used. (if you grant GPS, you can't know whether it's updating the status only if you want to or if it's updating every second ...
I don't have enough time at the moment, but maybe I write a little article about this topic on the weekend.
Here is a link I found something that offers a little more than the documentation. Its not much but its a start. Please feel free to pour in your inputs too!
Edit1: So I carried out this little experiment to find out which permissions are not accessible to me as a third party developer. (Pretty dumb of me not to try this earlier, but here is the list FWIW.)
Related
i have a question related to Android app run time permissions.
Is it preferrable/allowed practice for developers to save users' permission preferences i.e. each user has allowed/denied any permission, on our remote server database?
Offcourse we are asking run time permission for every feature we want to use, but is it preferrable that we log on server that if user has allowed for any permission or not, please let know. Thanks
Android framework has restricted the developers to ask only those permissions which are necessary to implement a specific feature and that too if there's no other way to implement the feature without that specific permission. In your case, it seems like you have already taken care of the permissions and just want to hold the result of the asked permissions.
So the answer is YES, You can save this data and it's even considered good practice for handling permissions. Here's the reference from the official android documentation.
Greater flexibility in granting permissions
Users can deny access to individual permissions at the time they’re requested and in settings, but they may still be surprised when functionality is broken as a result. It’s a good idea to monitor how many users are denying permissions (e.g. using Google Analytics) so that you can either refactor your app to avoid depending on that permission or provide a better explanation of why you need the permission for your app to work properly. You should also make sure that your app handles exceptions when users deny permission requests or toggle off permissions in settings.
https://developer.android.com/training/permissions/usage-notes
I have built an app that use different kind of permissions like location, contacts etc.
Not all the permissions are used by all the users, instead each user only needs the permissions related to the features he/she is using it.
My question, should I ask all the permission on startup for all users or can I add them gradually while using the app and only when needed?
Thanks
If a user doesn't know why they need to accept a specific permisson, they may be suspicious and refuse (eg. camera).
If they click on a functionnality like 'Scan code' they will know why they are being asked for that permission and accept.
If you asked beforehand and the user refused, when you get to the part where you need that permission, it won't work. This is why they changed it to dynamic permissions in Android 6.
I am developing an app that has to access user's contacts to perform certain operation automatically for the user. But how do I prove it to the users that the app isn't doing anything its not intended to do...obviously without showing the actual code, so that he/she is fully satisfied?
The most important thing with trust is likely to be the permissions. Users are more likely to trust your app if the app doesn't require too many permissions. Particularly things like read & send sms but generally the less the better.
You should also consider adding a privacy policy to the Play Store listing. Perhaps make reference to this in the app, by way of dialog or link.
If your app has to use contacts try and minimise anything else it uses. Also, perhaps let the users select which contacts are used?
As a final solution you could try showing the user a sample of the data you're using.
Lastly your marketing could specifically tell users of your intentions and reasons.
Hope it helps
Here's my scenario:
Currently, my app does NOT require the INTERNET permission and I would love to keep it that way. My app is a financial app where a lot of users don't want to take a chance on an app that can send their data out.
Now, I would like to have some kind of add-on that enables some on-line features, such as DropBox sync and some others which will require the INTERNET permission.
Can an app's add-on request additional permissions, and if not, can anybody suggest a reasonable way to accomplish this?
Thank you!
The suggested answer is to use a sharedUserId in the AndroidManifest and then create a new app with the added permission and this same user ID. This works great for apps where the developer had foreseen this need, but for other apps, adding or changing the sharedUserId causes it to misbehave.
Here's the corresponding Google bug, please star it if you feel this should be addressed:
http://code.google.com/p/android/issues/detail?id=14074
I had a different problem I was trying to solve and decided on add-ons also. The solution I used was to implement the Shared User Id paradigm. My add-on has the same signature, no launcher intent (which means there will be no separate icon on the users device) and a signature based security on the activity calls. This will allow you to implement the above functionality.
The issue you may have is I doubt you can get another application installed using in app purchases. You may need to sell the add-on as a separate app.
Hope this helps...
Let's say I have an app which does something (exactly what is irrelevant, as this is a very generic question), and I want other third-party developers to be able to expand the functionality of my application through an add-on like system. Just to give you an example of what I mean, I might develop an SMS app for which someone else could add support for Facebook chat, AIM etc. Is this possible, and if so, how would you go about doing this?
I'm pretty sure this isn't allowed due to it would allow a 3rd party to circumvent the permission system in Android. If could get an App to load code not shipped with it then they could get elevated permissions without the user knowing. Even if you had to request permissions when installing the 3rd party plugin those permissions don't have to include the permissions of the App you are augmenting. Therefore, if that code got loaded into the same process as the App it would be allowed to execute at the level of permissions the orignal App had instead of the ones it presented to the user.
Therefore, your only option is to leverage intents, but intents don't have to invoke Activites. You could build a service, or broadcast method to do some processing and give back the results to the original activity. Read up on them and see if you can leverage them. Android's system is a system of collaborating applications not plugins.
http://developer.android.com/guide/topics/intents/intents-filters.html
I should probably add that what I would want is not to call an activity from another application to do its stuff, but rather to integrate the functionality of another application into my own activities somehow.
If "functionality" is "UI", that is generally not possible, outside of RemoteViews (the same tech used for app widgets).
If "functionality" is anything else, follow chubbard's answer -- the plugin can expose an API to you and/or you can expose an API to it.
Integrating the functionality may look a bit different than what you expect. You can leverage the functionality of another application into your own by using an intent to start an activity in the other application. Let's say that your app is app A and all the others on the device
are the set of apps : you have to hope that some app in can accept an intent and do what you want. If you want data back, then in addition you have to hope for that functionality as well. If permissions are involved, you have to hope that the application is set up for that as well.
This is always the challenge with cooperation between apps: they all have to have the API for cooperation.
So, the best approach is to use an intent.