For instance, let's take android.permission.GET_PACKAGE_SIZE.
Searching for this string in Android 1.6 *.xml source files only points to a single application that uses it, frameworks\base\tests\AndroidTests.
So the next step is to search through the .java files in a hope that I'll eventually find the code that might look like it queries for package size.
Is this the supposed way of discovering permission use?
The Manage Applications UI uses the API protected by this permission. It probably doesn't request the permission in its manifest because it runs as the system user ID so is implicitly getting the permission.
For applications in general, yes you can look at their AndroidManifest.xml to find the permissions. This is complicated by shared user IDs, which allow multiple applications to run as the same uid, and thus share permissions; any such app requesting a permission grants that permission to all such apps. The settings app, which has the Manage Applications UI, uses the "system" shared user ID so gets all such permissions available to the system.
Generally speaking, you find out what permissions you need because they are referenced from APIs you want to use, normally in the docs, occasionally by exceptions.
Conversely, if a given permission is not cited in the docs, except where it is named (e.g., on Manifest.permission), then it is probably a system permission that you are ineligible to hold unless you are working on alternative firmware.
And, if you are working on alternative firmware, you'd be well-versed in searching the source code. I use Google Code Search, personally, such as this search for your desired permission.
So, in the case of GET_PACKAGE_SIZE, the only place you find it in the docs is in Manifest.permission, and the only place the source code requires it is in a non-SDK method, so I suspect you cannot hold it.
Just check the docs.
GET_PACKAGE_SIZE : Allows an
application to find out the space used
by any package.
http://developer.android.com/reference/android/Manifest.permission.html
EDIT
I may have mis-understood the question. If you want to know what code is using a permission value. Then you will in fact have to dig through the source yourself.
Related
We make some libraries that clients implement in their apps and now we are looking to update them to support Android 6.0 new permissions model.
My question is if there is any way to request dangerous permissions in runtime from our libraries (mostly static classes) instead of asking the client to request those permissions prior to using our libraries.
I have been messing with it but it just seems not possible for me, looks like it has to be made from an Activity which we do not have.
Am I right or is there any way to do it?
Thanks in advance.
looks like it has to be made from an Activity which we do not have.
Correct. That is because the permission-request logic depends heavily on startActivityForResult() and onActivityResult(), wrapped to handle permission requests.
Plus, requesting permissions needs to be tightly tied into the overall application flow, and a UI-less library will have no way of knowing whether it is appropriate to be attempting to request a permission at this time.
You are welcome to check whether you have the permission, via ContextCompat.checkSelfPermission(), as that has no UI. So, you might use this to check, at the entry point(s) of your library, whether you have the requisite permissions to do your work, rather than just let the SecurityException or whatever happen.
Google official library for android runtime permissions both java & kotlin
Library name: EasyPermissions
Java-library
Kotlin-library
May be I am missing something, but is there a way to quickly know all the places I have to update with the new permission checks needed for Android apps using sdk23?
As a developer this change is very frustrating considering the multiple places that need to be updated. I would like to make sure I don't forget/miss any of them.
I am talking about finding where it will be needed to use these two functions before using the permissions qualified as 'Dangerous'
ContextCompat.checkSelfPermission()
ActivityCompat.requestPermissions()
https://developer.android.com/training/permissions/requesting.html
Dangerous permissions
https://developer.android.com/guide/topics/security/permissions.html#normal-dangerous
EDIT
In some cases the code throws SecurityException like when trying to use location without the granted permission. But in other cases it just returns null like here
AccountManager.get(context).getAccountsByType("com.google")
Using Android Studio, open the Analyze menu and run Inspect Code... In the results, open Android and then Constant and Resource Type Mismatches. Look for entries that start with "Call requires permission..."
What would be the best strategy to define custom (application specific) permissions in Android?
I have an application of which part of it is accessible without requiring a login. But part of the application functionality is to be restricted to users who actually have logged in. I was trying to think of the best way to do this on Android and was thinking on the lines of defining a permission in the android manifest. But is this is the right tool for the job?
I come from a world where user permission are as easy as putting annotations on the class #admin, #manager. Nothing of that I suppose in the Android world.
Also my concern is I do not want the user to see my custom permissions while installing the app since it might just confuse/scare him for no reason.
Wanted to ask how people approach this issue? Do they just hardcode a utility method isLoggedIn() and call it before executing anything that requires permission?
I maintain a cookie when a user logs in. If that cookie is not set, I give them the un-authenticated experience. If the cookie is set, I use it to make service calls.
Is there a way to get the user's first name or entire name? I mean the user of the phone
does it require special manifest permissions?
Yep, starting in ICS you can read the profile of the device owner (which requires the READ_PROFILE permission):
http://developer.android.com/reference/android/provider/ContactsContract.Profile.html
Specifically the DISPLAY_NAME column should have their name. Or you could look up the StructuredName data item to get their GIVEN_NAME:
http://developer.android.com/reference/android/provider/ContactsContract.CommonDataKinds.StructuredName.html
What exactly do you mean? You may be able to access the name in certain ways:
You can try to access their information stored in a Google account, requiring the GET_ACCOUNTS permission
You could, as Vinayak.B suggested, try to glean the info from the contacts, requiring the READ_CONTACTS and the READ_PHONE_STATE permission, although I think this is a hit-or-miss option.
There is also a READ_PROFILE permission, which I think is an interesting way to go, but I don't have any experience with that, so I can't tell you whether or not it's a fruitful venture.
I would try the GET_ACCOUNTS option first, since they must have a Google account to download your app. It also seems a little less invasive to me
I really hope this answers your question, but if it doesn't, you really need to provide more information.
Do you mean from device Contact list? if yes, get the source code and which permission from here : http://tutorials-android.blogspot.in/2011/11/how-to-call-android-contacts-list.html
What is the best way to discover an Android application's API or hooks into/from the application?
Specifically, I am looking to pass a parameter or data to an application, utilize the application's specific functions, and return data or a parameter to the calling application.
A few ideas come to mind, but I am unfamiliar with what is available, specifically to Android.
Contact an application's developer directly
Somehow decompile the APK to browse the source
Read any available documentation
Some ways to check out what is available for :
Tool to re-engineer closed APK files
http://code.google.com/p/android-apktool/
Review intent filters for actions
Lookup the app in some sort of application manager on your phone. Android System Info. If you go to the details of the app it will tell you where the apk is and the name of it. For instance, under the Email app you can see "Source: /system/app/Email.apk".
To pull that off just do "adb pull /system/app/Email.apk Email.apk", to pull it to your current directory.
Look at the Manifest.xml. Rename the apk to zip and unpack.
Follow the instructions here: http://android.amberfog.com/?p=582
Then you can read the decompiled Manifest.xml and look at the intent filters they are registering.
Android applications are all in their own sandbox, so you can not just arbitrarily call some other Android applications' functions, they would need to be made public to you somehow.
If you are looking to execute some function that is provided by another Android application, you would most likely need to hear about it from the developer, most likely from their public documentation if they have any.
The correct way to do this is to use "intents". With an intent, you can launch another application (such as a barcode scanner) and the user interacts with it. Then, the application exits returning some data (such as the barcode). Try googling or see:
http://www.vogella.com/articles/AndroidIntent/article.html