I am working on an application for pre-Marshmallow devices. The source code was not written by me and the project itself is quite big.
I am currently making the app to request permissions when needed.
The question is: How to find all places in code where permission should be requested?
I am using Android Studio.
EDIT
Some people suggest to change api to 23 and just run the app and see the places where it crashes.
The problem is that the app does not crash in every place.
For example, running this code without a permission will crash the app:
TelephonyManager manager = (TelephonyManager) context
.getSystemService(Context.TELEPHONY_SERVICE);
While this one just returns an empty array, instead of crashing.
final String[] SELF_PROJECTION = new String[]{
ContactsContract.CommonDataKinds.Phone.DISPLAY_NAME,};
Cursor cursor = context.getContentResolver()
.query(ContactsContract.Profile.CONTENT_URI, SELF_PROJECTION, null, null, null);
Also, Android Lint does not show these places. I'm not sure if it should be.
According to the developer page regarding security permissions :
In almost all cases, however, a permission failure will be printed to the system log.
So run the app and search the log for "permissions" or similar.
Use unit testing to ensure coverage of all the places in the code where permissions may be required.
Add
lintOptions {
enable 'MissingPermission'
}
in your build.gradle. This will show warnings after you build your application.
Sure, compile targeting api 23, do not add in permissions code, run the app and see where it crashes.
Once you start pinpointing the locations then flip permissions on (via app settings) so you can get past that screen and then turn them back off so you can see if it crashes.
Logcat is pretty descriptive in letting you know that permissions are denied...
You can do this trick: delete the dangerous permissions from the manifest. This way, you can test on pretty much any device, you'll be sure it will crash and you'll find the exact places where you need those permissions. This is how I did it anyway.
Request all permissions you want at the first startup of your app.
It's not a Best Practices, but it is an answer of this question.
Related
in android 11 (API 30) you can't request the permission ACCESS_BACKGROUND_LOCATION directly from the requestPermissions() method.. and instead, you need to enable it from the settings.
On the Android Developers website: https://developer.android.com/training/location/permissions
they say you can call getBackgroundPermissionOptionLabel() to get the settings label of the location permission.
The documentation is limited and lacks specification of the getBackgroundPermissionOptionLabel() method and I don't know what to do.
Does anyone know how to use this method?
getBackgroundPermissionOptionLabel() gives you a localized string that you can use to get the label of the option to "Allow all the time".
It is quite hard to request background location permission and dealing with the order of the permissions, rationales, and permanent denials. I would suggest having a look at the library I have been working on for a while for asking for permissions where this is included: https://github.com/warting/permissions-ui
I read this link and this question here but there is something I don't understand.
I have this line of code in my app packageManager.getInstalledPackages(flag), However i'm not using the QUERY_ALL_PACKAGES permission which is understandable that I will not be able to receive the user installed packages, that's not an issue as of now for me. However, The first link stated that:
The inventory of installed apps queried from a device are regarded as personal and sensitive user data
So will using this method packageManager.getInstalledPackages(flag) consider a violation and cause my app to be removed from the play store?
Thanks for your time and input.
Using the following method
packageManager.getInstalledPackages(flag)
will not be considered as violations. However this in android 11 will only give you list of packages of open apps to user.
I'm new to Android Studio, using latest version, and trying to code a basic calculator app.
For some reason, my logcat is full of
2021-01-11 14:38:35.288 6938-6938/? W/cmd: Can't find service car_service
This is really annoying for debugging.
How can I get rid of it ?
I'll change my comment to an answer, seeing as though it actually helped:
click on logcat at the bottom of android studio, then (i'm assuming) yours will show no filters, change that dropdown to show only selected application. Not really much I can explain here, except for the fact that if you don't have it setup like this, logcat will print out things which are irrelevant to your app in addition to the logs from your own application
Additionally, to all future readers... Android Logcat is quite verbose, especially on Emulators (where a lot of things throw errors/warnings) but not limited to; Samsung devices spit more log than useful information (And they are not alone), so a way to keep it under some control, is to (ab)use the Regex feature of the logcat filter in Android Studio.
E.g.:
Create a new LogCat Filter and filter by Tag, Message, or Package (or all 3 like I do):
This is an example I use in "Message":
^((?!EGL_emulation|eglCodecCommon|OpenGLRenderer|MicroDetectionWorker|MicroDetector|KeyguardClockSwitch|adbd|OIMC|base.apk|wakelock|com.google.android.apps.youtube.music).)*$
You can edit/add more to these and/or repeat it for LogTag, Message, or Package Name.
It's mostly trial and error. (some devices spit different spam via logcat).
My Log Tag filter for this "very filtered app" output is:
^((?!vendor.qti.bluetooth|AppDynamics|KeyguardUpdateMonitor|BatteryExternalStatsWorker|BatteryStatsService|tftp_server|Clock|libc|OnePlusSmartBoostManager|OnePlus|ANDR-RAMBOOST_SERVER|BoundBrokerSvc|DateView|BatteryStatsHelper|BoundBrokerSvc|RenderThread|FacsCacheGmsModule|DownloadProgressMonitor|MendelPackageState|GoogleTagManager|SELinux|Volley|ConfigFileUtils|NetRec|YouTubeMusic|GEL_DELAYED_EVENT_DEBUG|gms|AsyncOperation|angh|ContentCacheSuperpacksManager|SuperpacksManager|AwarenessClientProvider|WakeLock|GLSUser|perfetto|cmd|chatty|Binder|Fitness|Icing|GnssHAL_GnssInterface).)*$
and for Package Name:
^((?!EGL_emulation|eglCodecCommon|OpenGLRenderer|MicroDetectionWorker|MicroDetector|KeyguardClockSwitch|adbd|OIMC|base.apk|wakelock|com.google.android.apps.youtube.music).)*$
Of course your mileage will vary in what you need, and sometimes I edit these and add/remove some parts as I see fit.
This is how it looks:
I apologize in advance for my language and if this thread is a duplicate.
I would like to ask for a 'mini-guide' on android permission asking for 6.0+. The problem that I am personally having is some applications I recently released require permissions like internet and external storage. But the only way I could 'help' the user from going manually to settings -> app settings etc, is launching an intent on button press for the app setting page.
So what I am asking is:
For newest versions of Android (assuming it will work on most older versions too),
is there a way to:
Ask for every permission you need to be accepted before downloading on Play Store and then enabled by default?
Ask on first time app launch to give permanent permissions to app and on positive response, programmatically enable them?
Ask the user for a one-time, dynamic, TEMPORARY, permission request. For example, app1 does not have permission to write to an external storage. On button1 press, ask temporary permission to write to a file in the external storage. If the user clicks button1 again, permission will be asked again.
Again, apologies if this question has been asked before. I want to assure you I did a lot of research, and most of the answers I found didn't seem to work...
Thanks
1) I think its not possible to enable all permissions by default since its a major update in Android 6+ devices to enable users to control runtime permissions the app needed.
For 2 & 3)
For my project I have written a static java class to request android runtime permissions. You can use that if you want. You have to add other permissions as you need in the same pattern as described in the class.
I have provided the Github link below
Github
I'm trying to make a app that works like a parental control, but doing so, I got stuck in system app permissions, looking about it, I am not able to find anything that tells me that it is possible to do without using a specific ROM for my app. But in the Play Store, has a lot of apps that makes that. In my app, every time that I try to block connectivity, using ConnectivityManager, he gives me:
java.lang.SecurityException: Neither user 10228 nor current process has android.permission.MODIFY_PHONE_STATE.
And the permission is in the manifest. In the manifest, he gives me the error:
Permission is only granted to system apps.
So, I'm asking, how to make a system App in Android code without root the device?
how to make a app that it is a system app in Android code without root the device?
The closest thing to what you describe is for you to create your own custom Android ROM, where your app is pre-packaged as a system app, and convince people to install your ROM on their device, replacing their existing Android installation.
Otherwise, this is not possible. This should be obvious: if everyone could write an app that made themselves be a system app, there would be no value in having a distinction between regular apps and system apps.