Menu
I am learning Android programming and I have kind of understood the concept of custom permission.
Based on my understanding this is how custom permissions works:
'Base app'can protect some of its components (e.g., activity and services) by declaring custom permissions (i.e., using <permission> tags in the manifest file) and the'client app' that calls the activities and services protected by custom permissions need to acquire necessary permissions (i.e., using <uses-permission> tags in the manifest file) to call those components in the base app.
However, I have these questions regarding custom permissions:
android:protectionLevel="dangerous"), does the client app needs to get the approval from the user during installation time? If so, how does the user aware of these custom permissions because there won't be any documentation for the custom permissions. client app knows that base app is already installed in the user's phone? Is there anyway for the client app to know this information?client app is installed, what will happen if the user decides to remove the base app? In this case, if the user tries to use client app will it cause any security exception?I don't know whether these questions make sense but it makes me wonder how custom permissions actually work in real scenario.
Thank you.
338
You can use the sharedUserId attribute in the AndroidManifest. xml 's manifest tag of each package to have them assigned the same user ID. By doing this, for purposes of security the two packages are then treated as being the same app, with the same user ID and file permissions.
Android allows mobile application developers to define custom permissions in their apps. Custom permissions are often used to protect different application components, such as Activities, Services, ContentProviders, and Broadcast Receivers, from 3rd- party applications installed on the device.
App permissions help support user privacy by protecting access to the following: Restricted data, such as system state and a user's contact information. Restricted actions, such as connecting to a paired device and recording audio.
The three permission protection levels in Android are as follows: Normal Permissions. Signature Permissions. Dangerous Permissions.
The answers to your questions is give below. But you may refer http://developer.android.com/guide/topics/manifest/permission-element.html for a better understanding of Android permissions.
1.Yes, if you declare
android:protectionLevel="dangerous"
then the system may not automatically grant it to the requesting application.Any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding.
The base app defining custom permission is supposed to provide a description via
android:description="string resource"
Here is the an example permission definition. Hope it is self explanatory.
<permission android:description="string resource"
android:icon="drawable resource"
android:label="string resource"
android:name="string"
android:permissionGroup="string"
android:protectionLevel=["normal" | "dangerous" |
"signature" | "signatureOrSystem"] />
2.As far as I know, there is no way for the client app to see the presence of base app at the time of installation. But it is possible when the client App is started. Anyway, permissions are granted by the Android system based on your android.xml file. So the client app don't have to bother about base app at the time of installation.
3.The base app can be removed even when client app is still installed. It won't through any error messages or security exceptions at any stage. But when you try to run client app again, you may get an 'Activity not found' exception at the point where you try to call a base app activity from client app.
75
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
