Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is GET_ACCOUNTS permission still required for Google Drive REST API?

Google has deprecated Google Drive Android API.

We are migrating over to Google Drive REST API (v3).

2 years ago, we have experience in using Google Drive REST API (v2). We know that GET_ACCOUNTS permission is required, for GoogleAuthUtil.getToken() to work correctly - Google Drive API - the name must not be empty: null (But I had passed valid account name to GoogleAccountCredential)

When we look at example of Google Drive REST API (v3) - https://github.com/gsuitedevs/android-samples/blob/master/drive/deprecation/app/src/main/AndroidManifest.xml#L5 , we notice that Google team does mention explicitly

<!-- Permissions required by GoogleAuthUtil -->
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />

Surprisingly, when we run the example app (https://github.com/gsuitedevs/android-samples/tree/master/drive/deprecation), there's no run-time permission dialog being pop up for Android 6 and 8. Yet, the app can work without issue.

We expect the app will fail working, as no GET_ACCOUNTS permission was granted for the app. However, it can still auth and communicate with Google Drive service, without issue.

This is what I have tested so far

I have tested in Android 5, Android 6 and Android 8. No runtime GET_ACCOUNTS permission is granted for Android 6 and Android 8.

I'm also further test, by removing GET_ACCOUNTS and MANAGE_ACCOUNTS from Manifest completely. Still, both Android 5, Android 6 and Android 8 are workable. Before running, I have clear cache and clear storage of the app.


So, is GET_ACCOUNTS runtime permission request still required for Google Drive REST API to work?

like image 792
Cheok Yan Cheng Avatar asked Dec 27 '18 07:12

Cheok Yan Cheng


1 Answers

according to Authorizing and Using REST APIs, it does not seem required - because the GoogleSignInApi can be used, which requests oAuth2 access-scopes and does not require direct access to on-device capabilities. it gets the user account from Play Services, which knows the logged in accounts and acts as the delegate.

just tried and the only difference is that one has to add the access-scopes as strings:

GoogleSignInOptions gso = new GoogleSignInOptions
  .Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
  .requestScopes(new Scope("https://www.googleapis.com/auth/drive.readonly"))
  .requestEmail()
  .build();

this.mGoogleSignInClient = GoogleSignIn.getClient(this, gso);
...
like image 82
Martin Zeitler Avatar answered Oct 19 '22 18:10

Martin Zeitler