I have an security App (App Locker) that uses this permission:
android.permission.GET_TASKS
In android Lollipop this permission is deprecated and i want that my app works in +21 API.
Can anyone guide me how?
Thnx :)
There is reason why it is deprecated.
The protection Level of android.permission.GET_TASKS has been elevated to signatureOrSystem.
There is no easy and unharmful solution for that.
As of LOLLIPOP, this method is no longer available to third party applications: the introduction of document-centric recents means it can leak personal information to the caller. For backwards compatibility, it will still return a small subset of its data: at least the caller's own tasks (though see getAppTasks() for the correct supported way to retrieve that information), and possibly some other tasks such as home that are known to not be sensitive.
http://developer.android.com/reference/android/app/ActivityManager.html#getRecentTasks(int,%20int)
I saw a new permission REAL_GET_TASKS that is said to be used instead of GET_TASKS:
New version of GET_TASKS that apps can request, since GET_TASKS doesn't really give access to task information. We need this new one because there are many existing apps that use add libraries and such that have validation code to ensure the app has requested the GET_TASKS permission by seeing if it has been granted the permission... if it hasn't, it kills the app
with a message about being upset. So we need to have it continue to look like the app is getting that permission, even though it will never be checked, and new privileged apps can now request this one for real access.
See the Android code difference at: https://android.googlesource.com/platform/frameworks/base/+/2d7576b%5E!/
Related
I would like to write an application which can programatically generate touch events on the phone.
I have already tried this methods:
adb : adb swipe and so on... It requires USB cable and connect the phone to pc
adb ON TCPIP: same
My problem with adb is to require so much presetting by user and I don't want to make the user to learn it. I have already made an application which use adb, but it's difficult for the user to set up properly :(
I have heard and I tried to sign my application with platform sign, but it's not good for me, because I would like to publish my app on android market and it is not a system application...
I would like to find a way to achieve this in a single application which can produce touch outside of the app (from background) and I would like to publish on market.
I have found this application: https://play.google.com/store/apps/details?id=com.teamviewer.quicksupport.samsung which can basically do this. Because when I click on my computer, it send a message to the phone and the phone make the touch on the screen. How and with what privileges can teamviewer do it?
Please give me some advice about it.
I would like to find a way to achieve this in a single application which can produce touch outside of the app (from background) and I would like to publish on market.
This is not possible, outside of what little input faking can be done by an accessibility service.
How and with what privileges can teamviewer do it?
If your read that Play Store listing, you will notice that it only works with Samsung devices. That is because the makers of TeamViewer struck a deal with Samsung to enable this sort of integration. Similarly, the TeamViewer team struck deals with a few other device manufacturers. However, they did not do so with all manufacturers, and so TeamViewer does not work on all devices.
Have a look here .This might be useful.
InputInjector
Android library that eases the process of injecting InputEvents (MotionEvent, KeyEvent) to you Android app. The library uses internal API calls to inject events and depend on the accessability of these. This library will therefore not work on all devices but theoretically support Android 2.3 and forward (API level 9-18+).
Androd 2.3 (API level 9-15)
In older versions of Android we envoke the same system calls as used by the Instrumentation framework.
Permission No special permission needs to be set.
Androd 4.1.2 (API level 16 and forward)
As of API level 16 we have access to the InputManager class. We use this as the basis for the input injection.
Permission Using InputManager for injection requires setting permission android.permission.INJECT_EVENTS in your manifest.
Using this permission may require altering Lint Error Checking in order to be able to compile. In Eclipse this is done by going to Window->Preferences->Android->Lint Error Checking and then finding ProtectedPermissions and setting severity to something else than error.
NOTE: In order to inject events to other apps using InputManager, your apk must be signed with system level certificate.
https://github.com/arnebp/android-inputinjector
In Java we can get the highlighted text from native window by using JNA or JNI. For example we could use
Monitor text that is highlighted
Is there any way to do the same thing by using Android SDK??
You are welcome to use the accessibility APIs to write an accessibility service and watch for text selection events. This will require the user to agree to allow your app to spy on all user input, which will tend to make your app less popular.
Otherwise, this is not possible, for obvious privacy and security reasons.
Using purely the SDK without exploiting a security vulnerability is not possible.
There is a simple explanation of why this is not possible.
The first reason is the way Android apps are executed in the OS in a sandboxed way using linux's user groups and permission system.
Every running process and Application on Android has it's own user and group and permissions to access those resources only. So in a way they cannot communicate with other apps(or capture what a user is highlithing at the moment.
The only way for an app to communicate with other is using the binder IPC, which has to pass through the activity manager first. As far as my knowledge goes, there is not a defined way to do this. Notice this is a layer of protections inherited from linux below Android's usual permission system.
Adding to this, starting from Android 5(lollipop) add to this layer the now enforced selinux policies, which do not allow the application domain to access other domains that handle graphics, the mediaserver, and some others, I will not enter more in this topic due to it's complexity and relevance to the question, just know that these are some very secure mechanisms that prevent actions that might imply a security breach.
Is it possible? Yes, however it involes exploiting a vulnerability, but this is another topic and for that I should recommend to search papers on the web that talk about vulnerabilities in android.
Is it possible to set android app permission dynamically in java, usually it is set in AndroidManifest.xml. But what I want to do is giving my users a choice of what permissions they want my app to give.
thanks in advance!
No, it is not currently possible. Up through Android Lollipop, permissions must be explicitly requested in the app's manifest and must be collectively all granted or denied (not installing the app) by the user at install time.
Android M, however, is changing this. As of Android M, permissions will be granted at runtime instead of at install time, allowing you to give users more control over which permissions they allow your app to use.
See the Android M runtime permissions documentation for more detail.
At the moment it's not possible http://developer.android.com/guide/topics/security/permissions.html
Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.
Things may change in new android M release
Nope. App's permissions are declared in AndroidManifest.xml, which is used to tell Android system what permissions are required. App installer will show all permissions to help user judge the app is good or bad.
Thing about that if an malicious app require nothing at install-time and require camera permission at run-time dynamically
It would be against Android policy . The application has or not has the permissions for doing something . It can be a security problem if you can think of it.
It is possible no issue but in mid of app if not get then chances of getting crash in your app...
I want to develop an application for android to:
List installed applications in the phone.
Show a list of permissions that are granted for each app.
Have the ability to disable any permission granted to a specific app or enable it later on.
Till now I have done the first two points. I searched the web to know how to modify permissions but I couldn't find anything useful.
So can anybody give me a clue on how to implement this ? Because I think it is doable since there some apps that can modify permissions (e.g. Permission Manager).
There are various apps in the Play Store that call themselves Permission Manager so I'm not sure which one you have looked at.
At least one of them works by pulling the installed app apart, and reforming it with a changed AndroidManifest file (and since they don't have access to the original private key, a new signature). To run the reformed app you have to uninstall the old one, and install the new one, which has 2 significant downsides
all the data of the old app is lost
since you now have an effective pirate version of the app, the app will no longer update with new versions from the Play Store.
Other apps that claim to manage app permissions simply expose the hidden App Ops permission screen in Android 4.3, and Google removed this from the later Android 4.4 update.
Is it somehow possible to set Android to standby-mode programmatically ?
If you're developing your own ROM or you have a rooted phone (it's need to be checked which user is able to do this) then you should have a look to the PowerManager.goToSleep functionality. Here is a discussion about this function in the Google Groups. And here you can read about this particular permission.
http://developer.android.com/reference/android/os/PowerManager.html#goToSleep%28long%29
This is what i think you are looking for.
Don't forget to include following permission.
android.permission.DEVICE_POWER
This functionality has been removed since API level 21: https://developer.android.com/sdk/api_diff/21/changes/android.os.PowerManager.html
Like Yury also mentioned, before you were able to call powerManager.goToSleep(time), but you would have needed a rooted device or app would have needed to be signed as a system app to acquire the relevant rights.