I want to develop an application for android to:
List installed applications in the phone.
Show a list of permissions that are granted for each app.
Have the ability to disable any permission granted to a specific app or enable it later on.
Till now I have done the first two points. I searched the web to know how to modify permissions but I couldn't find anything useful.
So can anybody give me a clue on how to implement this ? Because I think it is doable since there some apps that can modify permissions (e.g. Permission Manager).
There are various apps in the Play Store that call themselves Permission Manager so I'm not sure which one you have looked at.
At least one of them works by pulling the installed app apart, and reforming it with a changed AndroidManifest file (and since they don't have access to the original private key, a new signature). To run the reformed app you have to uninstall the old one, and install the new one, which has 2 significant downsides
all the data of the old app is lost
since you now have an effective pirate version of the app, the app will no longer update with new versions from the Play Store.
Other apps that claim to manage app permissions simply expose the hidden App Ops permission screen in Android 4.3, and Google removed this from the later Android 4.4 update.
Related
I have an security App (App Locker) that uses this permission:
android.permission.GET_TASKS
In android Lollipop this permission is deprecated and i want that my app works in +21 API.
Can anyone guide me how?
Thnx :)
There is reason why it is deprecated.
The protection Level of android.permission.GET_TASKS has been elevated to signatureOrSystem.
There is no easy and unharmful solution for that.
As of LOLLIPOP, this method is no longer available to third party applications: the introduction of document-centric recents means it can leak personal information to the caller. For backwards compatibility, it will still return a small subset of its data: at least the caller's own tasks (though see getAppTasks() for the correct supported way to retrieve that information), and possibly some other tasks such as home that are known to not be sensitive.
http://developer.android.com/reference/android/app/ActivityManager.html#getRecentTasks(int,%20int)
I saw a new permission REAL_GET_TASKS that is said to be used instead of GET_TASKS:
New version of GET_TASKS that apps can request, since GET_TASKS doesn't really give access to task information. We need this new one because there are many existing apps that use add libraries and such that have validation code to ensure the app has requested the GET_TASKS permission by seeing if it has been granted the permission... if it hasn't, it kills the app
with a message about being upset. So we need to have it continue to look like the app is getting that permission, even though it will never be checked, and new privileged apps can now request this one for real access.
See the Android code difference at: https://android.googlesource.com/platform/frameworks/base/+/2d7576b%5E!/
I find this question a couple places on the web, but never with a good answer. Let me be specific in the questions asked.
I want to build a custom Android ROM which only features one app. This app is not to interact with any hardware (per now). This app will be launched on the start up of the device. No locked-screen. The device will have to restart if the app malfunctions.
A resource told me that you can change the launcher app of the ROM.
-> Does this mean that the home screen, the one which displays all apps on our phones, is merely another app? If so, can you simply change the launcher app as it is stated here? What were to happen if this app fails?
If this is the case, it would solve the entire issue.
If not, how do you go about making this sort of project? It includes
Making an app on AOSP
Refuse users to leave the app or interact with anything else
Making this app part of the boot-up process
Remove locked screen
Make the app a dependency of the OS (to force shutdown if malfunction)
Thanks in advance for any replies
I just found Android have a topic about dedicated devices (formerly called corporate-owned single-use, or COSU) are a subset of company-owned devices that serve a specific purpose. maybe that can meet your requirement.
BTW, After into the sub-topic lock task mode that mentions about set DPC whitelist APPs and the device policy controller (DPC) needs setup by other steps.... FYR~
I would like to write an application which can programatically generate touch events on the phone.
I have already tried this methods:
adb : adb swipe and so on... It requires USB cable and connect the phone to pc
adb ON TCPIP: same
My problem with adb is to require so much presetting by user and I don't want to make the user to learn it. I have already made an application which use adb, but it's difficult for the user to set up properly :(
I have heard and I tried to sign my application with platform sign, but it's not good for me, because I would like to publish my app on android market and it is not a system application...
I would like to find a way to achieve this in a single application which can produce touch outside of the app (from background) and I would like to publish on market.
I have found this application: https://play.google.com/store/apps/details?id=com.teamviewer.quicksupport.samsung which can basically do this. Because when I click on my computer, it send a message to the phone and the phone make the touch on the screen. How and with what privileges can teamviewer do it?
Please give me some advice about it.
I would like to find a way to achieve this in a single application which can produce touch outside of the app (from background) and I would like to publish on market.
This is not possible, outside of what little input faking can be done by an accessibility service.
How and with what privileges can teamviewer do it?
If your read that Play Store listing, you will notice that it only works with Samsung devices. That is because the makers of TeamViewer struck a deal with Samsung to enable this sort of integration. Similarly, the TeamViewer team struck deals with a few other device manufacturers. However, they did not do so with all manufacturers, and so TeamViewer does not work on all devices.
Have a look here .This might be useful.
InputInjector
Android library that eases the process of injecting InputEvents (MotionEvent, KeyEvent) to you Android app. The library uses internal API calls to inject events and depend on the accessability of these. This library will therefore not work on all devices but theoretically support Android 2.3 and forward (API level 9-18+).
Androd 2.3 (API level 9-15)
In older versions of Android we envoke the same system calls as used by the Instrumentation framework.
Permission No special permission needs to be set.
Androd 4.1.2 (API level 16 and forward)
As of API level 16 we have access to the InputManager class. We use this as the basis for the input injection.
Permission Using InputManager for injection requires setting permission android.permission.INJECT_EVENTS in your manifest.
Using this permission may require altering Lint Error Checking in order to be able to compile. In Eclipse this is done by going to Window->Preferences->Android->Lint Error Checking and then finding ProtectedPermissions and setting severity to something else than error.
NOTE: In order to inject events to other apps using InputManager, your apk must be signed with system level certificate.
https://github.com/arnebp/android-inputinjector
Is it possible to set android app permission dynamically in java, usually it is set in AndroidManifest.xml. But what I want to do is giving my users a choice of what permissions they want my app to give.
thanks in advance!
No, it is not currently possible. Up through Android Lollipop, permissions must be explicitly requested in the app's manifest and must be collectively all granted or denied (not installing the app) by the user at install time.
Android M, however, is changing this. As of Android M, permissions will be granted at runtime instead of at install time, allowing you to give users more control over which permissions they allow your app to use.
See the Android M runtime permissions documentation for more detail.
At the moment it's not possible http://developer.android.com/guide/topics/security/permissions.html
Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.
Things may change in new android M release
Nope. App's permissions are declared in AndroidManifest.xml, which is used to tell Android system what permissions are required. App installer will show all permissions to help user judge the app is good or bad.
Thing about that if an malicious app require nothing at install-time and require camera permission at run-time dynamically
It would be against Android policy . The application has or not has the permissions for doing something . It can be a security problem if you can think of it.
It is possible no issue but in mid of app if not get then chances of getting crash in your app...
I am designing an app for Android, iPhone/iPad and Windows Phone using GWT and PhoneGap. GWT will allow me to write the entire app in Java (my strong suit, unlike JavaScript or CSS) and will translate it into cross-browser JavaScript/AJAX. PhoneGap will then wrap that resultant JavaScript and turn it into a native app for each of the three platforms mentioned above.
I would like to have a "plugin-oriented architecture", whereby users can optionally purchase (or qualify for through other means) "add-ons" (plugins/extensions) that will enhance the functionality of the app.
Normally I would accomplish this by using the Java Simple Plugin Framework (JSPF) and allow users to download plugin JARs as they paid for them. These plugin JARs would then be added to the classpath of the main app so that the next time it starts and scans the classpath for plugins, it finds them and loads them.
Is this possible with native apps? I don't believe I can deploy anything other than APK, IPA and XAP (Android, iPhone and WinPhone respectively) files to these marketplaces.
In Java-land, this would be like having to download a "base" app in the form of an executable JAR (containing its own main method), and then having to download a "plugin" app that is also an exectuable JAR, and somehow get the two to behave like a normal plugin architecture (which would be if you have 1 exectuable JAR base app and then 1+ plugin non-executable JAR libs).
So I ask: how do add-ons work for native apps from a deployment/download perspective? How do you get 2 or more APKs/IPAs/XAPs to communicate with each other on the client-side? If not possible, how do native app developers handle add-ons (I know they exist, I've seen them!)? Thanks in advance!
as for iPhone - the only way is to implement the additional features and have them disabled until the user purchases in app to unlock the feature.
In Android you can have apps communicate with each other so that the user can just load add-on apps that provide only the add-on functionality. For more detail on this.. android communication between two applications
WP8 - I do not yet have experience
Although I am not a core Android Developer, here are some suggestions from my experience with Android till now:
One possible solution for Android is to use Updates for application. One way to achieve this is using a Background Service which checks for updates whenever app starts or use GCM (Google Cloud Messaging) to push update messages to the app. Second option is much better as you can provide instant update to the user ,on per device basis (a user can have multiple devices), as soon as he/she has bought your add on feature. After the user has got the update message you can download the whole app with new feature and update app on the device. Of course in this case you need to backup the existing data of the app and restore after installation of updated app.
I don't know if this thing can be done but it would be also be an good option in my opinion if you can provide a legitimate user, who have bought the particular add on, an updated app through Android Market.
Another way is to create each add on as a Service and then let the main app can detect (or bind) those services at startup and if they are available, your app can communicate with them easily. You can even call the UI portion of the newly deployed add on from your main app by using Intents and BroadcastReceivers.
You may also find this useful as far as Android is concerned:
However, there are ways for an application to share data with other
applications and for an application to access system services:
It's possible to arrange for two applications to share the same Linux
user ID, in which case they are able to access each other's files. To
conserve system resources, applications with the same user ID can also
arrange to run in the same Linux process and share the same VM (the
applications must also be signed with the same certificate).
Hope this gives some useful information to you.