Tweet
Tweet

Slide 1

Slide 1 text

ERIC COCHRAN PERMISSIONS: CHANGES THAT BENEFIT USERS AND DEVS! @ERIC_COCHRAN DROIDCON LONDON OCTOBER 30, 2015

Slide 2

Slide 2 text

MARSHMALLOW IS HERE!

Slide 3

Slide 3 text

9 PERMISSION GROUPS • CALENDAR • READ_CALENDAR • WRITE_CALENDAR • CAMERA • CAMERA • CONTACTS • READ_CONTACTS • WRITE_CONTACTS • GET_ACCOUNTS • STORAGE • READ_EXTERNAL_STORAGE • WRITE_EXTERNAL_STORAGE • LOCATION • ACCESS_COARSE_LOCATION • ACCESS_FINE_LOCATION • SENSORS • BODY_SENSORS • MICROPHONE • RECORD_AUDIO • PHONE • READ_PHONE_STATE • CALL_PHONE • READ_CALL_LOG • WRITE_CALL_LOG • ADD_VOICEMAIL • USE_SIP • PROCESS_OUTGOING_CALLS • SMS • READ_SMS • SEND_SMS • RECEIVE_SMS • RECEIVE_MMS • RECEIVE_WAP_PUSH

Slide 4

Slide 4 text

PROTECTION LEVEL • NORMAL — FREE! • DANGEROUS — ASK AT RUNTIME • SIGNATURE — /SYSTEM/PRIV-APP • PREINSTALLED — /SYSTEM/APP • PRE23 — FREE IF TARGET < 23 • DEVELOPMENT • PRIVILEGED (AKA SYSTEM) • SIGNATUREORSYSTEM • INSTALLER • VERIFIER

Slide 5

Slide 5 text

KEEP UP WITH PERMISSIONS • PLATFORM_FRAMEWORKS_BASE • CORE/RES/ANDROIDMANIFEST.XML https://android.googlesource.com/platform/frameworks/ base.git/+/master/core/res/AndroidManifest.xml

Slide 6

Slide 6 text

WHAT’S NEW FOR MY APP? • TARGETING < 23 • PERMISSIONS GRANTED BY DEFAULT • EMPTY DATA WHEN USERS EXPLICITLY DENY PERMISSIONS • PRE23 PROTECTION • WRITE_SETTINGS IS NO MORE • SYSTEM_ALERT_WINDOW IS GRANTABLE • 6.0: GET_ACCOUNTS NOT NEEDED FOR YOUR OWN ACCOUNT

Slide 7

Slide 7 text

The hidden setting if (!Settings.canDrawOverlays(this)) {
 Intent intent = new Intent(Settings.ACTION_MANAGE_OVERLAY_PERMISSION,
 Uri.parse("package:" + activity.getPackageName()));
 activity.startActivityForResult(intent, REQUEST_CODE_PERMISION_SYSTEM_ALERT_WINDOW);
 } @Override protected void onActivityResult(int requestCode, int resultCode, Intent data) {
 if (requestCode == REQUEST_CODE_PERMISION_SYSTEM_ALERT_WINDOW) {
 if (Settings.canDrawOverlays(this)) {
 // yay!
 } else {
 // denied.
 }
 }
 }

Slide 8

Slide 8 text

RUNTIME PERMISSIONS String permission = READ_CALENDAR;
 Context checker = …; // PERMISSION_DENIED or PERMISSION_GRANTED
 int result = checker.checkSelfPermission(permission);

Slide 9

Slide 9 text

RUNTIME PERMISSIONS • USE SUPPORT ANNOTATIONS! @RequiresPermission(READ_CALENDAR) • USE SUPPORT V4! String permission = READ_CALENDAR;
 Context checker = …;
 int result = PermissionChecker.checkSelfPermission(checker, permission);

Slide 10

Slide 10 text

RATIONALE BEFORE REQUEST? Activity requester = …;
 boolean rationale = requester.shouldShowRequestPermissionRationale(permission);

Slide 11

Slide 11 text

REQUEST String[] permissionsNeeded = { READ_CALENDAR };
 Activity requester = ...;
 requester.requestPermissions(permissionsNeeded, requestCode); @Override public void onRequestPermissionsResult(int requestCode,
 @NonNull String[] permissions, @NonNull int[] grantResults) {
 // grantedResults full of PERMISSION_GRANTED and PERMISSION_DENIED.
 }

Slide 12

Slide 12 text

DENIED: WHAT NOW? Intent appSettings = new Intent(Settings.ACTION_APPLICATION_DETAILS_SETTINGS, Uri.parse("package:" + context.getPackageName()));
 List handlers = context.getPackageManager().queryIntentActivities( appSettings, 0);
 if (handlers.isEmpty()) {
 // We can't go to Settings.
 return;
 }
 context.startActivity(appSettings);

Slide 13

Slide 13 text

TEST adb shell pm revoke

Slide 14

Slide 14 text

MANIFEST TRICKS

Slide 15

Slide 15 text

BUILD USER TRUST TARGETSDVERSION=23