0

With respect to Marshmallow, how do I tell which operating system calls in Android require a permission check? For some of the Location Manager calls, the compiler will show an error if I don't check permissions before the call. But there are lots and lots of other operating system calls for which permissions are required but which do not generate a compiler error if the permission is not checked before the call.

For example, I have a call to the Location Manager's sendExtraCommand method in one of my apps. The compiler doesn't give any indication that a permission check is required before the call, so I didn't have one. When I mouse over the call in Android Studio, the information in the documentation window doesn't give any indication that permissions are required for the call. But when Marshmallow users started using my app, they were getting security exceptions.

Is it just me, or is the Marshmallow security thing extremely poorly thought out?

There is a similar question here, but it doesn't have any good answers, so I have created this one in the hope that the issue will get more attention: How to find required Android Marshmallow runtime permissions in code?

Community
  • 1
  • 1
Chris B
  • 401
  • 6
  • 10

1 Answers1

1

how do I tell which operating system calls in Android require a permission check?

As you note, in some cases, you may get Lint warnings and the like. One imagines that this will improve over time.

In other cases, you read the JavaDocs, where the class or method mentions that you need a permission. When you add the <uses-permission> element to your manifest, also think about whether that is one of the dangerous permissions that requires handling at runtime.

Beyond that, you find out when you test your app and your tests fail.

If you find those to be insufficient, set your targetSdkVersion to 22 or lower, until such time as you are more comfortable with Android's runtime permission support.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • Thanks for the very good answer. I don't actually have a Marshmallow device at the moment, so I will have to use your last suggestion for the time being. – Chris B Mar 28 '16 at 22:11
  • Interesting side note: I notice that I have to request an internet permission in order to load an Admob ad. It's not really clear to me how I can ever make any money from ads on Marshmallow and above because no one is going to grant permission to load and show ads. – Chris B Apr 01 '16 at 15:20
  • @ChrisB: `INTERNET` is not a `dangerous` permission. You do not need to prompt the user for it; AFAIK, you *can't* prompt the user for it. – CommonsWare Apr 01 '16 at 15:22