For quite a while I'm collecting app details. My site meanwhile covers about 13k apps, and has a list of permissions with explanations. A few weeks ago I started recording "unknown permissions" as well (i.e. permissions apps are requesting, but which are not covered by my list). Analyzing that now (mostly app specific (<package_name>.*) or manufacturer specific (e.g. com.sec.* for Samsung, com.htc., com.sonyericsson. etc) permissions), I found a list of very strange permissions requested quite frequently – which were nowhere documented.
Are there any insights here? I will list them ordered by most used and with a comment of what I figured up to now – and hope you can give me some additional details on at least a few of them:
WRITE_INTERNAL_STORAGE: wrongly deduced from WRITE_EXTERNAL_STORAGE?
ACCESS_GPS: pre-Android-1.0 and long obsolete
ACCESS_LOCATION: pre-Android-1.0 and long obsolete
STORAGE: also a remains from pre-1.0 – or picked the permission group instead ??? (used by e.g. com.yuilop)
READ_INTERNAL_STORAGE: wrongly deduced from READ_EXTERNAL_STORAGE?
NETWORK: also a remains from pre-1.0 – or picked the permission group instead ??? (used by e.g.: com.koushikdutta.backup)
PERMISSION_NAME: copy-pasta?
LOCATION: no such permission (or also pre-1.0 – or picked the permission group instead?)
SYSTEM_OVERLAY_WINDOW: that's what SYSTEM_ALERT_WINDOW permits: using overlays ;)
RECORD_VIDEO: wrongly deduced from RECORD_AUDIO, and should probably be CAMERA? Also see here
ACCESS_COURSE_LOCATION: definitely a typo. And ACCESS_COARSE_LOCATION (which was meant) most likely not needed, if noone noticed :)
READ_APN_SETTINGS: wrongly deduced from WRITE_APN_SETTINGS ???
BROADCAST_PACKAGE_REPLACED: probably wrongly deduced from BROADCAST_PACKAGE_ADDED and BROADCAST_PACKAGE_REMOVED ???
GET_CLIPS / READ_CLIPS / WRITE_CLIPS: ??? obviously refers to clipboard actions, but I've never heard of those perms. Developers manual on copy paste does not mention any permission for this. Despite of that, a screenshot from AppOps found in this blog article clearly shows a „Read clipboard“ permission.
WRITE_LOGS: probably wrongly deduced from READ_LOGS
BROADCAST_PACKAGE_CHANGED: probably wrongly deduced from BROADCAST_PACKAGE_ADDED and BROADCAST_PACKAGE_REMOVED ???
CHANGE_WIFI_AP_STATE: ???
There are several more (over 100 altogether), but these are the ones used by multiple apps. Note that in the Manifests of affected apps, they are prefixed by android.permission. (e.g. android.permission.WRITE_INTERNAL_STORAGE). Any clues?
Where do people get those ideas from, when a search for the explicite name doesn't turn up anything, I wonder … Most confusing is that several of the above are even suggested here at SO to fix issues – despite of being mentioned in other posts as definitely not existing.
EDIT: Being asked to name some example apps:
*_INTERNAL_STORAGE:
RaspManager
QR Code Scanner
SYSTEM_OVERLAY_WINDOW:
GPS HUD
WeCal
READ_APN_SETTINGS:
MyBackup
Contacts+
Just to ensure those apps are not declaring those permissions, I've picked some .apk files (MyBackup, GPS HUD) and ran aapt d badging against them. Found no single declaration, all only named by uses-permission:.
PS: Sources I usually consult for finding details on permissions include, next to a Google search, a.o. Github, Android Source, Android Cross Reference, Android Developers, and several more. I had no luck with the above.
Related
I'm trying to build grapheneos for pixel 6 with custom bootanimation.
I created the bootanimation.zip file according to instructions but can't figure out the location to put it in. Since the usual location, system/media/bootanimation.zip is giving me an Error:
offending entries: system/media/bootanimation.zip
besides this, the build also fails.
Can anyone help me to understand what I am doing wrong ?
Error message
If it is still relevant, I may have an answer for you.
There's a mechanism that prevents you from doing something to the system partition from the product makefile in some cases.
The solution to your specific situation might be different, and there are also suggested solutions in the link below.
If you have something that is a part of the system partition, and is not a product specific thing, you can also add it to:
build/make/target/product/generic_system.mk
instead of the product specific makefile
Here is a link explaining this mechanism
Is there a replacement for the RadioInfo that was removed as of OS11? (com.android.settings/.RadioInfo)
If not, where else can this information be found in UI? Or adb? (preferably without rooting the device)
Our team relies heavily on the use of the data in RadioInfo for QA testing, especially since it works on nearly all Android devices (rather than being OEM-dependent like engineering short codes).
It also offered ideal granularity in network selection, moreso than the basic Settings UI.
Also, why was it removed? I looked back about 11 months in logs and didn't see a single mention of it (though maybe I'm looking in the wrong place - if there's a comment on it somewhere, please do share the link).
Looks like it just got moved.
10 and earlier:
com.android.settings/.RadioInfo
as of 11:
com.android.phone/.settings.RadioInfo
I'm creating an agent that interacts with an API I created, Auroras.live. However I always have troubles invoking the test version of the agent from my Google Home.
I really have to stress the "S" in Auroras, and I also have to say "dot", otherwise Google Home interprets it (I think) as Auroras Live, or Aurora.live, without the dot or "S"
This is definitely going to be a problem for others too, as they might not know to pronounce the dot, or forget to stress the "S", and as a result will get frustrated & not use my agent.
While filling out the app details, I tried using different invocations (such as "Talk to Auroras dot live" and "Speak to Aurora Live"), but it wouldn't let me do it, because I needed to use the exact title of my app.
What should I do? Should I (or can I) submit it as an easier to pronounce name (like "the aurora app")? Can I somehow tell Google to accept it with or without the "S" / dot? Any suggestions welcomed.
This is definitely a case where you would want your invocation name to be (slightly) different than your display name. I would list "Auroras Live" as your display name and "Aurora live" as the invocation name.
As part of the testing instructions, explain the problems you're seeing to the tester and request that both invocations be allowed.
If you want to clearly associate it with the auroras.live website, you could also mention that in the testing instructions (to include the dot), but you should probably also consider including a link to the site from the description and possibly from the action itself.
We have been using the following library for months:
https://unpkg.com/react#15.3.0/dist/react.min.js
Yes - I know we can just reference 15.3 and get the URL rewrite to the latest, but they released a breaking change. That's another issue for another day. Don't get distracted.
Yesterday this simply stopped working. You'll notice that if you load the URL mentioned, that the file is TRUNCATED. Simply cuts off. This made everything we use react with break. Interestingly, if you go to the following URL (without the .js extension) - things work.
https://unpkg.com/react#15.3.0/dist/react.min
My question is - what the heck happened? Why did the URL we've been using for 8 months suddenly stop working, and who can we get to fix it. In the interim, we had a copy locally that we've started referencing (which we probably should have been doing to begin with, since we don't want the automatic upgrade). When things like this happen, who do you inform?
I'm not sure you'll find the answer as to why this file is no longer working here but based off of the website you could reached out to the creator on twitter: https://twitter.com/mjackson
On the website it says:
SUPPORT
unpkg is a free, best-effort service and cannot provide any uptime or
support guarantees.
i.e. you should probably only use this link if you are messing around with a small project and shouldn't be used for any website where you actually care about the uptime of the site.
Nothing has changed on my end (at least I don't think anything has), but all of a sudden I'm unable to launch my app (and users reportedly are unable to install/launch) which uses the legacy require_login() function from an old version of the PHP SDK.
When I go to apps.facebook.com/myapp, I'm brought into a redirect loop between that URL and http://mysite.com/myAppsCanvasURL.
I've Googled and found some old posts where people report similar behavior but it doesn't seem like there was any resolution, and I still have no idea what could have caused this to happen out of the blue.
Any help would be greatly appreciated.
Thanks!
dshap
Figured out the answer to my own question.
My app requires access to both the user's uploaded photos as well as the user's photo tags.
To do this, I was requesting the (previously) necessary permissions by calling:
require_login('user_photos, user_photo_video_tags');
According to this developer blog post, the "user_photo_video_tags" permission is not supposed to be deprecated until November 22nd, however if I use it right now it breaks my app - if I simply remove it, there are no issues and the app works as expected.
The weird thing is I'm not seeing any exceptions thrown, but then again I'm not seeing any exceptions thrown even if I do something like:
require_login('user_photos, fake_permission');
So maybe this has something to do with the out-dated version of the PHP SDK that I'm using.
Hopefully that helps if someone else out there is having the same problem.