To summarize, I still don't have the answer to the original question except that it is probably not possible yet.
Original question (User perspective): Once a user (not a developer) clicks† around and grants an android app, access to google auth tokens, how could he/she revoke it? † Clicks: User clicks on an activity that android system throws when third party apps (utilizing android.permission.USE_CREDENTIALS) try accessing google auth tokens Sample screenshots: http://www.appbrain.com/info/fastweb2.png http://chiarg.com/?p=429 Happy to hear workarounds that can possibly revoke this for all third party android apps that were granted access once (say revoke through settings > manage apps > all > google services or partner or some such > clear data) but without disrupting other google services (gmail, gtalk, android market, ...) on the device. Or perhaps do it through the central web based accounts dashboard (which for now doesn't display info about android apps) http://www.google.com/url?sa=D&q=https://www.google.com/accounts/IssuedAuthSubTokens I could possibly post this on android-platform group as well. On Jun 17, 5:02 pm, RS <rajeshs...@gmail.com> wrote: > Thanks Nikolay. Very useful pointers. Thank goodness it isn't global > (UID). > > Though am using this permission as a developer the question is from a > user point of view who wishes to revoke access, so I'd rather not call > this directly or through reflection. Wish the system had a settings > screen for this instead. Something the user could trust irrespective > of the apps installed. > > I do see a couple of bugs requests where people would like to deny > access to specific security permissions to an app (eg: network, > camera, call status, ...) on the whole. This auth token stuff though, > falls in a different sub-category and might be quicker to solve. > > Hope a google employee could comment on any future updates to the > account management flow that they might have. > > Thanks, > RS > > On Jun 17, 4:28 pm, Nikolay Elenkov <nikolay.elen...@gmail.com> wrote: > > > > > > > > > On Fri, Jun 17, 2011 at 11:21 PM, RS <rajeshs...@gmail.com> wrote: > > > Simplifying the question: > > > > Am looking for answers from developers (or google engineers) who have > > > used accountManager.getAuthToken(....) and have come across such a > > > screen for their own apps: > > > >http://www.appbrain.com/info/fastweb2.png > > > or > > >http://chiarg.com/?p=429 > > > > Once the user clicks 'allow', how could they undo this action for that > > > particular android app+account? > > > It seems that there is no public API to do this. AccountMangerService has a > > revokeAppPermission() method which is both hidden (with @hide) and > > not accessible via public APIs. You could probably call it using reflection, > > but that is usually not recommended. BTW, access to tokens is granted > > by UID, so it's not global for all applications. Check out > > /data/system/accounts.db for more details if you have a rooted device. > > > HTH -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
