I found my answer: If an app uses a permission that's not defined on your phone, it is still displayed in Android Market. When you try to install it, the undefined permission is NOT displayed to the user, and is NOT granted. So later, if you later install the service that defines (and requires) the permission, the first app will NOT be able to access the service.
The only apparent way to fix this is to reinstall the application, which is hard to do with Android Market unless (a) a new version of the app is posted; or (b) the user uninstalls and re-installs the app. (b) will suck because you lose preferences and data saved by the app. On Feb 10, 11:20 am, "[email protected]" <[email protected]> wrote: > I saw onhttp://developer.android.com/guide/topics/security/security.html > that my app can declare a permission: > > <manifest xmlns:android="http://schemas.android.com/apk/res/android"; > package="com.me.app.myapp" > > > <permission > android:name="com.me.app.myapp.permission.DEADLY_ACTIVITY" > android:label="@string/permlab_deadlyActivity" > android:description="@string/permdesc_deadlyActivity" > android:permissionGroup="android.permission-group.COST_MONEY" > android:protectionLevel="dangerous" /> > </manifest> > > So if another app "Foo" need to invoke the deadly activity, it would > declare the following in its Manifest: > > <uses-permission > android:name="com.me.app.myapp.permission.DEADLY_ACTIVITY" /> > > However, what if com.me.app.myapp is not yet installed on the device? > > [a] I tested with "adb install", and Foo was installed on the device > without incident. The only thing I see is "W/PackageManager( 62): > Unknown permission com.me.app.myapp.permission.DEADLY_ACTIVITY in > package com.foo.Foo" > > [b] if I upload Foo into Android Market, but the user has not yet > installed "myapp", will he be able to see Foo in market? > > [c] if the answer to [b] is yes (I really hope so, or else it will be > a major bummer ...) what message will the user see regarding > com.me.app.myapp.permission.DEADLY_ACTIVITY? Since the description of > this permission is declared only in "myapp", without "myapp" > installed, will the user just see the name of the permission, which > probably doesn't mean much? > > If [c] is true, would this be a weakness to the Android permission > system/Android Market? As long as I can fool the user to install my > app first, I would be able to gain permissions that the user would not > have otherwise granted me (had he known the true nature of such > permissions). > > Thanks! -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
