One of my Android apps requires some features that are “dangerous” when it comes to permissions. They require some permissions, such as Internet access, which are crucial when combined with private data.
That's why I want to create a separate “add-in,” that is, a second application that provides these critical functions. Therefore, if users want them, they can install the add-in, but the main application will work without these permissions.
Using sharedUserId will obviously be the easiest solution, but adding it later, when many users will use the application already, can cause serious problems. Does this not mean that the application will no longer be able to access its own data?
Therefore, I have to choose a different approach. ContentProviders is something that I try to avoid because they are too complex for this simple need, in my opinion.
I thought user permissions could solve the problem. They can? I added the following permission declaration for both the main application and the add-in as a child of the manifest tag in AndroidManifest.xml :
<permission android:name="com.my.package.ADDON" android:label="@string/permission_title" android:description="@string/permission_description" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="signature" />
In addition, both manifest files received this part:
<uses-permission android:name="com.my.package.ADDON"></uses-permission>
The add-on application includes IntentService , which has the following attribute:
android:permission="com.my.package.ADDON"
Shouldn't this be done so that I can call the IntentService add- IntentService from my main application through this code?
Intent addonIntent = new Intent(); addonIntent.setClassName("com.my.package", "com.my.package.MyService"); startService(addonIntent);
Unfortunately, this call always fails with the following exception:
E/AndroidRuntime(16721): java.lang.SecurityException: Not allowed to start service Intent { cmp=com.mypackage.addon/.MyService } without permission com.mypackage.permission.ADDON
What I did wrong? Thank you so much in advance!
Addition # 1 - Add-on manifest:
<?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="1" android:versionName="1.0" package="com.mypackage.addon"> <uses-sdk android:minSdkVersion="8" /> <permission android:name="com.mypackage.permission.ADDON" android:label="@string/permission_title" android:description="@string/permission_description" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="signature" /> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"></uses-permission> <uses-permission android:name="android.permission.INTERNET"></uses-permission> <application android:icon="@drawable/ic_launcher" android:label="@string/app_name" android:permission="com.mypackage.permission.ADDON" android:exported="true"> <service android:enabled="true" android:name=".MyService" /> </application> </manifest>
Addendum # 2 - manifest of the main application:
<?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="1" android:versionName="1.0" package="com.mypackage.mainapp"> <uses-sdk android:minSdkVersion="8" /> <permission android:name="com.mypackage.permission.ADDON" android:label="@string/permission_title" android:description="@string/permission_description" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="signature" /> <uses-permission android:name="com.mypackage.permission.ADDON"></uses-permission> <application android:icon="@drawable/ic_launcher" android:label="@string/app_name" android:name="MyApp"> <activity android:name=".MainActivity" android:launchMode="singleTask" android:label="@string/app_name"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> </application> </manifest>