Android Permissions - Best Practices

Question

I have two Android Applications, a permission provider and a requester.

The provider has the below manifest

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.permissionprovider"
android:versionCode="1"
android:versionName="1.0" >

<uses-sdk
    android:minSdkVersion="8"
    android:targetSdkVersion="18" />

<permission android:description="@string/permission_desc"
        android:icon="@drawable/ic_launcher"
        android:label="some permission"
        android:name="com.example.permissionprovider.CUSTOM"
        android:protectionLevel="normal" />
<!-- is the below tag required in the provider?--> 
<uses-permission android:name="com.example.permissionprovider.CUSTOM"/>

<application
    android:allowBackup="true"
    android:icon="@drawable/ic_launcher"
    android:label="@string/app_name"
    android:theme="@style/AppTheme" >
    <activity
        android:name="com.example.permissionprovider.MainActivity"
        android:permission="com.example.permissionprovider.CUSTOM"
        android:label="@string/app_name" >
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />

            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
    </activity>
</application>
</manifest>

1. I hope it is wrong to set permissions to a launchable activity as the launcher won't have permissions to launch this activity.Is that correct?

2. Should the provider's manifest declare that the provider application needs the permission - com.example.permissionprovider.CUSTOM , or is it not required as the permission is defined in the same manifest?

Now I have the requester app which has the below manifest

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.permissionrequester"
android:versionCode="1"
android:versionName="1.0" >

<uses-sdk
    android:minSdkVersion="8"
    android:targetSdkVersion="18" />
<uses-permission android:name="com.example.permissionprovider.CUSTOM"/>


<application
    android:allowBackup="true"
    android:icon="@drawable/ic_launcher"
    android:label="@string/app_name"
    android:theme="@style/AppTheme" >
    <activity
        android:name="com.example.permissionrequester.MainActivity"
        android:label="@string/app_name" >
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />

            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
    </activity>
</application>
</manifest>

and the Requester tries to start the provider's activity.

Intent i;
    PackageManager manager = getPackageManager();
    try {
        i = manager.getLaunchIntentForPackage("com.example.permissionprovider");
        if (i == null)
            throw new PackageManager.NameNotFoundException();
        i.addCategory(Intent.CATEGORY_LAUNCHER);
        startActivity(i);
    } catch (PackageManager.NameNotFoundException e) {

    }    }

1. If the provider app was installed first followed by the requester, then the requester will be able to launch the provider's Activity, but this doesn't happen if it's the requester which is installed first. How to get around this?

Answer 1

I hope it is wrong to set permissions to a launchable activity as the launcher won't have permissions to launch this activity.Is that correct?

Correct, the launcher will be incapable of starting that activity. However, it will still appear in the launcher, and therefore the user will get frustrated when they cannot start up your app.

Should the provider's manifest declare that the provider application needs the permission - com.example.permissionprovider.CUSTOM , or is it not required as the permission is defined in the same manifest?

You can define the <permission> in both apps, to deal with your last problem:

If the provider app was installed first followed by the requester, then the requester will be able to launch the provider's Activity, but this doesn't happen if it's the requester which is installed first. How to get around this?

Define the <permission> in both apps.

Also, if you are publishing both apps, and no third parties should be using your provider, please use a signature-level permission, not a normal-one. This will prevent anyone other than you from writing an app that can successfully hold the permission.