RhinoCan
Well-Known Member
I am trying to understand Permissions in Android but various things aren't clear to me yet so I hope someone here can help me understand better. I'm using Android Studio 3.1.2 and am quite new to Android development. I'm not new to development though, just Android.
I'm not sure if it's better to break this up into several questions or write them all in one thread since they are all related but I'll put them all here to start with and break them up if you tell me that's better.
I am trying to write a simple app to ask the phone on which the app is running for a unique ID, either the IMEI or the DeviceId, depending on the age of the device. This is part of a group of apps I am cobbling together for use at work where three of us will use the app. We'll be recording sales and I want to spare the user having to identify each and every sale as coming from him/her since each of us will record only our own sales. I'll simply store that unique ID in an external MySQL database and whenever one of us generates a sale, the app that records the sale will simply store that unique ID on the sale record. For the moment though, I am just doing the part of the app that gets the unique ID as a small standalone app to learn about permissions.
I know that the permission I need, READ_PHONE_STATE is considered "dangerous" and that in later versions of Android, that permission is not obtained at runtime but at execution time. (I don't know what version of Android my colleagues are using but my OS Version is 24). Am I correct in believing that I have to put that permission in my AndroidManifest even though it won't be checked until runtime? If the user is on a later-model device, will he/she still be asked for READ_PHONE_STATE permission at install time AND at run time or ONLY at runtime? When I give the permission, do I use <uses-permission> or <uses-permission-sdk-23>? I've seen both in examples that I've tracked down but I'm not clear on the distinction.
The reason I ask is that if I omit giving permission in the manifest, this line of my code inevitably yields true:
if (ContextCompat.checkSelfPermission(this,
Manifest.permission.READ_PHONE_STATE)
!= PackageManager.PERMISSION_GRANTED)
That puzzles me because if I put the permission in the manifest, it doesn't seem to check any further; it seems to me that this effectively gives the permission at install time without even asking the user if it's okay, which is the exact opposite of actually asking them at run time.
One more question in this vein, then I'll wait for some answers. With luck, your answers mean I won't have to ask any further questions on permissions ;-)
The other thing that is puzzling me is this line:
if (ActivityCompat.shouldShowRequestPermissionRationale(this,
Manifest.permission.READ_PHONE_STATE)
How is this method finding out whether to return true or false? I can't find anything in the documentation that makes this clear. Do I need to explicitly call some other method to say, yes, I want to provide rationales or is that yes or no being set elsewhere by some other process? I can picture this method always returning Yes just to force developers to be polite and explain why they want permission but I can also picture it being set "under the covers" by Android on the basis of something in the manifest or in Gradle somewhere too. In any case, it always seems to return TRUE in my testing but I'd like to know if I can count on that or if that is just a lucky coincidence so far?
Sorry for the long post; I'll try to be shorter in future
I'm not sure if it's better to break this up into several questions or write them all in one thread since they are all related but I'll put them all here to start with and break them up if you tell me that's better.
I am trying to write a simple app to ask the phone on which the app is running for a unique ID, either the IMEI or the DeviceId, depending on the age of the device. This is part of a group of apps I am cobbling together for use at work where three of us will use the app. We'll be recording sales and I want to spare the user having to identify each and every sale as coming from him/her since each of us will record only our own sales. I'll simply store that unique ID in an external MySQL database and whenever one of us generates a sale, the app that records the sale will simply store that unique ID on the sale record. For the moment though, I am just doing the part of the app that gets the unique ID as a small standalone app to learn about permissions.
I know that the permission I need, READ_PHONE_STATE is considered "dangerous" and that in later versions of Android, that permission is not obtained at runtime but at execution time. (I don't know what version of Android my colleagues are using but my OS Version is 24). Am I correct in believing that I have to put that permission in my AndroidManifest even though it won't be checked until runtime? If the user is on a later-model device, will he/she still be asked for READ_PHONE_STATE permission at install time AND at run time or ONLY at runtime? When I give the permission, do I use <uses-permission> or <uses-permission-sdk-23>? I've seen both in examples that I've tracked down but I'm not clear on the distinction.
The reason I ask is that if I omit giving permission in the manifest, this line of my code inevitably yields true:
if (ContextCompat.checkSelfPermission(this,
Manifest.permission.READ_PHONE_STATE)
!= PackageManager.PERMISSION_GRANTED)
That puzzles me because if I put the permission in the manifest, it doesn't seem to check any further; it seems to me that this effectively gives the permission at install time without even asking the user if it's okay, which is the exact opposite of actually asking them at run time.
One more question in this vein, then I'll wait for some answers. With luck, your answers mean I won't have to ask any further questions on permissions ;-)
The other thing that is puzzling me is this line:
if (ActivityCompat.shouldShowRequestPermissionRationale(this,
Manifest.permission.READ_PHONE_STATE)
How is this method finding out whether to return true or false? I can't find anything in the documentation that makes this clear. Do I need to explicitly call some other method to say, yes, I want to provide rationales or is that yes or no being set elsewhere by some other process? I can picture this method always returning Yes just to force developers to be polite and explain why they want permission but I can also picture it being set "under the covers" by Android on the basis of something in the manifest or in Gradle somewhere too. In any case, it always seems to return TRUE in my testing but I'd like to know if I can count on that or if that is just a lucky coincidence so far?
Sorry for the long post; I'll try to be shorter in future