p4a doesn't handle runtime permissions

[inclement]

Probably we need some code for this, and maybe an api to make it simple to use.

[brentpicasso]

Google play now increased the minimum API version, which requires the app to request runtime permissions for all new google play installations. It would seem this feature's priority should be raised as a result, as any new app install would need to do this for it's needed permissions.

[zworkb]

I have struggled through this using pyjnius and posted the solution on stackoverflow which does it for me now.

perhaps the best would be a general solution by adding the java version of this function into PythonActivity.java, there we could implement it without polling. I would be willing to help there.

[inclement]

@zworkb Nice work!

[ghost]

Unless the support library is useful for lots of other things, maybe it would be a better idea to not use it? (since it will just further add on top of the complicated combinations of things to install to be able to build)

With reflection, apparently the permission dialog can be triggered without using it: https://codemammoth.blogspot.com/2016/06/how-to-invoke-checkselfpermission.html so that might be an interesting approach when adding it to the PythonActivity.java that could be preferable to depending on the support library

[brentpicasso]

Nice job @zworkb.

Good point @Jonast . How would this look in PythonActivity - would we scan all of the permissions set in the manifest and then trigger a permission request automatically?

[ghost]

No IMHO that's a bad idea. The user expects the permission request to happen exactly when an action was actually prompted that needs it - otherwise, it seems like a malicious app that wants unrestricted permissions of everything right at launch to mess your phone up. (Exactly why Google introduced this system)

p4a would need to add API calls for each permission type for the app to consciously request these at runtime, and return True/False depending on whether the user gave permission. For a phone that has an older API without checkSelfPermission() being present, those calls should ideally just return True.

Also it would be good to make sure the functions in PythonActivity are thread-safe and don't access global state, because checkSelfPermission is blocking (for the duration of the popup dialog being visible, if I understand google's documentation correctly) and some apps may want to call them from a side thread to keep some sort of action (e.g. network connections) running. Please note this also means the GIL should be released while PythonActivity is in this function

[ghost]

This is now a blocker for the SDL2 update, see #1528 . I could take a look at this, but I am really looking for some input - like, where should the final end user API be? plyer seems like a good place, but then it would be a requirement for all kivy apps. Is that what we want?

Another approach would be to try to detect this on sd card access and implicitly query it with the first blocked access. However, would that break apps who don't expect a random blocking dialog in between? Also, is it feasible to do technically? (My first idea to do this would be to wrap open() with a monkey-patch in start.c, but I'm not sure that catches all relevant corner cases - and an explicit query API seems like a more intuitive approach to me)

[ghost]

This is now part of the SDL2 update, see #1528 😄 😄

[brentpicasso]

Nice job, you have saved us all!

Is this a generalized approach that deals with any 'high risk' permission, or just addresses SD card access?

[ghost]

@brentpicasso it can be trivially expanded for other permissions, for now I put in external storage read & write.

[ghost]

@brentpicasso I've changed it now such that permissions can be trivially added in the android module itself without touching the Java part. I'm thinking of dumping most of the currently known ones in there to start with since why not, so that would mean that pretty much all permissions available should work right from the start (contacts, send sms, access status bar, all that stuff...) unless there's some caveat I'm not aware of - you never know I guess

The main thing still holding me back is just the windowed mode being broken: https://discourse.libsdl.org/t/search-for-workaround-for-broken-windowed-mode-on-android/25467/2

If I get that worked out I'm done, and all that remains is to make kivy store its config in a proper location such that it doesn't instant-crash when used with this ( kivy/kivy#4777 )

[brentpicasso]

Great, thanks for the update. When I get back to this topic, I'll take a look at it.

-Brent

[ghost]

This is now implemented with on master with #1528 merged, even though the callback mechanism probably would still be worth adding at some point.

The functionality is documented here:

https://github.com/kivy/python-for-android/blob/master/doc/source/apis.rst#runtime-permissions

[brentpicasso]

Fantastic. Looks great and thanks for implementing this! 👍

[gbm001]

#1818

does a (bit of a hacky) way of doing the callback?

[GaspHard]

This does not quite work. When i run the app i indeed get the permission pop ups. However as soon as i grant the last permission, the app closes and i need to run it again. So every time i open the app for the first time, i actually need to open it twice.

[inclement]

@DerRiedi Please post a minimal runnable example on the kivy mailing list or discord channel, along with the logcat output at the time that this happens. It sounds like it's as likely as anything else that your app is simply crashing due to some python error.