Order of installing the application is changing the behaviour?

Question

I have three applications: University, Student, Staff.

University is the Main application. Student and Staff are provider application.

University is having the permission to access the info from this provider applications.

I installed the apk in following order student, staff and University. this is working fine

But if i install in the order University, student and staff.

In this case University is crashed and the error is "access permission is denied".

Why this is happening even if we have proper permission? Why the provider installed later is not accessible by main application?

    01-29 16:49:48.257: E/AndroidRuntime(2622): Caused by: java.lang.SecurityException: 
Permission Denial: opening provider com.content.StudentProvider
from ProcessRecord{b4849ad0 2622:com.example.University/u0a44} (pid=2622, uid=10044) 
requires com.content.READ or com.content.WRITE
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.os.Parcel.readException(Parcel.java:1425)
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.os.Parcel.readException(Parcel.java:1379)
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.app.ActivityManagerProxy.getContentProvider(ActivityManagerNative.java:2354)
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.app.ActivityThread.acquireProvider(ActivityThread.java:4219)
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.app.ContextImpl$ApplicationContentResolver.acquireUnstableProvider(ContextImpl.java:1703)
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:1099)
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.content.ContentResolver.query(ContentResolver.java:354)
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.content.CursorLoader.loadInBackground(CursorLoader.java:65)
01-29 16:49:48.257: E/AndroidRuntime(2622):     at android.content.CursorLoader.loadInBackground(CursorLoader.java:43)

Provider - Student - Manifest

 <permission android:description="@string/readPermissionDescription" 
    android:name="com.content.student.READ" android:protectionLevel="normal"></permission>

    <permission android:description="@string/writePermissionDescription" 
    android:name="com.content.student.WRITE" android:protectionLevel="dangerous"></permission>

    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>

    <application
        android:icon="@drawable/ic_launcher"
        android:label="@string/app_name"
        android:theme="@style/AppTheme" >
        <provider
            android:name=".StudentProvider"
            android:authorities="com.content.student"
            android:readPermission="com.content.student.READ"
            android:writePermission="com.content.student.WRITE" >
        </provider>
    </application>

University - Manifest

 <uses-permission android:name="com.content.student.READ" />
    <uses-permission android:name="com.content.student.WRITE" />

Thank you. If you can also post your manifest (at least the providers part) — Milos Cuculovic, Jan 29 '13 at 11:34
As @CommonsWare tells in his answer, you have to set the permissions in all your apps (Provider - Student - University), not only in University. I haven't tested that bus seems logical. — Milos Cuculovic, Jan 29 '13 at 14:43

score 6 · Accepted Answer · answered Jan 29 '13 at 14:38

6

Why this is happening even if we have proper permission?

Because they were installed in the wrong order.

Why the provider installed later is not accessible by main application?

Because the permission did not exist when the main application was installed.

The solution is to define the same permissions in all three APK files.

Also, unless you plan on third party apps being able to use this content provider, please use signature-level permissions, not normal or dangerous.

answered Jan 29 '13 at 14:38

CommonsWare

986,068
189
2,389
2,491

"Because the permission did not exist when the main application was installed" ..it won't update this if the provider is installed later? and all apk files are having the same permission. – Muthuraj Jan 30 '13 at 05:13
5

@Muthuraj: "it won't update this if the provider is installed later?" -- no. If the permission was missing at the time of installation, it is silently ignored and will not be fixed by installing an app that defines the permission. It is possible that the permission will be fixed on the next upgrade of the original app, and it definitely is fixed on an uninstall/reinstall. Defining the permission the same in all of your apps avoids this problem. – CommonsWare Jan 30 '13 at 13:20
1

For both apps to publish the same permissions, both apps need to be signed with the same key, otherwise the second app cannot be installed. This seems a little crazy to me, but I guess a reminiscence of how the Android permissions system works. – Nick Wright Oct 31 '18 at 10:35
After adding the permission in the consuming app, I am getting this error -The application could not be installed: INSTALL_FAILED_DUPLICATE_PERMISSION can anyone help please? – tronku Jul 11 '21 at 17:55
@tronku: That sounds like you have two apps, each defining the same ``, but the apps are signed with different signing keys. – CommonsWare Jul 11 '21 at 18:16
they are not signed at all, currently testing it on debug apps – tronku Jul 12 '21 at 04:43
@tronku: "they are not signed at all" -- yes, they are. Otherwise, they cannot be installed. Android only installs signed APKs. "currently testing it on debug apps" -- presumably, this means that they are signed by the debug signing key. The build tools create a debug signing key for you when you first use them on a development machine. However, those keys are unique per developer. So, if your two APKs are being developed on different machines, they will be signed by different keys. You would need to have both machines share a common `debug.keystore` to avoid this. – CommonsWare Jul 12 '21 at 10:48
@CommonsWare is there any way to solve this if 2 core apps are already published with different permissions? (earlier there was no problem since only one app used to depend on another, not both ways). But now I have requirements both core apps should be able to access each other content provider. I can't just publish both core apps with the same permission now since there are other apps and android framework already consuming content providers. – Suyash Chavan Oct 01 '21 at 06:25
@SuyashChavan: I do not really have a solution for you, sorry! – CommonsWare Oct 01 '21 at 11:03
@CommonsWare I am thinking of granting required permissions of URIs for app B to access app A content provider when app A is launched to app B package id. Also maintaining it at firebase level config for changing it in future (independent of app A release) – Suyash Chavan Oct 01 '21 at 18:18

Order of installing the application is changing the behaviour?

1 Answers1

Linked