views:

122

answers:

2

Hello,

While developing a Launcher (Homescreen) application for Android, I've come into a security exception I don't understand.

  • When calling the [bindAppWidgetId()][1] method from within my Launcher Activity, I get this security exception :

08-19 11:30:11.689: ERROR/AndroidRuntime(6032): java.lang.SecurityException: bindGagetId appWidgetId=99 provider=ComponentInfo{com.android.music/com.android.music.MediaAppWidgetProvider}: User 10034 does not have android.permission.BIND_APPWIDGET.

I first thought I had forgotten the BIND_APPWIDGET permission in my manifest, but it is definitely there.

The android api documentation states this :

"You need the APPWIDGET_LIST permission. This method is to be used by the AppWidget picker."

I tried to add the permission android.permission.APPWIDGET_LIST, but it doesn't solve the issue.

Also, I've looked at the manifest of the Settings application from the android sources that contains the AppWidgetPickActivity code : there's a special line that asks to share user id :

"android:sharedUserId="android.uid.system"

Could it be related to my problem ?

If anyone has an idea that would be great !

Cheers, Laurent

A: 

A quick Google search reveals that android.permission.APPWIDGET_LIST is a usable permission, even though it's not listed in the API docs.

Matt
Thanks Matt, but I had already added this one in my Manifest.Alas it doesn't solve my security issue ... the problem remains.
grattemedi
By the way, could you cite the sources that state it's a usable permission ?
grattemedi
Absolutely: http://www.androidzoom.com/android_applications/tools/open-gesture-pro_ktz.htmlSorry for the late response.
Matt
I'm sorry but I don't see how this can be related to the topic ...
grattemedi
in the Permissions tab, it lists android.permission.APPWIDGET_LIST.
Matt
+1  A: 

I've found an answer!

BindAppWidgetId() is deliberately not available to applications! (security problems).

"The android.permission.BIND_APPWIDGET permission is a system permission. You can only get that permission if your package is installed as a system package (installed in /system/app in stead of /data/app) or sign you app with a certificate that's the same as your android image. So basicly this means you can only use this permission if you are also the creator of the android image on your platform/phone."

Here are the links to this information :

http://groups.google.com/group/android-developers/browse_thread/thread/231245ba6d1e690f/047b9d3f776d7e54?lnk=gst&q=bindAppWidgetId#047b9d3f776d7e54

http://groups.google.com/group/android-developers/browse_thread/thread/f24e0f484a79d529/ef84188e8533a125?lnk=gst&q=bindAppWidgetId#ef84188e8533a125

grattemedi