search

cbeyls / fosdem-companion-android

FOSDEM Companion for Android
Apache License 2.0
136 stars 93 forks source link

Fatal crash - permission is not requested at runtime when downloading slides to external storage #58

Closed tingsu closed 4 years ago

tingsu commented 4 years ago

First, Nice app! I knew fosdem was over. But I found an issue below.

This issue was found in the latest released version (v 2.0.1) and a previous released version (v 1.6.2). The issue was reproduciable on an Google Pixel 3 phone (Android 9.0) and an Android emulator 6.0 device.

I investigated this issue (see this StackOverflow post). It seems was triggered by the permission granting issue from fosdem, although the crash stack is not thrown from fosdem itself.

Reproducing video

20200404_104123

Crash stack

 java.lang.SecurityException: No permission to write to /storage/emulated/0/Download/seccomp-FOSDEM2020.pdf: Neither user 10020 nor current process has android.permission.WRITE_EXTERNAL_STORAGE.
    at android.os.Parcel.readException(Parcel.java:1599)
    at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:183)
    at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:135)
    at android.content.ContentProviderProxy.insert(ContentProviderNative.java:476)
    at android.content.ContentResolver.insert(ContentResolver.java:1231)
    at android.app.DownloadManager.enqueue(DownloadManager.java:946)
    at com.android.browser.DownloadHandler$1.run(DownloadHandler.java:233)
tingsu commented 4 years ago

Any update on this issue? Thanks.

cbeyls commented 4 years ago

Hello, as far as I can tell this crash is not caused by the FOSDEM app.

The problem is that the Android browser doesn't request the permission to write to external storage as it should. Most browsers do it properly. The only thing the FOSDEM app does here is launch an Intent with ACTION_VIEW and a web URL. A browser app installed on the device chooses to reply to that action. The fact that the browser app decides to download the file and write it to external storage is the browser's responsibility, so it's also its responsibility to request that permission.

If the app had sent an action to open a local file (stored in the external storage or generated by the app itself), then yes the app should grant a temporary read permission to that URL and store it in the Intent. That's what happens when you export the bookmarks file. But this is a completely different case.

tingsu commented 4 years ago

Okay, thanks a lot for your detailed explanation. Then, this issue is caused by the browser.