In the past month, we’ve been focusing Corona daily builds on lots of small details, and in particular, what I call invisible issues. These are the kinds of things issues that don’t make sense to address in the short-term, but are vital to the long-term health of the platform.

One such invisible issue has been Android permissions, or more precisely, the default permissions. In the past, we used to turn on several default permissions on by default:

  • INTERNET
  • READ_PHONE_STATE
  • ACCESS_NETWORK_STATE

However, this meant we were imposing certain permissions for apps that didn’t need them. And many app store reviews would unfairly penalize apps in those cases.

To remedy this, we’ve been wanting to get rid of these defaults. In fact we’ve been wanting to get rid of them for awhile, but as we looked into this more deeply, we realized this was quite a big issue to tackle — if we were to do this correctly.

Well, I’m happy to report that we have finally powered through this and starting in daily build 1030, the default permissions are gone!

Alert that comes up when an API is requires a permission that has not been requestedNow, we could have taken the naive approach. That would have meant just removing permissions and letting you figure out what permissions to add back in. However, this has serious drawbacks. For example, if your app made a web API call and didn’t have the INTERNET permission set, it would crash and you’d be left wondering why.

So in true Corona Labs fashion, we wanted to give you more control while also preserving the experience of using Corona. That meant going through API by API and seeing which APIs were affected by these permission changes.

Now when you use an API and forget to set a permission, we trap the OS-generated exception before it kills the app. We then throw an alert up, like the one shown here, informing you of which permission is missing. That kind of feedback makes your life incredibly easy because you know exactly what went wrong.

In practice, this means you’ll need to pay more attention to the permissions you list in build.settings, as certain APIs will require Android permissions to function properly. In addition, if you use certain 3rd party services, you may be implicitly using permissions. In our samples, we try to show you which ones are needed and why.

For example, if you need to make a web API call, you would need to add the INTERNET permission:

settings =
{
android =
{
usesPermissions =
{
"android.permission.INTERNET",
},
},
}

We’ve updated the build.settings files in all our sample code to properly show you how to do this and also updated the daily build API documentation. The following events, libraries, library functions, and object methods are affected:

  • heading events
  • location events
  • ads library
  • analytics library
  • display.capture()
  • display.captureBounds()
  • display.captureScreen()
  • facebook library
  • gameNetwork library
  • media.newRecording()
  • media.playVideo()
  • media.save()
  • media.show()
  • native.newMapView()
  • native.newWebView()
  • native.showWebPopup()
  • network.download()
  • network.request()
  • socket library
  • store.init()
  • system.getInfo()
  • system.scheduleNotification()
  • system.vibrate()
  • mapView:getUserLocation()
  • mapView.isLocationVisible()
  • recording:startRecording()
  • webView:request()
  1. That’s cool. But why don’t you take it a step further — if my app uses a web API call, then why doesn’t Corona SDK turn that permission on for me?

    Not trying to give you more work, just wondering… ;)

    Jay

    • Cool idea, but Corona wouldn’t know, for example, if some point later on in the course of using the app, there’s a code execution point that makes a permission’d API call like system.vibrate(). At the very least, it’s a very very hard problem. I think it may actually be impossible in the general case, but you’ll have to ask some CS theory prof :)

      • I guess I was thinking more along the lines of Corona seeing this in the source code (when it compiles):

        native.newWebView()

        …and then knowing which permissions are needed in order to make that work and adding it to build.settings.

        Since I already do some preprocessing in Outlaw (Corona Project Manager) I may be able to add something like that, but if there’s coding that needs to be done and I can convince YOU guys to do it instead of me, I count that as a win. ;)

        Jay

        • You can do a simple string scan to look for “native.newWebView()”, but that will not work, because you can easily do: “local n = native; n.newWebView()”, or “native = 1; native.newWebView()”, which means that you have to evaluate code to figure out what points to what.

          Once you try to evaluate code, you run into the problem that this is all dynamically typed, so the scope you are executing in has an effect on your results. And then there is the “stopping problem”, meaning that you cannot determine if arbitrary code actually gets executed or not.

          So, in the general case you cannot determine it. But for most users, and inexperienced users in particular, it would probably help a lot if you just do the string scan, and assume that all code is executed.

          On topic: super work there!

          Now we just need something similar to opt-in for the OpenFeint, Inneractive, AdMobi, Zong, etc. libraries so the Ad-scanners do not flag Corona built apps. With that , I may actually be able to post the .apk directly from Corona :).

  2. I agree with you Walter.

    If you look at all the major lang’s Java, C++, C# you have to include the namespaces and libs in the files and projects for compilation.

    You may be able to use a Pre-compiler but thats even more of a pain.

    Thanks for the update… To bad i uploaded my app 10 min before I saw this update.

    I’ll have to redo again :)

    Larry

  3. It is a good improvement, in particularly it also impacts on the libraries. Take Android app compiled by Corona SDK for example, some people does not use the adknowledge, flurry, inmobi, openfeint, zong and so on. Could these libraries be removed automatically? I am sure when these libraries are removed, the size is greatly reduced.

  4. Just downloaded the latest build and tried to test out the inneractive example app on an Android device – and was met with that runtime error! It’s very helpful, but I guess not all build.settings have been updated yet.

  5. I am a university student. I have developed a game called “HighwayRun”(not yet published). I was pleading the university for the purchase of the Corona SDK liscense. And they were taking it very unserious, keeping my aap on hold :(. Now that they have purchased the liscense recently i am very glad to hear about this new build. :P Thankyou coronalabs. :)

  6. Your comments on the camera have me a little discouraged, just when I was ready to make the plunge. Do you know how this camera compares to the SGS4?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>