I applied for an excemption for Alchemy, but this wasn't granted. This is understandable I think - Android security has a lot of issues, and excess permissions is definitely one of them - Alchemy is a good citizen and only interacts with a single SMS number, but a malicious applicaiton could easily use the same permissions for nefarious purposes.
Without an exemption, there was no choice but to update Alchemy to avoid using SmsManager. This meant instead requesting an existing SMS app to send the donation SMS instead - via an intent. It took me some time to find out exactly how to do this, but the code required to pre-populate an SMS for a user to send is
Uri uri = Uri.parse("smsto:" + charity.getNumber()); Intent intent = new Intent(Intent.ACTION_SENDTO, uri); intent.setData(uri); intent.putExtra("address", charity.getNumber()); intent.putExtra("sms_body", keyword); intent.putExtra("exit_on_sent", true); if (intent.resolveActivity(getPackageManager()) != null) { startActivityForResult(intent, 1); donationViewModel.recordDonation(this.donations, charity.getName(), smsKeywordToDonation(charity.getCost(keyword))); } else { Toast.makeText(this, "No SMS provider found", Toast.LENGTH_SHORT).show(); }
The full code can be found on Github. Note that, unfortunately, SMS applications generally do not seem to respect the "exit on sent" request, so the user must navigate back manually. A bonus for this change is that Alchemy now doesn't require any additional permissions from the user. Previous donations must now be stored in Alchemy itself, instead of using SMS history. This may cause some loss of data in the migration, but should result in more robust behaviour from now on.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.