Created a test app using Eclipse to get the
authToken from one of my google e-mail accounts on my device.
Executing this prompted me with the allow access dialog where i press allow access:
accountManager.getAuthToken(account,"oauth2:https://www.googleapis.com/auth/userinfo.profile", false, new GetAuthTokenCallback(), null);
I wanted to create a chooser dialog that works from API8 and up where the user can choose
what google account he allow me to access. To do this i have to revoke the permission to see the screen again.
should i see my test app on this page or not?
Authorized Access to your Google Account
I have search for a way to revoke the permission and non is working..
Only thing working is to create a new app project.
Using the Google Play service GCM and this is working ok
Regarding the “Authorized Access to your Google Account” page, you will not see your app there as this permission is a device local permission stored in a database on the phone.
It does not seem like it is possible to revoke this permission in an easy way. I’ve been able to find a couple of ways to be able to trigger the dialog again, but none are ideal. In some of these solutions it’s not the exact same dialog that is shown, but it might be close enough for testing purposes depending on what you want to do:
- Do a factory reset of the phone.
- Create a new minimal test app and configure both apps to share the same UID. This means that both apps will be granted the same permissions and the dialog will be shown again to let the user allow your second app access as well.
- Add an additional scope to the token type (e.g. change oauth2:https://www.googleapis.com/auth/userinfo.profile to oauth2:https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email). Since you are asking for additional permissions the dialog will be shown again.
- Given that you have root access to your phone delete the table
grantsfrom the database /data/system/accounts.db which is where the granted permissions are stored as explained in How do you force AccountManager to show the "Access Request" screen after a user has already allowed access?
getAuthToken method keeps track of if access has been granted or not using the UID of the application. So if you are able to somehow force Android to give your app a new UID or to force it to clear the database of given grants the dialog should be shown again. Here are some solutions that others say work for them but that doesn’t work for me (maybe it depends on which phone you use?):
- Uninstall the app and restart the device (as you say)
- Remove and re-add the google account (mentioned in Revoke account permission for an app)
- Sign the app with a different certificate (also mentioned in Revoke account permission for an app)
There are two cases that you must consider:
- Server Side Authorization
- Android Account Manager (Device side) Authorization
Server Side revocation for Google Accounts can be done at: https://accounts.google.com/IssuedAuthSubTokens
You just have to login with the corresponding google account and choose to revoke the App/Website
If on your android device you are presented with a screen saying something like: “Application wants to access your Google Account….Allow/Deny? ” then this is an Account Manager type authorization where you need to modify the sqlite3 database on your phone in order to revoke the application (not as trivial as the Case 1 and this requires root accessed to your phone):
i. First copy off the database and journal file (accounts.db and accounts.db-journal) to another location (eg: on your SDcard or to a computer). The database files can be found in this directory on your android device:
ii. You now need a sqlite3 editor. I used Sqlite Debugger from the Google Play Store. Alternatively you can use an sqlite3 binaries from http://www.sqlite.org/download.html and do this on a Computer.
iii. You know need to use the editor to remove certain entries in the “extras” table of the accounts.db database. You might want to take a quick tutorial on sqlite commands but here are some examples and “Sqlite Debugger” makes this a easy learn:
First open the accounts.db file in the editor
To list all rows in table “extras” you could use the following command:
SELECT * from extras
A better idea would be to only list rows in table “extras” which correspond to the application which you would like to revoke. For example if “com.someapp” is the name of your App you could use the following command:
SELECT * from extras WHERE key like '%com.someapp%'
You should get some output similar to this:
id|accountsid|key|value 10|1|perm.xxxxxxxxxxxxxxxxxxxxxxxxxxx.oauth2:https://google.com/|1 11|1|EXP:xxxxxxxxxxxxxxxxxxxxxxxxxxxx.oauth2:https://google.com/|xxxxxxx
Make a note of the id numbers you want to delete from the above output (i.e. the rows corresponding to the App you want to revoke) and then use the following commands to delete those rows:
DELETE from extras where _id = 10 DELETE from extras where _id = 11
Copy back the database and journal file to its original location. Make sure you set the permissions and ownership back to the original. read/write for owner and group only and owner and group owners are both “system”. This operation will require root access!
Restart your device and you should have revoked the permission for the App. You could test this by asking the app to request Authorization again. If you are presented with the screen asking you to Authorize the app (“Application wants to access your Google Account….Allow/Deny?) then you have successfully revoked the app.
Uninstalling and restarting the device was the answer.
I had to give it some time before restarting.
Update..Have to say this only works sometimes.