Non-Default SMS Apps In KitKat Can Still Write To The SMS Database Using A Switch In App Ops (No Root Required)
First, we heard that KitKat would bring some changes to the API, breaking many of the SMS apps we've come to rely on. On the day KitKat was released, we were given a more full explanation, shining some light on the technical details and exactly what types of apps would be affected. But did anybody really think this was the end of the story? It turns out that a hidden permission exists which can still grant non-default apps the right to modify the SMS database just like they used to - no rooting required.
The discovery was made by XDA Senior Member Stefano Picciolo (a.k.a. stepic) while digging through the Android 4.4 source code. This new permission isn't a part of the conventional system we've used since the burgeoning days of Android, but it's stowed away in the still semi-hidden App Ops interface. Named OP_WRITE_SMS, this permission is disabled by default and must be granted by the user manually. Of course, this means developers will have to explain to users how to enable the functionality and why it's needed. Yup, that's a good thing.
With this capability, users don't have to give up on having multiple fully-functioning SMS apps and cloud-synced messages, they just have to decide which ones are allowed to modify the database. Unfortunately, most backup and restore apps probably won't gain very much, since enabling OP_WRITE_SMS is more of a hassle than switching the default SMS app for a minute while they do their work, but there might be some exceptions.
As Picciolo points out, only one classic function remains unaccounted for. Within KitKat, there is still no way to completely prevent a message from being seen by other apps since the default SMS app is guaranteed to receive a notification. The ability to abort a new message broadcast is frequently used by anti-theft software to allow the owner access to coordinates and other data on a phone without tipping off a thief that the device is being tracked. Obviously, this could be abused by a malicious app, but making the user responsible for making the decision to enable such a permission seems like a reasonable countermeasure.
If you're a user looking to return your texting apps to their regular working order, there are a couple of ways to get to App Ops. The easiest method is to simply install one of the many apps in the Play Store that simply open the screen. Once you're in, swipe over to the Messaging tab, find the app, and enable Write SMS/MMS. If an app isn't an option for any reason, hooking up to a computer and running this rather lengthy adb command will work in a pinch.
adb shell am start -n com.android.settings/com.android.settings.Settings -e :android:show_fragment com.android.settings.applications.AppOpsSummary --activity-clear-task --activity-exclude-from-recents
Since good developers should probably make things as easy as possible for their users, I'm including a handy snippet of code to put in your apps that will open App Ops for the user. Ideally, there should also be an explanation of why users would want to do this and instructions on what exactly to do once they are looking at the App Ops screen. This snippet has been tested on Android 4.3 through the recently released 4.4.1, but there are no promises about future versions.
Update: Sorry, this code stopped working with Android 4.4.2.
Intent intent = new Intent(); intent.setClassName("com.android.settings", "com.android.settings.Settings"); intent.setAction(Intent.ACTION_MAIN); intent.addCategory(Intent.CATEGORY_DEFAULT); intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS); intent.putExtra(":android:show_fragment", "com.android.settings.applications.AppOpsSummary"); startActivity(intent);
Well, there you have it. We've got most of the original functionality back for SMS apps, it just requires the user to make an actual security decision, which seems like a good thing. This is evidence that App Ops can be a really important feature for advanced users, as it allows us to make more decisions about what apps should be allowed to do. Now, if App Ops would just become more streamlined and user-facing in future updates, we'll be set.