I wrote a code that request an AuthToken from the account manager, using the getAuthToken(). On the first time - the user needs to \"Allow\" the authentication, but later on the
I've found that when you remove and re-add the account, then the permission is revoked, and you have to allow it again.
That's the easiest way i've found, I'm marking this as the answer unless I'll get a better one.
I tried using reflexion (for testing purposes only). Unfortunately, it throws a SecurityException because Android checks that the caller is a System app...
For reference, here is the code:
/**
* Revoke the fact that current app is allowed to retrieve an authToken for an account.
* @param accountName The account whose permissions are being revoked
* @param context current context
* @return true if revoked successfully, false otherwise
*/
public static boolean revokeAppPermission(String accountName, Context context) {
if (accountName == null) {
Log.w(TAG, "revokeAppPermission: abort, account missing.");
return false;
}
AccountManager accountManager = AccountManager.get(context);
Account[] accounts = accountManager.getAccounts();
Account accountToRevoke = null;
for (Account account : accounts) {
if (accountName.equals(account.name)) {
accountToRevoke = account;
break;
}
}
if (accountToRevoke == null) {
Log.w(TAG, "revokeAppPermission: abort, no account found.");
return false;
}
try {
// public void updateAppPermission(Account account, String authTokenType, int uid, boolean value) {
Method updateAppPermissionMethod = AccountManager.class.getDeclaredMethod("updateAppPermission",
Account.class, String.class, int.class, boolean.class);
updateAppPermissionMethod.setAccessible(true);
updateAppPermissionMethod.invoke(accountManager, // Instance to invoke the method on
accountToRevoke, // account
"oauth2:https://www.googleapis.com/auth/somegoogleservice", // authTokenType
context.getApplicationInfo().uid, // uid
false); // false to revoke
} catch (Exception e) {
Log.w(TAG, "revokeAppPermission: Failed:" + e.getMessage());
e.printStackTrace();
return false;
}
return true;
}
You might need to do a full uninstall/reinstall to in effect revoke it. Also, if you are using a specific sharedUserId, you can change the sharedUserId after you uninstall so it looks like a different account. Finally, you can sign it with a different cert. That's what I've been able to get away with, but a clean API to revoke (or even just an Activity) would be nice.