Android Normal, Signature and Dangerous Permission
Android Permission. An Android application lives inside a sandbox, which is a closed environment in which the app operates in a substantially isolated manner from the rest of the system. Sometimes, however, In Android App Development, it may be necessary for it to “get out” of this cage to access information, features or hardware of the device. In order for the Android app to access these services, it must have some special “permissions” – so-called Android permissions – that must be explicitly declared in the AndroidManifest.xml file. Each permission is declared by the tag
<uses-permission>, to be placed outside the node
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="...." > <uses-permission android:name="android.permission.INTERNET" /> <application> ... ... </application> ... </manifest>
Once this has been done, the operating system will know what special activities the android app will have to perform, and will be able to give you permission to perform them. In fact, before installing the app, the user is always notified of the permissions requested by the app: if he agrees to install it, he accepts that his operating system grants these “special” permissions to the app.
Types of Android Permission
The Android permissions are divided into two large families:
- Normal Permission
- Signature Permission
- Dangerous permission
normal permissions provide the application that requests them, data or resources outside of its own sandbox (computer term used to define the “action” space dedicated to the application) and which pose a minimum risk to the user’s privacy or to the correct functioning of the other applications.
An example: the permissions to change the device timezone. For simplicity, normal permissions are already provided to applications from the Android system. Therefore there is nothing to worry about. Normal permission, which does not put the user’s privacy at risk, among which we find:
Access to the Network (
android.permission.INTERNET, checks the status of the network (
android.permission.ACCESS_NETWORK_STATE) and access to information on Wi-Fi networks (
access to particular technologies for connectivity :
sending an Intent for setting an alarm :
vibration management (
android.permission.VIBRATE) or WaveLock for stand-by control (
many others: a complete list is available on the official documentation.
Signature Protection Level
The system grants these app permissions at install time, but only when the app that attempts to use a permission is signed by the same certificate as the app that defines the permission.
On the contrary, dangerous permissions cover areas where applications need data or resources that undermine user privacy, data saved in memory or the correct functioning of other applications. Take for example the permission that allows you to read users’ Contacts: a malicious application could delete all your contacts or worse, collect them on its servers.
And here is the list of dangerous permissions, which you will have to grant to android applications :
All permits are categorized into 9 groups.
- Microphone (Microphone)
- Sensors (Body sensor)
- SMS (SMS)
- Memory (Storage)
Their grouping allows the user to enable multiple permissions in one action. For example, if you enable access to Contacts to an application, it will have both options to access/read and edit your contacts.
Let’s see in detail each group and the permissions that belong to it:
- Calendar, calendar management:
- READ_CALENDAR: it is the specific permission to read user data on the calendar (events, birthdays)
- WRITE_CALENDAR: is the specific permission to create events (or other) on the user’s calendar
- Camera, whose permission is CAMERA, which allows taking photos and recording videos from all the cameras of the device;
- Contacts, relative group used for managing contacts:
- READ_CONTACTS: is the specific permission to be able to read all the user’s contacts on the device
- WRITE_CONTACTS: allows you to create or edit user contacts
- GET_ACCOUNTS: allows access to the list of accounts on the device (by account, we mean Twitter, Facebook and any other application that uses the Android account management system)
- Localization, which concerns the location of the device:
- ACCESS_FINE_LOCATION: allows the application to access the precise position of the device
- ACCESS_COARSE_LOCATION: allows the application to access the approximate location of the device
- Microphone, whose permission is RECORD_AUDIO which allows you to record audio from the device;
- Telephone, which groups permissions to make or manage calls :
- READ_PHONE_STATE / READ_PHONE_NUMBERS: are the permissions that allow you to access information relating to your phone (for example, make and model) and also to the number associated with the device, as well as the status of calls and information on the network (cellular) to which you are connected, needless to say, they are quite interesting data
- CALL_PHONE / ANSWER_PHONE_CALLS: allow you to launch and manage calls, without going through the default application
- READ_CALL_LOG and WRITE_CALL_LOG: are the permissions that allow an application to read the logs of your calls and modify the logs themselves
- ADD_VOICEMAIL: allows the application to add voice messages
- USE_SIP: allows the application to use SIP services, for example, make a video call via the internet
- PROCESS_OUTGOING_CALLS: the application will have the possibility to see the number you are calling with the option to redirect the call to a different number or even cancel the call
- Sensors, or BODY_SENSORS, is the permission that allows access to the data measured by the relative sensors (for example, the heartbeat); know that NOT all devices have these sensors!
- SMS or if you really want, access to your messages :
- SEND_SMS and RECEIVE_SMS: simply the permissions that guarantee the reception and sending of messages
- READ_SMS: the ability of an application to read the content of the message
- RECEIVE_WAP_PUSH: who has never received wallpapers, ringtones and games via WAP when Nokia was the undisputed leader? Well this service, even if little used, still exists, but you can simply not guarantee it to an app that will request you
- RECEIVE_MMS: with this permission, an application can monitor the MMS that received
- Memory of your phone, then space where all your data visible to all apps are saved :
- READ_EXTERNAL_STORAGE: the application can read (then recover) the data present in the memory of your phone (photos and all the folders present, created by the other applications); know that each application has a part of internal memory that is dedicated to it (sandbox), where only the application itself can access it and external (public) memory that is available to all applications. This permission only applies to external storage
- WRITE_EXTERNAL_STORAGE: if declared, the application will be able to both read (see point above) and write to external (public) memory. If you notice, all the major file managers require these permissions to provide you with a list of your contents. In case you have ROOT your phone, you will expose your data even more, as the internal memory will be exposed to apps that normally do not have access to it.
Android 6: New permission management
Permission management has changed radically in Android 6 (ie from API version 23). Starting from this version, in fact, permission dangerous must be accepted by the user upon first use and this permission can be revoked at any time by accessing the app settings. This results in a more flexible and more protective regime for managing critical activities against the user, but which requires developers to manage exceptions more accurately.
What changes in terms of design is that the app, in perspective, could have more behaviors: one in which all dangerous permissions have been granted by the user, others in which one or more of them have been denied or revoked. The app, on the other hand, should be able to work properly in all cases, if anything by disabling the features that require denied permissions. To develop modern apps, therefore, it is necessary to manage permissions at runtime, verifying whether they are revoked or not, as well as requiring the user to enable them.
We are sorry that this lesson was not useful for you!
Let us improve this lesson!
Tell us how we can improve this lesson?