Permissions in Android

Tram Ho

What are Permissions?

Permissions is a permission or ability granted by Android to an app to allow access to restricted system APIs (Application Programming Interface) such as Camera, Bluetooth, GPS, etc.

Why need the Permissions?

Android provides a unique ID for each application installed on an Android device which allows the system to resolve conflicts between different processes while they are running. Each application runs in its own allocated process and that makes Android a multi-process system, where more than one application can run at the same time and try to access the same system resources. To avoid conflicts when accessing system resources, permissions are used to lock the resource and access it during the run time of an application. When denying some permissions, the system will deny access to the resource associated with that session.

Permissions can be issued to an application by the Android system (Android system) or by another application signed with the same certificate.Permissions can be issued to an application by the Android system (Android system) or by another application signed with the same certificate.

Enforcing permissions

While the application is running (run-time), permissions can be enforced in several places, for example:

  • calling into the system.
  • starting an activity.
  • sending and receiving broadcasts.
  • accessing and manipulating a content provider.
  • binding to or starting a service.

Levels of Permission Protection

There are four different levels of permission protection:

  1. Normal
  2. Dangerous
  3. Signature
  4. Signature or System

Note: Signature or System has been Deprecated in API level 23.

(Refer: https://developer.android.com/guide/topics/manifest/permission-element)*

1 – Normal Permissions or Level-Zero Permissions

At this level, permissions are granted automatically without the user’s consent. The consequences of granting this level permission are small so it doesn’t cause any real damage to the user or the device.

Permissions are considered Normal, from API level 23:

  • ACCESS_LOCATION_EXTRA_COMMANDS
  • ACCESS_NETWORK_STATE
  • ACCESS_NOTIFICATION_POLICY
  • ACCESS_WIFI_STATE
  • BLUETOOTH
  • BLUETOOTH_ADMIN
  • BROADCAST_STICKY
  • CHANGE_NETWORK_STATE
  • CHANGE_WIFI_MULTICAST_STATE
  • CHANGE_WIFI_STATE
  • DISABLE_KEYGUARD
  • EXPAND_STATUS_BAR
  • GET_PACKAGE_SIZE
  • INSTALL SHORTCUT
  • INTERNET
  • KILL BACKGROUND_PROCESSES
  • MODIFY_AUDIO_SETTINGS
  • NFC
  • READ_SYNC_SETTINGS
  • READ_SYNC_STATS
  • RECEIVE BOOT_COMPLETED
  • REORDER_TASKS
  • REQUEST IGNORE_BATTERY_OPTIMIZATIONS
  • REQUEST_INSTALL_PACKAGES
  • SET ALARM
  • SET TIME_ZONE
  • SET WALLPAPER
  • SET WALLPAPER_HINTS
  • TRANSMIT_IR
  • UNINSTALL SHORTCUT
  • USE_FINGERPRINT
  • VIBRATE
  • WAKE_LOCK
  • WRITE SYNC_SETTINGS

2 – Dangerous Permissions or Level-one Permissions

Permissions at this level can cause real harm or damage to the user’s personal data, money, and device. Therefore, Android requires that the application request these permissions at runtime before performing any relevant operations.
If the user feels that this permission is necessary for the operation of the application, they will accept it or reject it if they consider it unnecessary. When denied, the application cannot perform this permission-related activity.

Permissions considered dangerous, from API level 23:

  • READ CALENDAR
  • WRITE CALENDAR
  • CAMERA
  • READ_CONTACTS
  • WRITE CONTACTS
  • GET ACCOUNTS
  • ACCESS_FINE_LOCATION
  • ACCESS_COARSE_LOCATION
  • RECORD_AUDIO
  • READ PHONE_STATE
  • CALL_PHONE
  • READ CALL LOG
  • WRITE_CALL_LOG
  • ADD_VOICEMAIL
  • USE SIP
  • PROCESS_OUTGOING_CALLS
  • BODY_SENSORS
  • SEND_SMS
  • RECEIVE_SMS
  • READ_SMS
  • RECEIVE_WAP_PUSH
  • RECEIVE_MMS
  • READ_EXTERNAL_STORAGE
  • WRITE_EXTERNAL_STORAGE

3 – Signature Permission or Level-two Permissions

The signature permission (Signature) is automatically granted to the application only if the requesting application is signed with the same certificate (certificate ) as the application declared the permission.

The following are examples of what is considered a Signature permission:

  • BIND_ACCESSIBILITY_SERVICE
  • ACCESS_INPUT_FLINGER
  • CRYPT_KEEPER
  • BIND TEXT_SERVICE
  • BIND_VPN_SERVICE
  • INSTALL_AS_USER
  • BIND WALLPAPER
  • MANAGE_MEDIA_PROJECTION
  • DELETE PACKAGES
  • ACCESS_NETWORK_CONDITIONS
  • REBOOT
  • BIND DREAM_SERVICE
  • ALLOW_ANY_CODEC_FOR_PLAYBACK
  • BIND_CONDITION_PROVIDER_SERVICE
  • BIND JOB_SERVICE
  • CONFIRM FULL BACKUP
  • ACCESS_ALL_PRINT_JOBS
  • ACCESS_BLUETOOTH_SHARE
  • C2D_MESSAGE
  • SEND DOWNLOAD_COMPLETED_INTENTS
  • BIND PRINT_SPOOLER_SERVICE
  • MODIFY_AUDIO_ROUTING
  • CAPTURE_SECURE_VIDEO_OUTPUT
  • ACCESS_KEYGUARD_SECURE_STORAGE
  • FILTER EVENTS
  • BIND REMOTE_DISPLAY
  • CAPTURE_TV_INPUT
  • SET ORIENTATION
  • MODIFY_NETWORK ACCOUNTING
  • REMOVE_DRM_CERTIFICATES
  • TV INPUT_HARDWARE
  • SET POINTER_SPEED
  • MOVE PACKAGE
  • CONFIGURE_WIFI DISPLAY
  • REQUEST_SUPERUSER
  • CALL_PRIVILEGED
  • BIND DEVICE_ADMIN
  • ACCESS_CONTENT_PROVIDERS_EXTERNALLY
  • PACKAGE_USAGE_STATS
  • PERFORM_CDMA_PROVISIONING
  • RETRIEVE_WINDOW_TOKEN
  • DELETE_CACHE_FILES
  • MEDIA_CONTENT_CONTROL
  • COPY PROTECTED DATA
  • START_PRINT_SERVICE_CONFIG_ACTIVITY

4 – Signature and System Permissions or Level-three Permissions

These are the permissions for the Special Situation Permissions. In this case, the application request must be signed with the same certificate as the Android System-Image (learn more about Android Firmware). This is why they are called “Special Situation Permissions”.

These permission types are used to integrate system builds and hence developers should only use Signature permission (permission level 2) instead of using level 3 permissions in their applications.

End of Part 1.

You can read more part 2, details about permissions in Android here.

Share the news now