Android Permissions – Protection Levels
Android applications declare the permissions they are likely to require in their manifest (a short file that describes the contents of the ‘package’). This allows the system to sandbox them from critical resources and gives the user some indication of what havoc they might reap. That’s the theory at least, but the first time I installed an application and read the permissions page I had no idea what they were on about! Clearly this system needs to be changed, but that is not what I want to talk about today.
As an application writer I need to know the protection level of these permissions, i.e. which of these permissions are normal (can cause the user no real harm), dangerous (might require a greater level of trust, such as the ability to read SMS messages), signature (only granted to applications that are signed by the people who built the OS), signatureOrSystem (like signature, but also allowed if they have been pre-installed in a system folder). I was surprised to find no easy reference for this in the documentation, but I did find the relevant information in the source.
You can of course probe the android package itself for this information, which is useful if you don’t have access to the particular version of Android you are running. Here is some code that does just that:
// Get the permissions for the core android package
PackageInfo packageInfo = getPackageManager().getPackageInfo("android", PackageManager.GET_PERMISSIONS);
if (packageInfo.permissions != null) {
// For each defined permission
for (PermissionInfo permission : packageInfo.permissions) {
// Dump permission info
String protectionLevel;
switch(permission.protectionLevel) {
case PermissionInfo.PROTECTION_NORMAL : protectionLevel = "normal"; break;
case PermissionInfo.PROTECTION_DANGEROUS : protectionLevel = "dangerous"; break;
case PermissionInfo.PROTECTION_SIGNATURE : protectionLevel = "signature"; break;
case PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM : protectionLevel = "signatureOrSystem"; break;
default : protectionLevel = ""; break;
}
Log.i("PermissionCheck", permission.name + " " + protectionLevel);
}
}
…and here are the results in case you need to know them at a glance…
Permission Protection Level
android.intent.category.MASTER_CLEAR.permission.C2D_MESSAGE signature
android.permission.ACCESS_CACHE_FILESYSTEM signatureOrSystem
android.permission.ACCESS_CHECKIN_PROPERTIES signatureOrSystem
android.permission.ACCESS_COARSE_LOCATION dangerous
android.permission.ACCESS_FINE_LOCATION dangerous
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS normal
android.permission.ACCESS_MOCK_LOCATION dangerous
android.permission.ACCESS_NETWORK_STATE normal
android.permission.ACCESS_SURFACE_FLINGER signature
android.permission.ACCESS_WIFI_STATE normal
android.permission.ACCOUNT_MANAGER signature
android.permission.ASEC_ACCESS signature
android.permission.ASEC_CREATE signature
android.permission.ASEC_DESTROY signature
android.permission.ASEC_MOUNT_UNMOUNT signature
android.permission.ASEC_RENAME signature
android.permission.AUTHENTICATE_ACCOUNTS dangerous
android.permission.BACKUP signatureOrSystem
android.permission.BATTERY_STATS normal
android.permission.BIND_APPWIDGET signatureOrSystem
android.permission.BIND_DEVICE_ADMIN signature
android.permission.BIND_INPUT_METHOD signature
android.permission.BIND_WALLPAPER signatureOrSystem
android.permission.BLUETOOTH dangerous
android.permission.BLUETOOTH_ADMIN dangerous
android.permission.BRICK signature
android.permission.BROADCAST_PACKAGE_REMOVED signature
android.permission.BROADCAST_SMS signature
android.permission.BROADCAST_STICKY normal
android.permission.BROADCAST_WAP_PUSH signature
android.permission.CALL_PHONE dangerous
android.permission.CALL_PRIVILEGED signatureOrSystem
android.permission.CAMERA dangerous
android.permission.CHANGE_BACKGROUND_DATA_SETTING signature
android.permission.CHANGE_COMPONENT_ENABLED_STATE signature
android.permission.CHANGE_CONFIGURATION dangerous
android.permission.CHANGE_NETWORK_STATE dangerous
android.permission.CHANGE_WIFI_MULTICAST_STATE dangerous
android.permission.CHANGE_WIFI_STATE dangerous
android.permission.CLEAR_APP_CACHE dangerous
android.permission.CLEAR_APP_USER_DATA signature
android.permission.CONTROL_LOCATION_UPDATES signatureOrSystem
android.permission.COPY_PROTECTED_DATA signature
android.permission.DELETE_CACHE_FILES signatureOrSystem
android.permission.DELETE_PACKAGES signatureOrSystem
android.permission.DEVICE_POWER signature
android.permission.DIAGNOSTIC signature
android.permission.DISABLE_KEYGUARD normal
android.permission.DUMP dangerous
android.permission.EXPAND_STATUS_BAR normal
android.permission.FACTORY_TEST signature
android.permission.FLASHLIGHT normal
android.permission.FORCE_BACK signature
android.permission.FORCE_STOP_PACKAGES signature
android.permission.GET_ACCOUNTS normal
android.permission.GET_PACKAGE_SIZE normal
android.permission.GET_TASKS dangerous
android.permission.GLOBAL_SEARCH signatureOrSystem
android.permission.GLOBAL_SEARCH_CONTROL signature
android.permission.HARDWARE_TEST signature
android.permission.INJECT_EVENTS signature
android.permission.INSTALL_LOCATION_PROVIDER signatureOrSystem
android.permission.INSTALL_PACKAGES signatureOrSystem
android.permission.INTERNAL_SYSTEM_WINDOW signature
android.permission.INTERNET dangerous
android.permission.KILL_BACKGROUND_PROCESSES normal
android.permission.MANAGE_ACCOUNTS dangerous
android.permission.MANAGE_APP_TOKENS signature
android.permission.MASTER_CLEAR signatureOrSystem
android.permission.MODIFY_AUDIO_SETTINGS dangerous
android.permission.MODIFY_PHONE_STATE dangerous
android.permission.MOUNT_FORMAT_FILESYSTEMS dangerous
android.permission.MOUNT_UNMOUNT_FILESYSTEMS dangerous
android.permission.MOVE_PACKAGE signatureOrSystem
android.permission.PACKAGE_USAGE_STATS signature
android.permission.PERFORM_CDMA_PROVISIONING signatureOrSystem
android.permission.PERSISTENT_ACTIVITY dangerous
android.permission.PROCESS_OUTGOING_CALLS dangerous
android.permission.READ_CALENDAR dangerous
android.permission.READ_CONTACTS dangerous
android.permission.READ_FRAME_BUFFER signature
android.permission.READ_INPUT_STATE signature
android.permission.READ_LOGS dangerous
android.permission.READ_OWNER_DATA dangerous
android.permission.READ_PHONE_STATE dangerous
android.permission.READ_SMS dangerous
android.permission.READ_SYNC_SETTINGS normal
android.permission.READ_SYNC_STATS normal
android.permission.READ_USER_DICTIONARY dangerous
android.permission.REBOOT signatureOrSystem
android.permission.RECEIVE_BOOT_COMPLETED normal
android.permission.RECEIVE_MMS dangerous
android.permission.RECEIVE_SMS dangerous
android.permission.RECEIVE_WAP_PUSH dangerous
android.permission.RECORD_AUDIO dangerous
android.permission.REORDER_TASKS dangerous
android.permission.RESTART_PACKAGES normal
android.permission.SEND_SMS dangerous
android.permission.SET_ACTIVITY_WATCHER signature
android.permission.SET_ALWAYS_FINISH dangerous
android.permission.SET_ANIMATION_SCALE dangerous
android.permission.SET_DEBUG_APP dangerous
android.permission.SET_ORIENTATION signature
android.permission.SET_PREFERRED_APPLICATIONS signature
android.permission.SET_PROCESS_LIMIT dangerous
android.permission.SET_TIME signatureOrSystem
android.permission.SET_TIME_ZONE dangerous
android.permission.SET_WALLPAPER normal
android.permission.SET_WALLPAPER_COMPONENT signatureOrSystem
android.permission.SET_WALLPAPER_HINTS normal
android.permission.SHUTDOWN signature
android.permission.SIGNAL_PERSISTENT_PROCESSES dangerous
android.permission.STATUS_BAR signatureOrSystem
android.permission.STOP_APP_SWITCHES signature
android.permission.SUBSCRIBED_FEEDS_READ normal
android.permission.SUBSCRIBED_FEEDS_WRITE dangerous
android.permission.SYSTEM_ALERT_WINDOW dangerous
android.permission.UPDATE_DEVICE_STATS signature
android.permission.USE_CREDENTIALS dangerous
android.permission.VIBRATE normal
android.permission.WAKE_LOCK dangerous
android.permission.WRITE_APN_SETTINGS dangerous
android.permission.WRITE_CALENDAR dangerous
android.permission.WRITE_CONTACTS dangerous
android.permission.WRITE_EXTERNAL_STORAGE dangerous
android.permission.WRITE_GSERVICES signatureOrSystem
android.permission.WRITE_OWNER_DATA dangerous
android.permission.WRITE_SECURE_SETTINGS signatureOrSystem
android.permission.WRITE_SETTINGS dangerous
android.permission.WRITE_SMS dangerous
android.permission.WRITE_SYNC_SETTINGS dangerous
android.permission.WRITE_USER_DICTIONARY normal
com.android.browser.permission.READ_HISTORY_BOOKMARKS dangerous
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS dangerous