5

I was working on understanding what the implications of granting a package a particular permission are. To my utter disbelief I could not find any material which would answer the questions satisfactorily.

1.) What permissions are reserved to be used by whom?

2.) What level of effect does granting a permission to an application have, in security aspects.

3.) What kind of permission does a user need to beware of and understand completely what the repercussion might be (at install time.)

4.) How to identify when an application is misusing a permission granted to it?

I hope with a series of example programs and bits and pieces of documentation we can organize a clear working model for permission on android. I hope people would paste code for relevant examples in an attempt to understand this and help us develop better applications as well as develop user understanding on how secure they are.

thanks Shouvik

EDITED:What I eventually intend to achieve out of this discussion is that when I cluster a group of permissions, I should be able to get a concise picture of what my application will be capable of doing to my data. I then should be able to weigh those risks with the application installed and determine if its worth the risk. Please note, I am not here to suggest that all apps request perms for malicious use! I am here for that 0.1% of apps which might do it with that intent! =)

Don't take my word for it. Here is a link I came across in the discussion group which puts my idea into a clear perspective. http://groups.google.com/group/android-developers/browse_thread/thread/88b69b590c4d1482/d4bfb0e544d8a3a9?lnk=gst&q=permissions#d4bfb0e544d8a3a9

Daniele
  • 1,005
  • 9
  • 26
Shouvik
  • 11,350
  • 16
  • 58
  • 89
  • Feel free to edit the question they was you want to to add more understanding on the same. I could not think of a better question, so please come up with one. =) – Shouvik Aug 05 '10 at 11:15
  • I have been time and again pointed to googles android documentations, but I cannot stress enough how insufficient they are. They raise more questions than answer actually! – Shouvik Aug 05 '10 at 12:31

2 Answers2

3

1) There is a list of permissions (List) a developer can request for his application. Also look at: Security and Permissions

2) If a user installs the application and allows the permissions the application asks for, the application is allowed to do access certain parts of the android system. (for instance, if a application asks the READ_CONTACTS-permission and you grant it, the application can read the contacts from your phonebook, ...)

3) It depends on you feeling concerning security and the trustworthiness of the application you install. If you don't trust the developer of an application, you shouldn't install it. If an application asks for rights you don't think it really needs, don't install it. (If a simple "ToDo List" app asks permission to make outgoing calls ...)

Which one you should be aware of is a BIG topic - the link under 1) describes the permissions and what an application can do with it - should be a start ...

4) If you grant a permission the application can use it and you can't control in which way it's used. (if you grant GPS, you can't know whether it's updating the status only if you want to or if it's updating every second ...

I don't have enough time at the moment, but maybe I write a little article about this topic on the weekend.

qedejavu
  • 442
  • 6
  • 19
  • My very first question is actually not answer by the documentation. I have read it quite throughly now, and a couple of time. I have looked at the security aspects, but that is not whats of concern to me. What i intend to find out is what combinations of permissions is enough to lead a user to unwittingly let an application steal data. Its not completely un-necessary for an application to request those list of permissions but then if it does, it should have a good reason to! Mostly I am bothered with the lack of indepth explanation of each one of the permissions. – Shouvik Aug 05 '10 at 12:25
  • Shouvik... Android treats everyone as adults... both developers and users. It is the responsibility of the user to install applications from trusted sources only... it is the responsibility of the developer (who agreed to this in the terms of service) to not produce malware. – androidworkz Aug 05 '10 at 12:48
  • @androidworkz I agree completely. Please don't take it personally, but how about having it all well documented. Its the whole point of an open source program right? And I again would like to insist this is solely for the purpose of increasing awareness. Its not targeted at anyone, and a handy tool that could be used by everyone! – Shouvik Aug 05 '10 at 12:53
2

Here is a link I found something that offers a little more than the documentation. Its not much but its a start. Please feel free to pour in your inputs too!

Edit1: So I carried out this little experiment to find out which permissions are not accessible to me as a third party developer. (Pretty dumb of me not to try this earlier, but here is the list FWIW.)

Community
  • 1
  • 1
Shouvik
  • 11,350
  • 16
  • 58
  • 89