I can't seem to find it in the Manifest.permission page on the Android developer website. I see GET_TASKS but it's deprecated.
As per #CommonsWare's answer:
REAL_GET_TASKS is a signature-level permission; it cannot be held by ordinary Android SDK apps.
Also a comment by #Gürol'Ca on his answer:
GET_TASKS was a 'normal' permission which can be requested by 3rd party applications. However, REAL_GET_TASKS's protection level is signature or system which cannot be requested by 3rd party applications.
When checking the official documents about < permission > - android:protectionLevel:
"signature"
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
Wasn't able to find a totally clear description, or a doc that defines it completely in detail. But I think basing from these, it seems that it is a permission with regards to App Signing.
Cheers!
Related
Following the manifestation file https://android.googlesource.com/platform/frameworks/base/+/master/core/res/AndroidManifest.xml, we have some protection levels of permissions, such as
signature|system|development, signature|system, system|signature, signature|development|appop, signature|privileged, signature|installer, signature. I know that the permissions with ".|system|." are used only for the system/manufacturer applications. But for "signature", "signature|development|appop" levels, I wonder whether a third-party application can get the certificate to use them? Because I saw that Facebook has the permission "Battery_stats" in its list of permissions. I tried to find the information to confirm this question, but found no clear confirmation.
I got the below explanation from Android documentation, about the new permission model in Android M Preview. Please explain the texts in bold in simple words because I am confused.
If the app requests permissions in the manifest that fall under PROTECTION_SIGNATURE, and the app is signed with the same certificate as the app that declared those permissions, the system grants the requesting app those permissions on installation. Apps cannot request signature permissions at runtime.
Apps can define their own permissions via the manifest. This is referring to those permissions. So if I publish 2 apps, both signed with the same certificate, and app#1 defines a new permission with signature level protection and app#2 uses that permission (by stating so in its manifest) then the system will automatically grant the permission to app#2. Note that this is not new to Android Marshmallow. Only the selective grant/revoke is.
This article will help to explain permissions in general under Android: http://hiqes.com/android-security-part-2
Let me guess.
there are two apps, A and B, they was signed with the same certificate.
first at all, user start using A app, and request permissions EXAMPLE_PERMISSION under PROTECTION_SIGNATURE, then system gives a dialog and tips user that he need to grant it. user click GRANT.
And then, user launch B app, B app wants the same permission, the EXAMPLE_PERMISSION, and when it requests the permission, system auto grant that.
Because of A app has granted it, and A and B have the same certificate.
I guess so.
When I add the permissions
"INTERNET"
"ACCESS_NETWORK_STATE"
to my app and upload it to Google Play, people who download the app see the message "this app doesn't require any special permissions".
Are the following permissions "special" for Google Play?
"ACCESS_WIFI_STATE"
"READ_PHONE_STATE"
I'm using a mobile ad SDK that claims to perform better if it is granted all four permissions. But I don't want to scare off some users by asking for too many permissions.
The permission READ_PHONE_STATE has to be accepted by users, ACCESS_WIFI_STATE doesn't.
Somebody asked already about the link between Android Permissions and Permission Groups - the selected answer links to the actual mapping file for the permissions of Android.
So the permissions you mentioned are belonging into the following groups and protection levels:
INTERNET: NETWORK (dangerous)
ACCESS_NETWORK_STATE: NETWORK (normal)
ACCESS_WIFI_STATE: NETWORK (normal)
READ_PHONE_STATE: PHONE_CALLS (dangerous)
Based on Google's explanation about the protectionLevel, "special permissions" (as you call it) are permissions marked as "dangerous" (as Google calls it).
But hey, INTERNET is dangerous! Why aren't users asked about this permission? Because.
Google has also given each app Internet access, effectively removing
the Internet access permission. Oh, sure, Android developers still
have to declare they want Internet access when putting together the
app. But users can no longer see the Internet access permission when
installing an app and current apps that don’t have Internet access can
now gain Internet access with an automatic update without prompting
you.
I'm building an Android app, and one of the permission I need is defined as:
android:protectionLevel="signature|system|development"
How do I get the signature protection level? Do I need to sign my application somehow?
Do I need to sign it with OEM ? (Samsung\HTC\LG)?
signature means that to be able to get access to the resource, your app have to be signed with the same certificate that the holder of the permission. If this is not your app you are trying to connect to, then you basically are out of luck. If that's system one then you are out of luck even more, This is documented here:
"signature"
A permission that the system grants only if the
requesting application is signed with the same certificate as the
application that declared the permission. If the certificates match,
the system automatically grants the permission without notifying the
user or asking for the user's explicit approval.
EDIT
Im trying to read logcat file through my application. this requires
the permission android.permission.READ_LOGS
You cannot access logs on stock ROM that are not created by your application. That's introduced for security reasons, so would not make sense to let you get it just because you need it. If you build own ROM, then you can have it, but then you should know this already.
I am new to Android and have a question regarding protection level "Signature" for permissions in AndroidManifest.xml.
The Android reference document states about "Signature" protection level:
A permission that the system grants only if the requesting application
is signed with the same certificate as the application that declared
the permission. If the certificates match, the system automatically
grants the permission without notifying the user or asking for the
user's explicit approval.
This implies that permissions which have protection level "Signature" are not available to use by normal application and can only be used Android Dev Team.
What I am wondering about is that how many applications in Android Market or on other sites can have these permissions? Like an application which is used for recording calls has android.permission.DEVICE_POWER in addition to other permissions. Is Android system really granting this permission to this application while installation?
When I tried to use the permission "READ_INPUT_STATE" (new in 2.2) I got the following error in LogCat:
06-28 09:28:34.943: WARN/PackageManager(60): Not granting permission android.permission.READ_INPUT_STATE to package com.example.wheredoyoulive (protectionLevel=2 flags=0x8444)
The same is true for permissions with Protection Level "SignatureOrSystem". There exists a caller application which has CALL_PRIVILEGED permission in addition to other permissions.
Please help me and clear my doubts.
Regards
Abhishek
I believe the purpose of the "Signature" permission level is for two applications by the same developer to be able to share data seamlessly without bothering the user. The READ_INPUT_STATE permission is not intended to be used in applications:
Allows an application to retrieve the current state of keys and switches. This is only for use by the system.
See http://developer.android.com/reference/android/Manifest.permission.html#READ_INPUT_STATE
Facebook home uses this,
once you install it you'll notice that it doesn't request ANY permissions, but explicitly requires that the facebook app be installed, this is so that the system can grant it the necessary permissions by proxy of the Facebook app.
Typically what happens is the Facebook app with advertise facilities for other apps to read your status and news feed, normally these apps would need to explicitly request permission to use them if they are signed under a different certificate or rather private key.