Android permissions are listed here:
Manifest.permission http://developer.android.com/reference/android/Manifest.permission.html
In AndroidManifest.xml at https://android.googlesource.com/platform/frameworks/base/+/master/core/res/AndroidManifest.xml, there are few extra permissions that are not listed in the Manifest.permission.
These hidden permission come with the #hide in thir description in AndroidManifest.xml.
Why there permissions are hidden?
Can these permissions still be used by applications if it is allowed for third party applications?
Those type of permissions are for core system applications (from manufacturers) and/or low-level enough to be AOSP-specific.
Example:
<!-- #hide Allows low-level access to tun tap driver -->
<permission android:name="android.permission.NET_TUNNELING"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature" />
This permission is reserved for Android's AOSP source code. It falls under SYSTEM_TOOLS permission group and can only be used when signed with the same signature as the OS.
The API team simply decided not to expose this permission, and I doubt anyone (except core system applications) can use them or even declare them be using them -- hidden APIs = private APIs.
Related
I installed a new application to release it to the play console. I installed Apk. First, I uploaded it to the open beta channel, but it always seems to be under review.
Later, after installing each apk, I get an e-mail about application permissions, they say that they do not comply with their privacy and sensitivity policies.
These appear in the permissions required by apk on the play console:
android.permission.ACCESS_NETWORK_STATE, android.permission.INTERNET, android.permission.READ_EXTERNAL_STORAGE, android.permission.WAKE_LOCK, android.permission.WRITE_EXTERNAL_STORAGE, com.google.android.c2dm.permission.RECEIVE
This is the content of mail:
Requested permissions do not match core functionality of the app
You declared Select Carrier Services and Device Automation as the core functionality of your app. However, after review, we found that your app does not match the declared use case(s). Learn more about permitted uses and exceptions.
Please either:
Make changes to your app so that it meets the requirements of the declared core functionality or,
Select a use case that matches your app’s functionality
Sensitive permission
Your app does not qualify for use of the requested permissions. Permission requests should make sense to users. You may only request permissions that are necessary to implement critical current features or services in your application. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes.
This is the my AndroidManifest.xml and permissions:
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
If anyone has an idea or can help I would be very glad.
Although I changed it 8 times and installed the apk, I did not get approval for how many days and I constantly receive the mail I sent the content above, every time I send an apk..
I am developing an application which has a number of components, each component will be a separate Android app. The "Core" app will use content providers to offer access to the database, and reading the permissions documentation "Signature" protection is the way I want to go.
I've defined a group for my permission, mainly so my permissions would show up nicely against my own icon in the "Permissions" section of the App Info. with android:protectionLevel="normal" they show up just fine. But when I use the android:protectionLevel="signature" they disappear.
<permission-group
android:name="com.example.permissions.GROUP"
android:label="#string/lblGroup"
android:description="#string/descGroup"
android:icon="#drawable/ic_menu_permissions_group" />
<permission
android:name="com.example.permission.CONFIG_READ"
android:permissionGroup="com.example.permissions.GROUP"
android:protectionLevel="signature"
android:label="#string/lblConfigRead"
android:description="#string/descConfigRead" />
<permission
android:name="com.example.permission.CONFIG_WRITE"
android:permissionGroup="com.example.permissions.GROUP"
android:protectionLevel="signature"
android:label="#string/lblConfigWrite"
android:description="#string/descConfigWrite" />
Given that I am currently developing and, therefore using the developers key, are there some other hoops I need to jump through in order to get the "signature" protection level to work for developers?
As always many thanks for your help
Steve
But when I use the android:protectionLevel="signature" they disappear.
That is because the user does not need to approve them. Signature-level permissions are automatically granted and denied based upon the signatures of the apps.
are there some other hoops I need to jump through in order to get the "signature" protection level to work for developers?
It already works, for your own apps. If "developers" are third parties, you cannot use signature-level permissions, as they will be signing with their own signing keys.
My application define a permission with android:protectionLevel="signature".
<permission android:name="my.app.permission.EXAMPLE" android:protectionLevel="signature" />
My intention is make application modules that can be launched only by my signed app. These application modules have android:permission in its activities.
This works fine. but...
A third-party app can use the same permission name and changed the protection level to normal, like this
<permission android:name="my.app.permission.EXAMPLE" android:protectionLevel="normal" />
If my app is installed first, i can prevent others apps to override the permission. However, if one uninstalls my app and then installs his app it redefines the permission.
Is it possible prevent other application use the same permission name, for example, giving the permission a unique id like application package?
Although the Manifest is encrypted, anyone can read the permission name in log cat when it tries to start the activity that requires this permission (An exception is thrown having the required permission name).
There's no enforcement, only convention. Like the rest of the Java world, it loosely relies on domain name registration infrastructure. The idea is that you prefix your permission name with your public Internet domain name (e. g. com.myawesomecompany.myapp.MYPERMISSION) which you own.
Uniqueness of domain names is enforced by the registrar community, naturally.
Yes, the system is open for abuse.
EDIT: if you're securing a broadcast-based channel, you can add a two-way signature check if you feel like it. Call Context.sendBroadcast() with the permission name as a second parameter.
EDIT2: I feel you're overthinking this while closing your eyes at the bigger Android app security picture. Which is not impressive. Abusing the privilege infrastructure is not how one hacks into an Android app. If I set out to intercept your intents, I won't be putting together a fake intent receiver (activity, service). Instead, I'd connect with a debugger to the genuine receiver in your app, signature and all.
With publicly available tools, it takes minutes to put togther an Eclipse project for a given APK. Load it up into Eclipse, connect to a running process, set breakpoints in relevant system APIs (Android is open source, remember), voila. With a bit of extra effort, you can get decompiled Java sources for an APK and debug in terms of YOUR methods, as opposed to system ones.
copyed from Google Andorid Doc:
Note: The system does not allow multiple packages to declare a permission with the same name, unless all the packages are signed with the same certificate. If a package declares a permission, the system does not permit the user to install other packages with the same permission name, unless those packages are signed with the same certificate as the first package. To avoid naming collisions, we recommend using reverse-domain-style naming for custom permissions, for example com.example.myapp.ENGAGE_HYPERSPACE.
https://developer.android.com/guide/topics/permissions/defining
If you want to prevent other applications from changing your permission level, you can use system predefine permissions which have level "signature". No other regular app can define permission before system.
Use system permission to protect your resource doesn't mean your app have to sign with platform key.
example:
<service
android:name="xxx.xxx.xxx.exservice"
android:permission="android.permission.BROADCAST_PACKAGE_REMOVED" >
The only issue is AppStore would show which permission you use if below code shows in app's manifest.xml
<uses-permission android:name="android.permission.BROADCAST_PACKAGE_REMOVED" />
In this example, you can access you resource by the same sign key, but definitely you can't broadcast package remove.
I have some Android permissions which I would like to know to which permision PROTECTION LEVEL they belong. Does anybody know how can this be checked? For example I need to know the PROTECTION LEVEL of android.permission.RECEIVE_BOOT_COMPLETED permission, but I would like to check many more.
EDIT:
I see that I didn't put it clearly: What I mean is not an API level with which permission was introduced, but permission protection level, one of four: Normal, Dangerous, Signeture, Signature Or System. It determines for example how this permission is presented to user during the application installation. How can I check to which protection level certain permission belongs?
A list of default permissions with the associated protection levels can be found in the latest source here:
https://github.com/android/platform_frameworks_base/blob/master/core/res/AndroidManifest.xml
Example:
<permission android:name="android.permission.INTERNET"
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="dangerous"
android:description="#string/permdesc_createNetworkSockets"
android:label="#string/permlab_createNetworkSockets" />
Keep in mind they could be changed by the OEM.
getPackageManager().getPermissionInfo(name, 0).protectionLevel
In this link you can see all the permissions of android.
The level you mark it here:
For Android-Permission..
To enforce permissions, various parts of the system invoke a
permission validation mechanism to check whether a given application
has a specied permission. The permission validation mechanism is
implemented as part of the trusted system process, and invocations of
the permission validation mechanism are spread throughout the API.
There is no centralized policy for checking permissions when an API
is called. Rather, mediation is contingent on the correct placement
of permission validation calls.
Permission checks are placed in the API implementation in the system
process. When necessary, the API implementation calls the
permission validation mechanism to check that the invoking
application has the necessary permissions. In some cases, the API
library may also redundantly check these permissions, but such checks
cannot be relied upon: applications can circumvent them by directly
communicating with the system process via the RPC stubs. Permission
checks therefore should not occur in the API library. In- stead, the
API implementation in the system process should invoke the permission
validation mechanism.
Also just go through with this documents for more info Android-Permission
You can find the protection level in the permission documentation
In my app I try and use location information if it is available. Hence I have those permissions in my manifest:
e.g.
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
NOTE: I DO NOT have a for location, which is the tag I understood was used for filtering in Android Market.
When I upload to Android market I get this reported:
This apk requests 4 features that will
be used for Android Market filtering
android.hardware.location.network
android.hardware.location
android.hardware.location.gps
android.hardware.touchscreen
which to me suggests that it will only show up for devices that have location and location.network and gps hardware.
But my use of location is optional and the app will work if it is not avaialble.
Should I remove those permissions from my manifest (will I get exceptions when I try to use it?)?
Is there a way to leave the permissions and avoidAndroid Market filtering based on them?
My application has the same problem. I guess this is because the minSdkVersion is 4, i.e. Android 1.6. From the <uses-feature> documentation:
In general, if your application is designed to run on Android 1.6 and earlier versions, the android:required attribute is not available in the API and Android Market assumes that any and all declarations are required.
This makes sense because when you declare a feature as optional, you are supposed to use the hasSystemFeature() method from the PackageManager to check whether the current device has that particular feature. However, this method itself is available only from API Level 5!