What are the different protection levels in Android Permission?

What are the different protection levels in Android Permission?

Whenever an Android app is developed access to various components of Android devices like camera, GPS, etc. is required. For this developer needs to take users permission via an alert message that explains the permission and gives them the option to deny or grant. 

Accessing these features without user’s permission is an offence. To ensure these permissions are taken seriously different protection levels are put in place. For e.g. if a permission is low without asking the user it can be used however, if a permission involves the user's data taking explicit permission from the user becomes necessary. 

In this blog, we will discuss and learn about these permissions and their protection level. So, let’s get started. 

Protection levels

Usually, when a permission is taken from a user it is written in AndroidManifest.xml as the following command.

<uses-permission android:name="android.permission.INTERNET" />

The above permission grants internet access. 

Using a permission is not easy as a developer needs to know the protection level for each permission and whether to seek permission or not. The decision about the same is made based on different protection levels. 

Three levels of permission protection

  1. Normal Permissions
  2. Signature Permissions
  3. Dangerous Permissions

Besides these three, there’s one more protection level known as Special Permission. Let’s know about all these permissions step by step. 

1. Normal Permissions

Permissions that pose no or low risk to user data falls under the category of Normal Permission. For instance, if you want to access date and time there’s no need to ask user’s permission as it does not involve user’s data. By adding the permission to AndroidManifest.xml file you can access date and time. This means when the application is installed the system will automatically grant this permission. Following permission comes under Normal Permissions:

  • ACCESS_LOCATION_EXTRA_COMMANDS
    Allows an application to access extra location provider commands.
     
  • ACCESS_NETWORK_STATE
    Allows applications to access information about networks
     
  • ACCESS_NOTIFICATION_POLICY
    Marker permission for applications that wish to access notification policy. This permission is not supported on managed profiles.
     
  • ACCESS_WIFI_STATE
    Allows applications to access information about Wi-Fi networks.
     
  • BLUETOOTH
    Allows applications to connect to paired bluetooth devices.
     
  • BLUETOOTH_ADMIN
    Allows applications to discover and pair bluetooth devices.
  •  
  • BROADCAST_STICKY
  • Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast.

  • CALL_COMPANION_APP
    Allows an app which implements the InCallService API to be eligible to be enabled as a calling companion app. This means that the Telecom framework will bind to the app's InCallService implementation when there are calls active. The app can use the InCallService API to view information about calls on the system and control these calls.
     
  • CHANGE_NETWORK_STATE
    Allows applications to change network connectivity state.
     
  • CHANGE_WIFI_STATE
    Allows applications to change Wi-Fi connectivity state.
     
  • DISABLE_KEYGUARD
    Allows applications to disable the keyguard if it is not secure.
     
  • EXPAND_STATUS_BAR
    Allows an application to expand or collapse the status bar.
     
  • FOREGROUND_SERVICE
    Allows a regular application to use Service.startForeground.
     
  • GET_PACKAGE_SIZE
    Allows an application to find out the space used by any package.
     
  • INSTALL_SHORTCUT
    Allows an application to install a shortcut in Launcher.
     
  • INTERNET
    Allows applications to open network sockets.
     
  • KILL_BACKGROUND_PROCESSES
    Allows an application to call ActivityManager.killBackgroundProcesses(String).
     
  • MANAGE_OWN_CALLS
    Allows a calling application which manages it own calls through the self-managed ConnectionService APIs. See PhoneAccount.CAPABILITY_SELF_MANAGED for more information on the self-managed ConnectionService APIs.
     
  • MODIFY_AUDIO_SETTINGS
    Allows an application to modify global audio settings.
     
  • NFC
    Allows applications to perform I/O operations over NFC.
     
  • NFC_PREFERRED_PAYMENT_INFO
    Allows applications to receive NFC preferred payment service information.
     
  • NFC_TRANSACTION_EVENT
    Allows applications to receive NFC transaction events.
     
  • QUERY_ALL_PACKAGES
    Allows query of any normal app on the device, regardless of manifest declarations.
     
  • READ_SYNC_SETTINGS
    Allows applications to read the sync settings.
     
  • READ_SYNC_STATS
    Allows applications to read the sync stats.
     
  • RECEIVE_BOOT_COMPLETED
    Allows an application to receive the Intent.ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.
     
  • REORDER_TASKS
    Allows an application to change the Z-order of tasks.

  • REQUEST_COMPANION_RUN_IN_BACKGROUND
    Allows a companion app to run in the background.
     
  • REQUEST_COMPANION_USE_DATA_IN_BACKGROUND
    Allows a companion app to use data in the background.
     
  • REQUEST_DELETE_PACKAGES
    Allows an application to request deleting packages. Apps targeting APIs Build.VERSION_CODES.P or greater must hold this permission in order to use Intent.ACTION_UNINSTALL_PACKAGE or PackageInstaller.uninstall(VersionedPackage, IntentSender).
     
  • REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
    Permission an application must hold in order to use Settings.
     
  • ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS.
     
  • REQUEST_PASSWORD_COMPLEXITY
    Allows an application to request the screen lock complexity and prompt users to update the screen lock to a certain complexity level.
     
  • SET_ALARM
    Allows an application to broadcast an Intent to set an alarm for the user.
     
  • SET_WALLPAPER
    Allows applications to set the wallpaper.
     
  • SET_WALLPAPER_HINTS
    Allows applications to set the wallpaper hints.
     
  • TRANSMIT_IR
    Allows using the device's IR transmitter, if available.
     
  • USE_BIOMETRIC
    Allows an app to use device supported biometric modalities.
     
  • USE_FINGERPRINT
    Allows an app to use fingerprint hardware.
     
  • USE_FULL_SCREEN_INTENT
    Required for apps targeting Build.VERSION_CODES.Q that want to use notification full screen intents.
     
  • WAKE_LOCK
    Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming
     
  • WRITE_SYNC_SETTINGS
    Allows applications to write the sync settings.

 

2. Signature Accessibility Permissions

These permissions are granted during installation with one condition i.e. the app asking for permission should be signed with the same signature as that of the app that defines permission. Following are some Signature permissions:
 

  • BATTERY_STATS
    Allows an application to collect battery statistics
     
  • BIND_ACCESSIBILITY_SERVICE
    Must be required by an AccessibilityService, to ensure that only the system can bind to it.

     
  • BIND_AUTOFILL_SERVICE
    Must be required by a AutofillService, to ensure that only the system can bind to it.
     
  • BIND_CALL_REDIRECTION_SERVICE
    Must be required by a CallRedirectionService, to ensure that only the system can bind to it.
     
  • BIND_CARRIER_MESSAGING_CLIENT_SERVICE
    A subclass of CarrierMessagingClientService must be protected with this permission.
     
  • BIND_CARRIER_SERVICES
    The system process that is allowed to bind to services in carrier apps will have this permission. Carrier apps should use this permission to protect their services that only the system is allowed to bind to.
     
  • BIND_CHOOSER_TARGET_SERVICE
    Must be required by a ChooserTargetService, to ensure that only the system can bind to it.
     
  • BIND_CONDITION_PROVIDER_SERVICE
    Must be required by a ConditionProviderService, to ensure that only the system can bind to it.
     
  • BIND_DREAM_SERVICE
    Must be required by an DreamService, to ensure that only the system can bind to it.
     
  • BIND_INCALL_SERVICE
    Must be required by a InCallService, to ensure that only the system can bind to it.
     
  • BIND_INPUT_METHOD
    Must be required by an InputMethodService, to ensure that only the system can bind to it.
     
  • BIND_NFC_SERVICE
    Must be required by a HostApduService or OffHostApduService to ensure that only the system can bind to it.
     
  • BIND_NOTIFICATION_LISTENER_SERVICE
    Must be required by an NotificationListenerService, to ensure that only the system can bind to it.

     
  • BIND_QUICK_ACCESS_WALLET_SERVICE
    Must be required by a QuickAccessWalletService to ensure that only the system can bind to it.
     
  • BIND_REMOTEVIEWS
    Must be required by a RemoteViewsService, to ensure that only the system can bind to it.
     
  • BIND_SCREENING_SERVICE
    Must be required by a CallScreeningService, to ensure that only the system can bind to it.
     
  • BIND_TELECOM_CONNECTION_SERVICE
    Must be required by a ConnectionService, to ensure that only the system can bind to it.
     
  • BIND_TEXT_SERVICE
    Must be required by a TextService (e.g. SpellCheckerService) to ensure that only the system can bind to it.
     
  • BIND_TV_INPUT
    Must be required by a TvInputService to ensure that only the system can bind to it.
  • BIND_VISUAL_VOICEMAIL_SERVICE
    Must be required by a link VisualVoicemailService to ensure that only the system can bind to it.
     
  • BIND_VOICE_INTERACTION
    Must be required by a VoiceInteractionService, to ensure that only the system can bind to it.
     
  • BIND_VPN_SERVICE
    Must be required by a VpnService, to ensure that only the system can bind to it.
     
  • BIND_VR_LISTENER_SERVICE
    Must be required by an VrListenerService, to ensure that only the system can bind to it.
     
  • BIND_WALLPAPER
    Must be required by a WallpaperService, to ensure that only the system can bind to it.
     
  • CHANGE_CONFIGURATION
    Allows an application to modify the current configuration, such as locale.
     
  • CLEAR_APP_CACHE
    Allows an application to clear the caches of all installed applications on the device.
     
  • DELETE_CACHE_FILES
    Old permission for deleting an app's cache files, no longer used, but signals for us to quietly ignore calls instead of throwing an exception.
     
  • GET_ACCOUNTS_PRIVILEGED
    Allows access to the list of accounts in the Accounts Service.
     
  • GLOBAL_SEARCH
    This permission can be used on content providers to allow the global search system to access their data. Typically it used when the provider has some permissions protecting it (which global search would not be expected to hold), and added as a read-only permission to the path in the provider where global search queries are performed. This permission can not be held by regular applications; it is used by applications to protect themselves from everyone else besides global search.
     
  • INSTANT_APP_FOREGROUND_SERVICE
    Allows an instant app to create foreground services.
     
  • LOADER_USAGE_STATS
    Allows a data loader to read a package's access logs. The access logs contain the set of pages referenced over time.
    Declaring the permission implies intention to use the API and the user of the device can grant permission through the Settings application.
     
  • MANAGE_EXTERNAL_STORAGE
    Allows an application a broad access to external storage in scoped storage. Intended to be used by few apps that need to manage files on behalf of the users.
     
  • PACKAGE_USAGE_STATS
    Allows an application to collect component usage statistics
    Declaring the permission implies intention to use the API and the user of the device can grant permission through the Settings application.
     
  • READ_VOICEMAIL
    Allows an application to read voicemails in the system.
     
  • REQUEST_INSTALL_PACKAGES
    Allows an application to request installing packages. Apps targeting APIs greater than 25 must hold this permission in order to use Intent.ACTION_INSTALL_PACKAGE.
     
  • SMS_FINANCIAL_TRANSACTIONS
    Allows financial apps to read filtered sms messages. Protection level: signature|appop
     
  • START_VIEW_PERMISSION_USAGE
    Allows the holder to start the permission usage screen for an app.
     
  • SYSTEM_ALERT_WINDOW
    Allows an app to create windows using the type WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. Very few apps should use this permission; these windows are intended for system-level interaction with the user.
     
  • WRITE_SETTINGS
    Allows an application to read or write the system settings.
     
  • WRITE_VOICEMAIL
    Allows an application to modify and remove existing voicemails in the system.

3. Dangerous Permissions

Dangerous permissions as the name explains if accessed without user’s knowledge can risk user data in some way or the other. Say for instance, if you want to read contacts saved on phone or want to access files stored on the device then asking for such permission will fall under Dangerous permission. To use these permissions, the user’s explicit permission is mandatory. If denied by the user you cannot use that permission. Here are some of the Dangerous permissions:

  • ACCEPT_HANDOVER
    Allows a calling app to continue a call which was started in another app. An example is a video calling app that wants to continue a voice call on the user's mobile network.

    When the handover of a call from one app to another takes place, there are two devices which are involved in the handover; the initiating and receiving devices. The initiating device is where the request to handover the call was started, and the receiving device is where the handover request is confirmed by the other party.

    This permission protects access to the TelecomManager.acceptHandover(Uri, int, PhoneAccountHandle) which the receiving side of the handover uses to accept a handover.
     
  • ACCESS_BACKGROUND_LOCATION
    Allows an app to access location in the background. If you're requesting this permission, you must also request either ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION. Requesting this permission by itself doesn't give you location access.
     
  • ACCESS_COARSE_LOCATION
    Allows an app to access approximate location. Alternatively, you might want ACCESS_FINE_LOCATION.
     
  • ACCESS_FINE_LOCATION
    Allows an app to access precise location. Alternatively, you might want ACCESS_COARSE_LOCATION.
     
  • ACCESS_MEDIA_LOCATION
    Allows an application to access any geographic locations persisted in the user's shared collection.
     
  • ACTIVITY_RECOGNITION
    Allows an application to recognize physical activity.
     
  • ADD_VOICEMAIL
    Allows an application to add voicemails into the system.
     
  • ANSWER_PHONE_CALLS
    Allows the app to answer an incoming phone call.
     
  • BODY_SENSORS
    Allows an application to access data from sensors that the user uses to measure what is happening inside his/her body, such as heart rate.
     
  • CALL_PHONE
    Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.
     
  • CAMERA
    This will automatically enforce the uses-feature manifest element for all camera features. If you do not require all camera features or can properly operate if a camera is not available, then you must modify your manifest as appropriate in order to install on devices that don't support all camera features.
     
  • GET_ACCOUNTS
    Allows access to the list of accounts in the Accounts Service.
     
  • PROCESS_OUTGOING_CALLS
    Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.
     
  • READ_CALENDAR
    Allows an application to read the user's calendar data.
     
  • READ_CALL_LOG
    Allows an application to read the user's call log.
     
  • READ_CONTACTS
    Allows an application to read the user's contacts data.
     
  • READ_EXTERNAL_STORAGE
    Allows an application to read from external storage.
     
  • READ_PHONE_NUMBERS
    Allows read access to the device's phone number(s). This is a subset of the capabilities granted by READ_PHONE_STATE but is exposed to instant applications.

     
  • READ_PHONE_STATE
    Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.

     
  • READ_SMS
    Allows an application to read SMS messages.

     
  • RECEIVE_MMS
    Allows an application to monitor incoming MMS messages.

  • RECEIVE_WAP_PUSH
  • Allows an application to receive WAP push messages.
     
  • RECORD_AUDIO
    Allows an application to record audio.
     
  • SEND_SMS
    Allows an application to send SMS messages.
     
  • USE_SIP
    Allows an application to use SIP service.
     
  • WRITE_CALENDAR
    Allows an application to write the user's calendar data.
     
  • WRITE_CALL_LOG
    Allows an application to write (but not read) the user's call log data.
     
  • WRITE_CONTACTS
    Allows an application to write the user's contacts data.
     
  • WRITE_EXTERNAL_STORAGE
    Allows an application to write to external storage.

 

Conclusion

So, these are some permissions and their protection levels that each developer needs to keep in mind when designing an app. Where Dangerous permissions involve access to user’s private data, Normal permissions are very basic. Hence when seeking for a permission and adding it in the AndroidManifest file developer needs to be very careful. To get more information and reference visit Android website

We hope we were able to explain different permissions and their protection levels. If you have any doubts do write to us, we would love to clear all the confusions.