Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Few questions about custom permissions in Android

I am learning Android programming and I have kind of understood the concept of custom permission.

Based on my understanding this is how custom permissions works:

'Base app'can protect some of its components (e.g., activity and services) by declaring custom permissions (i.e., using <permission> tags in the manifest file) and the'client app' that calls the activities and services protected by custom permissions need to acquire necessary permissions (i.e., using <uses-permission> tags in the manifest file) to call those components in the base app.

However, I have these questions regarding custom permissions:

  1. If the custom permission is declared as dangerous (i.e., android:protectionLevel="dangerous"), does the client app needs to get the approval from the user during installation time? If so, how does the user aware of these custom permissions because there won't be any documentation for the custom permissions.
  2. During installation time how does the client app knows that base app is already installed in the user's phone? Is there anyway for the client app to know this information?
  3. Once the client app is installed, what will happen if the user decides to remove the base app? In this case, if the user tries to use client app will it cause any security exception?

I don't know whether these questions make sense but it makes me wonder how custom permissions actually work in real scenario.

Thank you.

like image 338
Maggie Avatar asked Jun 13 '13 02:06

Maggie


People also ask

Which tag is used for custom permission in Android?

You can use the sharedUserId attribute in the AndroidManifest. xml 's manifest tag of each package to have them assigned the same user ID. By doing this, for purposes of security the two packages are then treated as being the same app, with the same user ID and file permissions.

What are custom permissions in Android?

Android allows mobile application developers to define custom permissions in their apps. Custom permissions are often used to protect different application components, such as Activities, Services, ContentProviders, and Broadcast Receivers, from 3rd- party applications installed on the device.

What is the main purpose of permissions in Android?

App permissions help support user privacy by protecting access to the following: Restricted data, such as system state and a user's contact information. Restricted actions, such as connecting to a paired device and recording audio.

How many types of permissions are there in Android?

The three permission protection levels in Android are as follows: Normal Permissions. Signature Permissions. Dangerous Permissions.


1 Answers

The answers to your questions is give below. But you may refer http://developer.android.com/guide/topics/manifest/permission-element.html for a better understanding of Android permissions.

1.Yes, if you declare

android:protectionLevel="dangerous"

then the system may not automatically grant it to the requesting application.Any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding.

The base app defining custom permission is supposed to provide a description via

android:description="string resource"

Here is the an example permission definition. Hope it is self explanatory.

<permission android:description="string resource"
android:icon="drawable resource"
android:label="string resource"
android:name="string"
android:permissionGroup="string"
android:protectionLevel=["normal" | "dangerous" | 
 "signature" | "signatureOrSystem"] />

2.As far as I know, there is no way for the client app to see the presence of base app at the time of installation. But it is possible when the client App is started. Anyway, permissions are granted by the Android system based on your android.xml file. So the client app don't have to bother about base app at the time of installation.

3.The base app can be removed even when client app is still installed. It won't through any error messages or security exceptions at any stage. But when you try to run client app again, you may get an 'Activity not found' exception at the point where you try to call a base app activity from client app.

like image 75
Vishnuprasad R Avatar answered Oct 11 '22 11:10

Vishnuprasad R