Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Regarding Android Permissions and Signature Protection level

Tags:

android

permissions

I am new to Android and have a question regarding protection level "Signature" for permissions in AndroidManifest.xml.

The Android reference document states about "Signature" protection level:

A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

This implies that permissions which have protection level "Signature" are not available to use by normal application and can only be used Android Dev Team.

What I am wondering about is that how many applications in Android Market or on other sites can have these permissions? Like an application which is used for recording calls has android.permission.DEVICE_POWER in addition to other permissions. Is Android system really granting this permission to this application while installation?

When I tried to use the permission "READ_INPUT_STATE" (new in 2.2) I got the following error in LogCat:

06-28 09:28:34.943: WARN/PackageManager(60): Not granting permission android.permission.READ_INPUT_STATE to package com.example.wheredoyoulive (protectionLevel=2 flags=0x8444)

The same is true for permissions with Protection Level "SignatureOrSystem". There exists a caller application which has CALL_PRIVILEGED permission in addition to other permissions.

Please help me and clear my doubts.

Regards

Abhishek

like image 680
tandon16 Avatar asked Jun 28 '10 04:06

tandon16

People also ask

What is signature level permission in Android?

" signature " A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

What is signature protection?

Signature protection detects and prevents network-oriented attacks, Operation System (OS) oriented attacks and application-oriented attacks by comparing each packet to the set of signatures stored in the Signatures database.

What permission protection level is the default for Android devices?

Android system permissions are divided between “normal” and “dangerous” permissions. Android allows “normal” permissions — such as giving apps access to the internet — by default. That's because normal permissions shouldn't pose a risk to your privacy or your device's functionality.

How many security levels are there on Android?

Security can be considered primarily at two levels; wireless transmission medium and mobile data level, where malicious applications execute their behavior by exploiting vulnerabilities present in mobile OS.

1 Answers

I believe the purpose of the "Signature" permission level is for two applications by the same developer to be able to share data seamlessly without bothering the user. The READ_INPUT_STATE permission is not intended to be used in applications:

Allows an application to retrieve the current state of keys and switches. This is only for use by the system.

See http://developer.android.com/reference/android/Manifest.permission.html#READ_INPUT_STATE

like image 131
Computerish Avatar answered Oct 07 '22 10:10

Computerish
Sign in to Comment

Related questions

Is GET_ACCOUNTS permission still required for Google Drive REST API?
How to use ndk-stack step-by-step?
Flutter : Create directory on external storage path - path provider getExternalStorageDirectory()
How to fix "Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement"
After DataSource.Invalidate() new PagedList has only one page
Pick from Google Photos provider with ACTION_GET_CONTENT or OPEN_DOCUMENT
How to stop Moshi from parsing a specific object attribute
Symbol 'IllegalArgumentException' is inaccessible from here
Use JaCoCo in Android Project with Gradle
'beforeunload' event triggers when page is left in the background on Android
Maintaining scroll position only works when not near the bottom of messages div
ViewPager2/Tabs problem with ViewModel state
Kotlin Flow execute two API calls in parallel and collect each result as it arrives
Translate Firebase MLKit Bounding box coordinates to screen view coordinates
Flutter: Tried to automatically register plugins with FlutterEngine but could not find and invoke the GeneratedPluginRegistrant
How Can I Ship an App Bundle Without Giving Google Signing Authority?
'if' must have both main and 'else' branches if used as an expression
startActivityForResult(android.content.Intent, int)' is deprecated
What is the "AdMob Offline Notifications" notification channel?
fillViewPort behavior in Jetpack Compose Column

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!