Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Regarding Android Permissions and Signature Protection level

I am new to Android and have a question regarding protection level "Signature" for permissions in AndroidManifest.xml.

The Android reference document states about "Signature" protection level:

A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

This implies that permissions which have protection level "Signature" are not available to use by normal application and can only be used Android Dev Team.

What I am wondering about is that how many applications in Android Market or on other sites can have these permissions? Like an application which is used for recording calls has android.permission.DEVICE_POWER in addition to other permissions. Is Android system really granting this permission to this application while installation?

When I tried to use the permission "READ_INPUT_STATE" (new in 2.2) I got the following error in LogCat:

06-28 09:28:34.943: WARN/PackageManager(60): Not granting permission android.permission.READ_INPUT_STATE to package com.example.wheredoyoulive (protectionLevel=2 flags=0x8444)

The same is true for permissions with Protection Level "SignatureOrSystem". There exists a caller application which has CALL_PRIVILEGED permission in addition to other permissions.

Please help me and clear my doubts.

Regards

Abhishek

like image 680
tandon16 Avatar asked Jun 28 '10 04:06

tandon16


People also ask

What is signature level permission in Android?

" signature " A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

What is signature protection?

Signature protection detects and prevents network-oriented attacks, Operation System (OS) oriented attacks and application-oriented attacks by comparing each packet to the set of signatures stored in the Signatures database.

What permission protection level is the default for Android devices?

Android system permissions are divided between “normal” and “dangerous” permissions. Android allows “normal” permissions — such as giving apps access to the internet — by default. That's because normal permissions shouldn't pose a risk to your privacy or your device's functionality.

How many security levels are there on Android?

Security can be considered primarily at two levels; wireless transmission medium and mobile data level, where malicious applications execute their behavior by exploiting vulnerabilities present in mobile OS.


1 Answers

I believe the purpose of the "Signature" permission level is for two applications by the same developer to be able to share data seamlessly without bothering the user. The READ_INPUT_STATE permission is not intended to be used in applications:

Allows an application to retrieve the current state of keys and switches. This is only for use by the system.

See http://developer.android.com/reference/android/Manifest.permission.html#READ_INPUT_STATE

like image 131
Computerish Avatar answered Oct 07 '22 10:10

Computerish