Every Android application makes use of the facilities of the user’s phone (or pad or device). These facilities include memory, storage, the internet, GPS location services, phone book, and so on. Most of these facilities are straight-forward enough. But many have an impact (negative or positive) on the user or the device. For example, access to the user’s private contacts database should be restricted. And accessing some services, such as the internet, incurs a cost on some users, depending on their connection and arrangements with their phone provider.
The Android security system provides maximum flexibility with maximum security. Aside from the initial, default set of permissions (the “sandbox”) that an app operates in, it must get explicit permissions to do everything else.
The central security mechanism – as you are no doubt aware as a user of Android apps – is that in order to access almost any service via code, an application must explicitly request permission to do so. There are a lot of potential permissions to request – the full list is here. Some are downright dangerous – witness the permission to disable the device (BRICK) or allow an app to delete packages (DELETE_PACKAGES). These permissions should only be granted to very highly trusted and tested applications.
So, if you, as an application developer, want to broadcast an SMS receipt notification for example, then you have to make that explicit to the user downloading your app.
In the application’s XML manifest, a <uses-permission> entry must be made. Dublin Buzz needs permission to use GPS and network location providers and also to access the internet. These three lines make that request:
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"></uses-permission> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"></uses-permission> <uses-permission android:name="android.permission.INTERNET"></uses-permission>
As you can see, all permissions (pre-defined ones anyway) are preceded by “android.permission”. In our case, we need access to GPS (ACCESS_FINE_LOCATION) and network location (ACCESS_COARSE_LOCATION), plus the internet (INTERNET). When a user goes to download the file from Google Market, they are notified of the requirements of the application.
(I mentioned “pre-defined” permissions above. This is because developers can also add their own, custom permissions, perhaps to allow trusted applications to access their own data. This is beyond the scope of this posting.)
The system works reasonably well, as long as the Android API enforces use of the permissions. As long as users are aware of the implications of granting certain permissions, and as long as an application takes care to use the minimum required permissions, then every party is happy.
This is another reason why downloading apps with suspicious requests should not be done! if you’re downloading a simple calendar app, then if it makes a request for your location over GPS, you ought to be slightly suspicious!