-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathNeeded permissions explained.txt
171 lines (120 loc) · 7.56 KB
/
Needed permissions explained.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
------------Normal permissions------------
android.permission.RECEIVE_BOOT_COMPLETED
- Start the app at device boot
android.permission.FOREGROUND_SERVICE
- Run the Main Service (and any other(s)) in foreground as of API 28
android.permission.ACCESS_NOTIFICATION_POLICY
- To be able to change the Interruption Filter
android.permission.EXPAND_STATUS_BAR
- To be able to collapse the status bar for the PLS
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
- So the app can still work even in battery optimization modes, like Ultra Power Saver Mode in Samsung smartphones
android.permission.INTERNET
- So the app can ping devices on the same network to attempt to get the distance between the device where the app is
installed and the other devices (to locate the app device inside a building - very useful for the alarms system)
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_SCAN
- So the app can discover nearby Bluetooth devices. Useful currently to detect the relative location of the device
android.permission.CHANGE_WIFI_STATE
- To be able to toggle the Wi-Fi state on and off
android.permission.ACCESS_WIFI_STATE
- To be able to get the Wi-Fi state
android.permission.ACCESS_NETWORK_STATE
- To be able to know the state of the Mobile Data connection
android.permission.CHANGE_NETWORK_STATE
- To be able to change the state of the Mobile Data connection
------------Dangerous permissions------------
android.permission.RECEIVE_SMS
- Warn about new SMS
android.permission.RECORD_AUDIO
- Allow the user to put the app recording audio
android.permission.WRITE_EXTERNAL_STORAGE
- Write files to the external storage
android.permission.READ_PHONE_STATE
- To get phone state changes for PhoneCallProcessor
android.permission.READ_CALL_LOG
- To get the number that comes with the phone state change, as stated in Android Developers website
android.permission.READ_CONTACTS
- To read the phone contacts (so the assistant can know who is calling or sending the message)
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
- For the alarms system to know where the user is at the moment to fire the alarm at the right time
android.permission.ANSWER_PHONE_CALLS
- To be able to answer and end phone calls from Android Oreo onwards
android.permission.CALL_PHONE
- To be able to end phone calls below Android Oreo and to place calls
------------AppOps permissions------------
android.permission.SYSTEM_ALERT_WINDOW
- To be able to draw a window above everything to block status and virtual buttons bar access with the Protected Lock
Screen
android.permission.WRITE_SETTINGS
- To be able to change device settings, like the Airplane Mode below Android 4.2
------------Privileged apps' permissions------------
android.permission.CAPTURE_AUDIO_OUTPUT
android.permission.CAPTURE_MEDIA_OUTPUT
android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT
- To be able to record audio from any audio source desired
android.permission.READ_PRECISE_PHONE_STATE
- To receive changes of the phone state with precise phone states, as opposite to the more generic ones from
android.permission.READ_PHONE_STATE
android.permission.LOCK_DEVICE
- To be able to lock the device even without the app being a Device Administrator (only from Android 11 onwards)
android.permission.WRITE_SECURE_SETTINGS
- To be able to write secure settings, like Battery Saver Mode enabled or disabled
android.permission.MODIFY_PHONE_STATE
- To be able to change the Mobile Data connection state
android.permission.POWER_SAVER
- To be able to toggle the Battery Saver mode
android.permission.SHUTDOWN
- To be able to shut down the device
android.permission.REBOOT
- To be able to reboot the device
android.permission.CONNECTIVITY_INTERNAL
- To be able to toggle the Airplane Mode below Android 10
android.permission.CAPTURE_AUDIO_HOTWORD
- To be able to run the background hotword recognition while allowing other devices to use the microphone (the
background recognition will be stopped until the other app stops using the microphone). Without this permission, this
app remains in control of the microphone even if another app requests it (recording audio or camera,
Internet call...), and I don't know how to detect when another app is requesting the mic so that this one stops.
------------Verifier permissions------------
android.permission.GRANT_RUNTIME_PERMISSIONS
- To be able to grant runtime permissions --> which means force permissions to be granted
------------Installer permissions------------
android.permission.INTERACT_ACROSS_USERS_FULL
- To be able to grant runtime permissions for all users from inside any user
------------My permissions------------
@Deprecated - if I declare the permissions, if any app uninstalls this app, installs some app that declares these
permissions, and then the user attempts to install this app on Lollipop and above, they won't be able to, since they'll
get a duplicate permissions error. So no custom permissions. Safer, I guess.
Anyways,, there are security issues about them, so I had BIND_DEVICE_ADMIN as an <application> tag permission for only
the system to be able to start the app. Too much hassle. For more about that, please read
https://stackoverflow.com/questions/18573139 and
https://commonsware.com/blog/2014/02/12/vulnerabilities-custom-permissions.html. I've since then just removed those
permissions and put more care into the flags of each component, and if they're exported or not, and which exactly are
exported. For internal app communication (or external), broadcasts to specific packages - for internal communications,
the package is the app's package, so it's 100% safe.
These permissions, whatever they do, are just for precautions. They'll be used to be more sure of something, but the
app will NOT rely on them. Some other method will be made to do whatever they were supposed to do if there weren't
vulnerabilities on them.
com.edw590.visor_c_a.permission.INTERNAL_RECEIVERS
- This permission is to ensure that no other app receives internal communications of this app through broadcasts.
Communication with other apps developed by me will be handled some other way, since this one is vulnerable.
Note that there may be vulnerabilities and other apps could get the broadcasts. But still, this should make it harder.
It's just a precaution, because all broadcasts are sent with a requirement that this must be the app receiving them.
com.edw590.visor_c_a.permission.INCOMING_EXT_COMMS
- This permission exists for no other app to be able to communicate with this one, in the components that declare this
permission (or that inherit it). Communication with other apps developed by me will be handled some other way, since
this one is vulnerable.
Note that there may be vulnerabilities and other apps could communicate with this one. Though, this is just as
a precaution, because all internal components will be prepared to handle exactly no communications from outside, and
all external components will be made sure they know how to handle whatever comes to them, being it trusted or not.
------------SuperSU permission------------
android.permission.ACCESS_SUPERUSER
- From https://su.chainfire.eu/#updates-permission:
"X.4. ACCESS_SUPERUSER permission DEPRECATED
Due to changes in Android 5.0 Lollipop, this permission has been deprecated and is completely ignored from SuperSU
v2.30 onwards
From SuperSU version 1.20 and onwards, the android.permission.ACCESS_SUPERUSER permission is declared by SuperSU."
So it's a SuperSU deprecated permission, but leave it here anyways. Could be useful in some case.