SlideShare a Scribd company logo

Android Security - Permission: A concise overview of Android permissions

Download as PPTX, PDF
B
Bin Yang

Android Security

Engineering
1 of 20
1 Android Security - Permission
2 Agenda • What is permission • System prebuilt vs APK Custom • Request a permission • Grant permission • Enforce Permission • Runtime permission
3 What is Permission • Applications (UIDs) are assigned permissions • Permissions are needed to control access to System resources (logs, battery, etc.) Sensitive data (SMS, contacts, e-mails, etc.) System interfaces (Internet, send SMS, etc.) • Application (developers) can also define own permissions to protect application interfaces • A string
4 Permission Group Divide permissions into some groups based on functionality. In M, Permission is granted by group.
5 Permission Level • Normal Lower-risk permission, auto grant in installation • Dangerous Higher-risk permission, Need user grant.(Runtime grant/revoke in M) • Signature Auto grant in installation if caller/callee are signed by same certification • SignatureOrSystem Auto grant in installation if caller/callee are signed by same certification or caller is in system image.
6 System Prebuilt In frameworks/base/core/res/AndroidManifest.xml <permission android:name="android.permission.READ_CONTACTS" android:permissionGroup="android.permission-group.CONTACTS" android:label="@string/permlab_readContacts" android:description="@string/permdesc_readContacts" android:protectionLevel="dangerous" />
7 APK Custom In AndroidManifest.xml of APK <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.android.myapp" > <permission android:name="com.example.app.DO_X" android:label="@string/do_x_label" android:description="@string/do_x_desc" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="dangerous" /> … </manifest>
8 Permission Conflict Multiple applications may attempt to define the same permission name • "first definition wins" principle. • Android 4.4.3+ gives precedence to system applications • Android 5.0+ blocks installation completely for applications attempting to define an existing permission if they are signed with a different key than the first definer
9 Request Permission Declare in AndroidMainifest.xml <manifest package="com.XXX"> <uses-permission android:name="android.permission.XXX" /> … </manifest>
10 Grant Permission Grant the permission when installation before M.
11 Grant Permission • Android cannot grant permissions that don’t exist yet If an application requires a permission which is not existing in system, the system will not grant the permission to the requesting application. • An application who defines <permission> is uninstalled, the permission records are removed from the system’s known permissions list. Any applications currently holding that permission will still have the permission granted to them until they are updated/reinstalled.
12 Grant Permission (2) Assign permission in prebuilt etc/permission/platform.xml <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />  Assign higher-level permissions to system processes running under a specific UID that do not have a corresponding package.  Allows specific core system users to perform the given operations with the higher-level framework
13 Enforce Permission • Kernel • Java components • Native daemons
14 Enforce Permission - Kernel Access to files/device nodes/and local sockets is regulated by Kernel. Permission <map> Supplementary GIDs <permission name="android.permission.ACCESS_FM_RADIO" > <group gid="media" /> </permission> JNI APK Device Node Security check APK has a special permission which is mapped to GroupB in platform.xml Group B UserID :arbitrary
15 Java Components - Static Managed by ActivityManagerService Components who uses permission Components who declares permission Check by AMS
16 Java Components - Dynamic Programmatically check if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.XX) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException("Requires XXX permission"); }
17 Native daemons Dynamic Programmatically check
18 Runtime Permission • Support in M • Dangerous permissions can be granted/revoked in runtime. • Other permission will be granted in installation automatically. • Only has to grant permission once per app for each permission group. • No difference for permission enforce
19 Runtime Permission - Revoke Before M: Not allowed From M: Revocable from Settings.
20 Runtime Permission - Caller • Always Check for Permissions • Handle Lack of Permissions Gracefully if (checkSelfPermission(Manifest.permission.READ_CONTACTS) != PackageManager.PERMISSION_GRANTED) { if (shouldShowRequestPermissionRationale( Manifest.permission.READ_CONTACTS)) { } requestPermissions(new String[]{Manifest.permission.READ_CONTACTS}, MY_PERMISSIONS_REQUEST_READ_CONTACTS); return; }

Recommended

0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Security
SecuritySecurity
SecurityPooja Talreja
 
Os Command Injection Attack
Os Command Injection AttackOs Command Injection Attack
Os Command Injection AttackRaghav Bisht
 
Audit observation
Audit observationAudit observation
Audit observationShaswat Khatiwada
 
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3? Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3? AlienVault
 
2010 db security
2010 db security2010 db security
2010 db securityWayne Evans
 
Seurity In Vista
Seurity In VistaSeurity In Vista
Seurity In VistaNetworking
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 

Recommended

0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Security
SecuritySecurity
SecurityPooja Talreja
 
Os Command Injection Attack
Os Command Injection AttackOs Command Injection Attack
Os Command Injection AttackRaghav Bisht
 
Audit observation
Audit observationAudit observation
Audit observationShaswat Khatiwada
 
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3? Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3? AlienVault
 
2010 db security
2010 db security2010 db security
2010 db securityWayne Evans
 
Seurity In Vista
Seurity In VistaSeurity In Vista
Seurity In VistaNetworking
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
Android security
Android securityAndroid security
Android securityKrazy Koder
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
MR201408 SE for Android Overview
MR201408 SE for Android OverviewMR201408 SE for Android Overview
MR201408 SE for Android OverviewFFRI, Inc.
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012Microsoft TechNet - Belgium and Luxembourg
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10blusmurfydot1
 
20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料ak_shio_555
 
Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Ibnu Sina Wardy
 
Android permission system
Android permission systemAndroid permission system
Android permission systemShivang Goel
 
Sandbox Introduction
Sandbox IntroductionSandbox Introduction
Sandbox Introductionmsimkin
 
Anatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAnatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAbhinav Mishra
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsHariharan Ganesan
 
Android(1)
Android(1)Android(1)
Android(1)Nikola Milosevic
 
Android permission system
Android permission systemAndroid permission system
Android permission systemShivang Goel
 
Android training day 4
Android training day 4Android training day 4
Android training day 4Vivek Bhusal
 
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009sullis
 
Android 6.0 permission change
Android 6.0 permission changeAndroid 6.0 permission change
Android 6.0 permission change彥彬 洪
 
Android AsyncTask Tutorial
Android AsyncTask TutorialAndroid AsyncTask Tutorial
Android AsyncTask TutorialPerfect APK
 
Json Tutorial
Json TutorialJson Tutorial
Json TutorialNapendra Singh
 
Basic Android Push Notification
Basic Android Push NotificationBasic Android Push Notification
Basic Android Push NotificationChaiyasit Tayabovorn
 
Android new permission model
Android new permission modelAndroid new permission model
Android new permission modelTakuji Nishibayashi
 
JSON overview and demo
JSON overview and demoJSON overview and demo
JSON overview and demoFlatiron School
 

More Related Content

What's hot

Android security
Android securityAndroid security
Android securityKrazy Koder
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
MR201408 SE for Android Overview
MR201408 SE for Android OverviewMR201408 SE for Android Overview
MR201408 SE for Android OverviewFFRI, Inc.
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10blusmurfydot1
 

What's hot (6)

Android security
Android securityAndroid security
Android security
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating system
 
MR201408 SE for Android Overview
MR201408 SE for Android OverviewMR201408 SE for Android Overview
MR201408 SE for Android Overview
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
 

Viewers also liked

20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料ak_shio_555
 
Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Ibnu Sina Wardy
 
Android permission system
Android permission systemAndroid permission system
Android permission systemShivang Goel
 
Sandbox Introduction
Sandbox IntroductionSandbox Introduction
Sandbox Introductionmsimkin
 
Anatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAnatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAbhinav Mishra
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsHariharan Ganesan
 
Android permission system
Android permission systemAndroid permission system
Android permission systemShivang Goel
 
Android training day 4
Android training day 4Android training day 4
Android training day 4Vivek Bhusal
 
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009sullis
 
Android 6.0 permission change
Android 6.0 permission changeAndroid 6.0 permission change
Android 6.0 permission change彥彬 洪
 
Android AsyncTask Tutorial
Android AsyncTask TutorialAndroid AsyncTask Tutorial
Android AsyncTask TutorialPerfect APK
 
Simple JSON parser
Simple JSON parserSimple JSON parser
Simple JSON parserDongjun Lee
 
Android webservices
Android webservicesAndroid webservices
Android webservicesKrazy Koder
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011pundiramit
 

Viewers also liked (20)

20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料
 
Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1
 
Android permission system
Android permission systemAndroid permission system
Android permission system
 
Sandbox Introduction
Sandbox IntroductionSandbox Introduction
Sandbox Introduction
 
Anatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAnatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shop
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
 
Android(1)
Android(1)Android(1)
Android(1)
 
Android permission system
Android permission systemAndroid permission system
Android permission system
 
Android training day 4
Android training day 4Android training day 4
Android training day 4
 
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009
 
Android 6.0 permission change
Android 6.0 permission changeAndroid 6.0 permission change
Android 6.0 permission change
 
Android AsyncTask Tutorial
Android AsyncTask TutorialAndroid AsyncTask Tutorial
Android AsyncTask Tutorial
 
Json Tutorial
Json TutorialJson Tutorial
Json Tutorial
 
Basic Android Push Notification
Basic Android Push NotificationBasic Android Push Notification
Basic Android Push Notification
 
Android new permission model
Android new permission modelAndroid new permission model
Android new permission model
 
JSON overview and demo
JSON overview and demoJSON overview and demo
JSON overview and demo
 
App Permissions
App PermissionsApp Permissions
App Permissions
 
Simple JSON parser
Simple JSON parserSimple JSON parser
Simple JSON parser
 
Android webservices
Android webservicesAndroid webservices
Android webservices
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011
 

Similar to Android Security - Permission: A concise overview of Android permissions

Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Siddhartha Kakarla
 
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docx
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docxAndroid Permissions DemystifiedAdrienne Porter Felt, Erika.docx
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docxdurantheseldine
 
A Framework for Providing Selective Permissions to Android Applications
A Framework for Providing Selective Permissions to Android ApplicationsA Framework for Providing Selective Permissions to Android Applications
A Framework for Providing Selective Permissions to Android ApplicationsIOSR Journals
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
Octopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EEOctopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EERudy De Busscher
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentalsJassika
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security FosdemElena Reshetova
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 

Similar to Android Security - Permission: A concise overview of Android permissions (20)

Android Security
Android SecurityAndroid Security
Android Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Permission enforcement s in android new (1)
Permission enforcement s in android new (1)
 
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docx
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docxAndroid Permissions DemystifiedAdrienne Porter Felt, Erika.docx
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docx
 
A Framework for Providing Selective Permissions to Android Applications
A Framework for Providing Selective Permissions to Android ApplicationsA Framework for Providing Selective Permissions to Android Applications
A Framework for Providing Selective Permissions to Android Applications
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
Securing Android
Securing AndroidSecuring Android
Securing Android
 
Mobile security
Mobile securityMobile security
Mobile security
 
Securing android applications
Securing android applicationsSecuring android applications
Securing android applications
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
Octopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EEOctopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EE
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentals
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security Fosdem
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Stormwatch micration
Stormwatch micrationStormwatch micration
Stormwatch micration
 
Os8
Os8Os8
Os8
 
Os8
Os8Os8
Os8
 

More from Bin Yang

Introduction of android treble
Introduction of android trebleIntroduction of android treble
Introduction of android trebleBin Yang
 
Introduction of Android Architecture
Introduction of Android ArchitectureIntroduction of Android Architecture
Introduction of Android ArchitectureBin Yang
 
New features in android m upload
New features in android m uploadNew features in android m upload
New features in android m uploadBin Yang
 
Android ressource and overlay upload
Android ressource and overlay uploadAndroid ressource and overlay upload
Android ressource and overlay uploadBin Yang
 
Linker namespace upload
Linker namespace uploadLinker namespace upload
Linker namespace uploadBin Yang
 
Linker and loader upload
Linker and loader uploadLinker and loader upload
Linker and loader uploadBin Yang
 
Update from android kk to android l
Update from android kk to android lUpdate from android kk to android l
Update from android kk to android lBin Yang
 
Google IO 2014 overview
Google IO 2014 overviewGoogle IO 2014 overview
Google IO 2014 overviewBin Yang
 

More from Bin Yang (8)

Introduction of android treble
Introduction of android trebleIntroduction of android treble
Introduction of android treble
 
Introduction of Android Architecture
Introduction of Android ArchitectureIntroduction of Android Architecture
Introduction of Android Architecture
 
New features in android m upload
New features in android m uploadNew features in android m upload
New features in android m upload
 
Android ressource and overlay upload
Android ressource and overlay uploadAndroid ressource and overlay upload
Android ressource and overlay upload
 
Linker namespace upload
Linker namespace uploadLinker namespace upload
Linker namespace upload
 
Linker and loader upload
Linker and loader uploadLinker and loader upload
Linker and loader upload
 
Update from android kk to android l
Update from android kk to android lUpdate from android kk to android l
Update from android kk to android l
 
Google IO 2014 overview
Google IO 2014 overviewGoogle IO 2014 overview
Google IO 2014 overview
 

Recently uploaded

CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncssuser2ae721
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Comparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization TechniquesComparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization Techniquesugginaramesh
 

Recently uploaded (20)

Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Comparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization TechniquesComparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization Techniques
 

Android Security - Permission: A concise overview of Android permissions

  • 1. 1 Android Security - Permission
  • 2. 2 Agenda • What is permission • System prebuilt vs APK Custom • Request a permission • Grant permission • Enforce Permission • Runtime permission
  • 3. 3 What is Permission • Applications (UIDs) are assigned permissions • Permissions are needed to control access to System resources (logs, battery, etc.) Sensitive data (SMS, contacts, e-mails, etc.) System interfaces (Internet, send SMS, etc.) • Application (developers) can also define own permissions to protect application interfaces • A string
  • 4. 4 Permission Group Divide permissions into some groups based on functionality. In M, Permission is granted by group.
  • 5. 5 Permission Level • Normal Lower-risk permission, auto grant in installation • Dangerous Higher-risk permission, Need user grant.(Runtime grant/revoke in M) • Signature Auto grant in installation if caller/callee are signed by same certification • SignatureOrSystem Auto grant in installation if caller/callee are signed by same certification or caller is in system image.
  • 6. 6 System Prebuilt In frameworks/base/core/res/AndroidManifest.xml <permission android:name="android.permission.READ_CONTACTS" android:permissionGroup="android.permission-group.CONTACTS" android:label="@string/permlab_readContacts" android:description="@string/permdesc_readContacts" android:protectionLevel="dangerous" />
  • 7. 7 APK Custom In AndroidManifest.xml of APK <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.android.myapp" > <permission android:name="com.example.app.DO_X" android:label="@string/do_x_label" android:description="@string/do_x_desc" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="dangerous" /> … </manifest>
  • 8. 8 Permission Conflict Multiple applications may attempt to define the same permission name • "first definition wins" principle. • Android 4.4.3+ gives precedence to system applications • Android 5.0+ blocks installation completely for applications attempting to define an existing permission if they are signed with a different key than the first definer
  • 9. 9 Request Permission Declare in AndroidMainifest.xml <manifest package="com.XXX"> <uses-permission android:name="android.permission.XXX" /> … </manifest>
  • 10. 10 Grant Permission Grant the permission when installation before M.
  • 11. 11 Grant Permission • Android cannot grant permissions that don’t exist yet If an application requires a permission which is not existing in system, the system will not grant the permission to the requesting application. • An application who defines <permission> is uninstalled, the permission records are removed from the system’s known permissions list. Any applications currently holding that permission will still have the permission granted to them until they are updated/reinstalled.
  • 12. 12 Grant Permission (2) Assign permission in prebuilt etc/permission/platform.xml <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />  Assign higher-level permissions to system processes running under a specific UID that do not have a corresponding package.  Allows specific core system users to perform the given operations with the higher-level framework
  • 13. 13 Enforce Permission • Kernel • Java components • Native daemons
  • 14. 14 Enforce Permission - Kernel Access to files/device nodes/and local sockets is regulated by Kernel. Permission <map> Supplementary GIDs <permission name="android.permission.ACCESS_FM_RADIO" > <group gid="media" /> </permission> JNI APK Device Node Security check APK has a special permission which is mapped to GroupB in platform.xml Group B UserID :arbitrary
  • 15. 15 Java Components - Static Managed by ActivityManagerService Components who uses permission Components who declares permission Check by AMS
  • 16. 16 Java Components - Dynamic Programmatically check if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.XX) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException("Requires XXX permission"); }
  • 18. 18 Runtime Permission • Support in M • Dangerous permissions can be granted/revoked in runtime. • Other permission will be granted in installation automatically. • Only has to grant permission once per app for each permission group. • No difference for permission enforce
  • 19. 19 Runtime Permission - Revoke Before M: Not allowed From M: Revocable from Settings.
  • 20. 20 Runtime Permission - Caller • Always Check for Permissions • Handle Lack of Permissions Gracefully if (checkSelfPermission(Manifest.permission.READ_CONTACTS) != PackageManager.PERMISSION_GRANTED) { if (shouldShowRequestPermissionRationale( Manifest.permission.READ_CONTACTS)) { } requestPermissions(new String[]{Manifest.permission.READ_CONTACTS}, MY_PERMISSIONS_REQUEST_READ_CONTACTS); return; }

Editor's Notes

  1. When the application given a pending intent triggers the actual intent, it does so with the same permissions and the identity as the application that created the pending intent