SlideShare a Scribd company logo

Android Security - Permission: A concise overview of Android permissions

Download as PPTX, PDF
B
Bin Yang

Android Security

Engineering
1 of 20
1 Android Security - Permission
2 Agenda • What is permission • System prebuilt vs APK Custom • Request a permission • Grant permission • Enforce Permission • Runtime permission
3 What is Permission • Applications (UIDs) are assigned permissions • Permissions are needed to control access to System resources (logs, battery, etc.) Sensitive data (SMS, contacts, e-mails, etc.) System interfaces (Internet, send SMS, etc.) • Application (developers) can also define own permissions to protect application interfaces • A string
4 Permission Group Divide permissions into some groups based on functionality. In M, Permission is granted by group.
5 Permission Level • Normal Lower-risk permission, auto grant in installation • Dangerous Higher-risk permission, Need user grant.(Runtime grant/revoke in M) • Signature Auto grant in installation if caller/callee are signed by same certification • SignatureOrSystem Auto grant in installation if caller/callee are signed by same certification or caller is in system image.
6 System Prebuilt In frameworks/base/core/res/AndroidManifest.xml <permission android:name="android.permission.READ_CONTACTS" android:permissionGroup="android.permission-group.CONTACTS" android:label="@string/permlab_readContacts" android:description="@string/permdesc_readContacts" android:protectionLevel="dangerous" />
7 APK Custom In AndroidManifest.xml of APK <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.android.myapp" > <permission android:name="com.example.app.DO_X" android:label="@string/do_x_label" android:description="@string/do_x_desc" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="dangerous" /> … </manifest>
8 Permission Conflict Multiple applications may attempt to define the same permission name • "first definition wins" principle. • Android 4.4.3+ gives precedence to system applications • Android 5.0+ blocks installation completely for applications attempting to define an existing permission if they are signed with a different key than the first definer
9 Request Permission Declare in AndroidMainifest.xml <manifest package="com.XXX"> <uses-permission android:name="android.permission.XXX" /> … </manifest>
10 Grant Permission Grant the permission when installation before M.
11 Grant Permission • Android cannot grant permissions that don’t exist yet If an application requires a permission which is not existing in system, the system will not grant the permission to the requesting application. • An application who defines <permission> is uninstalled, the permission records are removed from the system’s known permissions list. Any applications currently holding that permission will still have the permission granted to them until they are updated/reinstalled.
12 Grant Permission (2) Assign permission in prebuilt etc/permission/platform.xml <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />  Assign higher-level permissions to system processes running under a specific UID that do not have a corresponding package.  Allows specific core system users to perform the given operations with the higher-level framework
13 Enforce Permission • Kernel • Java components • Native daemons
14 Enforce Permission - Kernel Access to files/device nodes/and local sockets is regulated by Kernel. Permission <map> Supplementary GIDs <permission name="android.permission.ACCESS_FM_RADIO" > <group gid="media" /> </permission> JNI APK Device Node Security check APK has a special permission which is mapped to GroupB in platform.xml Group B UserID :arbitrary
15 Java Components - Static Managed by ActivityManagerService Components who uses permission Components who declares permission Check by AMS
16 Java Components - Dynamic Programmatically check if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.XX) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException("Requires XXX permission"); }
17 Native daemons Dynamic Programmatically check
18 Runtime Permission • Support in M • Dangerous permissions can be granted/revoked in runtime. • Other permission will be granted in installation automatically. • Only has to grant permission once per app for each permission group. • No difference for permission enforce
19 Runtime Permission - Revoke Before M: Not allowed From M: Revocable from Settings.
20 Runtime Permission - Caller • Always Check for Permissions • Handle Lack of Permissions Gracefully if (checkSelfPermission(Manifest.permission.READ_CONTACTS) != PackageManager.PERMISSION_GRANTED) { if (shouldShowRequestPermissionRationale( Manifest.permission.READ_CONTACTS)) { } requestPermissions(new String[]{Manifest.permission.READ_CONTACTS}, MY_PERMISSIONS_REQUEST_READ_CONTACTS); return; }

Recommended

0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Security
SecuritySecurity
SecurityPooja Talreja
 
Os Command Injection Attack
Os Command Injection AttackOs Command Injection Attack
Os Command Injection AttackRaghav Bisht
 
Audit observation
Audit observationAudit observation
Audit observationShaswat Khatiwada
 
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3? Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3? AlienVault
 
2010 db security
2010 db security2010 db security
2010 db securityWayne Evans
 
Seurity In Vista
Seurity In VistaSeurity In Vista
Seurity In VistaNetworking
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 

Recommended

0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Security
SecuritySecurity
SecurityPooja Talreja
 
Os Command Injection Attack
Os Command Injection AttackOs Command Injection Attack
Os Command Injection AttackRaghav Bisht
 
Audit observation
Audit observationAudit observation
Audit observationShaswat Khatiwada
 
Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3? Whats New in OSSIM v2.3?
Whats New in OSSIM v2.3? AlienVault
 
2010 db security
2010 db security2010 db security
2010 db securityWayne Evans
 
Seurity In Vista
Seurity In VistaSeurity In Vista
Seurity In VistaNetworking
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
Android security
Android securityAndroid security
Android securityKrazy Koder
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
MR201408 SE for Android Overview
MR201408 SE for Android OverviewMR201408 SE for Android Overview
MR201408 SE for Android OverviewFFRI, Inc.
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012Microsoft TechNet - Belgium and Luxembourg
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10blusmurfydot1
 
20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料ak_shio_555
 
Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Ibnu Sina Wardy
 
Android permission system
Android permission systemAndroid permission system
Android permission systemShivang Goel
 
Sandbox Introduction
Sandbox IntroductionSandbox Introduction
Sandbox Introductionmsimkin
 
Anatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAnatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAbhinav Mishra
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsHariharan Ganesan
 
Android(1)
Android(1)Android(1)
Android(1)Nikola Milosevic
 
Android permission system
Android permission systemAndroid permission system
Android permission systemShivang Goel
 
Android training day 4
Android training day 4Android training day 4
Android training day 4Vivek Bhusal
 
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009sullis
 
Android 6.0 permission change
Android 6.0 permission changeAndroid 6.0 permission change
Android 6.0 permission change彥彬 洪
 
Android AsyncTask Tutorial
Android AsyncTask TutorialAndroid AsyncTask Tutorial
Android AsyncTask TutorialPerfect APK
 
Json Tutorial
Json TutorialJson Tutorial
Json TutorialNapendra Singh
 
Basic Android Push Notification
Basic Android Push NotificationBasic Android Push Notification
Basic Android Push NotificationChaiyasit Tayabovorn
 
Android new permission model
Android new permission modelAndroid new permission model
Android new permission modelTakuji Nishibayashi
 
JSON overview and demo
JSON overview and demoJSON overview and demo
JSON overview and demoFlatiron School
 

More Related Content

What's hot

Android security
Android securityAndroid security
Android securityKrazy Koder
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
MR201408 SE for Android Overview
MR201408 SE for Android OverviewMR201408 SE for Android Overview
MR201408 SE for Android OverviewFFRI, Inc.
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10blusmurfydot1
 

What's hot (6)

Android security
Android securityAndroid security
Android security
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating system
 
MR201408 SE for Android Overview
MR201408 SE for Android OverviewMR201408 SE for Android Overview
MR201408 SE for Android Overview
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
 

Viewers also liked

20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料ak_shio_555
 
Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Ibnu Sina Wardy
 
Android permission system
Android permission systemAndroid permission system
Android permission systemShivang Goel
 
Sandbox Introduction
Sandbox IntroductionSandbox Introduction
Sandbox Introductionmsimkin
 
Anatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAnatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAbhinav Mishra
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsHariharan Ganesan
 
Android permission system
Android permission systemAndroid permission system
Android permission systemShivang Goel
 
Android training day 4
Android training day 4Android training day 4
Android training day 4Vivek Bhusal
 
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009sullis
 
Android 6.0 permission change
Android 6.0 permission changeAndroid 6.0 permission change
Android 6.0 permission change彥彬 洪
 
Android AsyncTask Tutorial
Android AsyncTask TutorialAndroid AsyncTask Tutorial
Android AsyncTask TutorialPerfect APK
 
Simple JSON parser
Simple JSON parserSimple JSON parser
Simple JSON parserDongjun Lee
 
Android webservices
Android webservicesAndroid webservices
Android webservicesKrazy Koder
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011pundiramit
 

Viewers also liked (20)

20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料20150909 日本androidの会9月定例講演資料
20150909 日本androidの会9月定例講演資料
 
Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1Tips dan Third Party Library untuk Android - Part 1
Tips dan Third Party Library untuk Android - Part 1
 
Android permission system
Android permission systemAndroid permission system
Android permission system
 
Sandbox Introduction
Sandbox IntroductionSandbox Introduction
Sandbox Introduction
 
Anatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shopAnatomizing online payment systems: hack to shop
Anatomizing online payment systems: hack to shop
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
 
Android(1)
Android(1)Android(1)
Android(1)
 
Android permission system
Android permission systemAndroid permission system
Android permission system
 
Android training day 4
Android training day 4Android training day 4
Android training day 4
 
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009
 
Android 6.0 permission change
Android 6.0 permission changeAndroid 6.0 permission change
Android 6.0 permission change
 
Android AsyncTask Tutorial
Android AsyncTask TutorialAndroid AsyncTask Tutorial
Android AsyncTask Tutorial
 
Json Tutorial
Json TutorialJson Tutorial
Json Tutorial
 
Basic Android Push Notification
Basic Android Push NotificationBasic Android Push Notification
Basic Android Push Notification
 
Android new permission model
Android new permission modelAndroid new permission model
Android new permission model
 
JSON overview and demo
JSON overview and demoJSON overview and demo
JSON overview and demo
 
App Permissions
App PermissionsApp Permissions
App Permissions
 
Simple JSON parser
Simple JSON parserSimple JSON parser
Simple JSON parser
 
Android webservices
Android webservicesAndroid webservices
Android webservices
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011
 

Similar to Android Security - Permission: A concise overview of Android permissions

Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Siddhartha Kakarla
 
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docx
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docxAndroid Permissions DemystifiedAdrienne Porter Felt, Erika.docx
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docxdurantheseldine
 
A Framework for Providing Selective Permissions to Android Applications
A Framework for Providing Selective Permissions to Android ApplicationsA Framework for Providing Selective Permissions to Android Applications
A Framework for Providing Selective Permissions to Android ApplicationsIOSR Journals
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
Octopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EEOctopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EERudy De Busscher
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentalsJassika
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSEC-Council
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security FosdemElena Reshetova
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 

Similar to Android Security - Permission: A concise overview of Android permissions (20)

Android Security
Android SecurityAndroid Security
Android Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Permission enforcement s in android new (1)
Permission enforcement s in android new (1)
 
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docx
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docxAndroid Permissions DemystifiedAdrienne Porter Felt, Erika.docx
Android Permissions DemystifiedAdrienne Porter Felt, Erika.docx
 
A Framework for Providing Selective Permissions to Android Applications
A Framework for Providing Selective Permissions to Android ApplicationsA Framework for Providing Selective Permissions to Android Applications
A Framework for Providing Selective Permissions to Android Applications
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
Securing Android
Securing AndroidSecuring Android
Securing Android
 
Mobile security
Mobile securityMobile security
Mobile security
 
Securing android applications
Securing android applicationsSecuring android applications
Securing android applications
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
Octopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EEOctopus framework; Permission based security framework for Java EE
Octopus framework; Permission based security framework for Java EE
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentals
 
Hacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OSHacker Halted 2014 - Reverse Engineering the Android OS
Hacker Halted 2014 - Reverse Engineering the Android OS
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security Fosdem
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Stormwatch micration
Stormwatch micrationStormwatch micration
Stormwatch micration
 
Os8
Os8Os8
Os8
 
Os8
Os8Os8
Os8
 

More from Bin Yang

Introduction of android treble
Introduction of android trebleIntroduction of android treble
Introduction of android trebleBin Yang
 
Introduction of Android Architecture
Introduction of Android ArchitectureIntroduction of Android Architecture
Introduction of Android ArchitectureBin Yang
 
New features in android m upload
New features in android m uploadNew features in android m upload
New features in android m uploadBin Yang
 
Android ressource and overlay upload
Android ressource and overlay uploadAndroid ressource and overlay upload
Android ressource and overlay uploadBin Yang
 
Linker namespace upload
Linker namespace uploadLinker namespace upload
Linker namespace uploadBin Yang
 
Linker and loader upload
Linker and loader uploadLinker and loader upload
Linker and loader uploadBin Yang
 
Update from android kk to android l
Update from android kk to android lUpdate from android kk to android l
Update from android kk to android lBin Yang
 
Google IO 2014 overview
Google IO 2014 overviewGoogle IO 2014 overview
Google IO 2014 overviewBin Yang
 

More from Bin Yang (8)

Introduction of android treble
Introduction of android trebleIntroduction of android treble
Introduction of android treble
 
Introduction of Android Architecture
Introduction of Android ArchitectureIntroduction of Android Architecture
Introduction of Android Architecture
 
New features in android m upload
New features in android m uploadNew features in android m upload
New features in android m upload
 
Android ressource and overlay upload
Android ressource and overlay uploadAndroid ressource and overlay upload
Android ressource and overlay upload
 
Linker namespace upload
Linker namespace uploadLinker namespace upload
Linker namespace upload
 
Linker and loader upload
Linker and loader uploadLinker and loader upload
Linker and loader upload
 
Update from android kk to android l
Update from android kk to android lUpdate from android kk to android l
Update from android kk to android l
 
Google IO 2014 overview
Google IO 2014 overviewGoogle IO 2014 overview
Google IO 2014 overview
 

Recently uploaded

Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 

Recently uploaded (20)

Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 

Android Security - Permission: A concise overview of Android permissions

  • 1. 1 Android Security - Permission
  • 2. 2 Agenda • What is permission • System prebuilt vs APK Custom • Request a permission • Grant permission • Enforce Permission • Runtime permission
  • 3. 3 What is Permission • Applications (UIDs) are assigned permissions • Permissions are needed to control access to System resources (logs, battery, etc.) Sensitive data (SMS, contacts, e-mails, etc.) System interfaces (Internet, send SMS, etc.) • Application (developers) can also define own permissions to protect application interfaces • A string
  • 4. 4 Permission Group Divide permissions into some groups based on functionality. In M, Permission is granted by group.
  • 5. 5 Permission Level • Normal Lower-risk permission, auto grant in installation • Dangerous Higher-risk permission, Need user grant.(Runtime grant/revoke in M) • Signature Auto grant in installation if caller/callee are signed by same certification • SignatureOrSystem Auto grant in installation if caller/callee are signed by same certification or caller is in system image.
  • 6. 6 System Prebuilt In frameworks/base/core/res/AndroidManifest.xml <permission android:name="android.permission.READ_CONTACTS" android:permissionGroup="android.permission-group.CONTACTS" android:label="@string/permlab_readContacts" android:description="@string/permdesc_readContacts" android:protectionLevel="dangerous" />
  • 7. 7 APK Custom In AndroidManifest.xml of APK <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.android.myapp" > <permission android:name="com.example.app.DO_X" android:label="@string/do_x_label" android:description="@string/do_x_desc" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="dangerous" /> … </manifest>
  • 8. 8 Permission Conflict Multiple applications may attempt to define the same permission name • "first definition wins" principle. • Android 4.4.3+ gives precedence to system applications • Android 5.0+ blocks installation completely for applications attempting to define an existing permission if they are signed with a different key than the first definer
  • 9. 9 Request Permission Declare in AndroidMainifest.xml <manifest package="com.XXX"> <uses-permission android:name="android.permission.XXX" /> … </manifest>
  • 10. 10 Grant Permission Grant the permission when installation before M.
  • 11. 11 Grant Permission • Android cannot grant permissions that don’t exist yet If an application requires a permission which is not existing in system, the system will not grant the permission to the requesting application. • An application who defines <permission> is uninstalled, the permission records are removed from the system’s known permissions list. Any applications currently holding that permission will still have the permission granted to them until they are updated/reinstalled.
  • 12. 12 Grant Permission (2) Assign permission in prebuilt etc/permission/platform.xml <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />  Assign higher-level permissions to system processes running under a specific UID that do not have a corresponding package.  Allows specific core system users to perform the given operations with the higher-level framework
  • 13. 13 Enforce Permission • Kernel • Java components • Native daemons
  • 14. 14 Enforce Permission - Kernel Access to files/device nodes/and local sockets is regulated by Kernel. Permission <map> Supplementary GIDs <permission name="android.permission.ACCESS_FM_RADIO" > <group gid="media" /> </permission> JNI APK Device Node Security check APK has a special permission which is mapped to GroupB in platform.xml Group B UserID :arbitrary
  • 15. 15 Java Components - Static Managed by ActivityManagerService Components who uses permission Components who declares permission Check by AMS
  • 16. 16 Java Components - Dynamic Programmatically check if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.XX) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException("Requires XXX permission"); }
  • 18. 18 Runtime Permission • Support in M • Dangerous permissions can be granted/revoked in runtime. • Other permission will be granted in installation automatically. • Only has to grant permission once per app for each permission group. • No difference for permission enforce
  • 19. 19 Runtime Permission - Revoke Before M: Not allowed From M: Revocable from Settings.
  • 20. 20 Runtime Permission - Caller • Always Check for Permissions • Handle Lack of Permissions Gracefully if (checkSelfPermission(Manifest.permission.READ_CONTACTS) != PackageManager.PERMISSION_GRANTED) { if (shouldShowRequestPermissionRationale( Manifest.permission.READ_CONTACTS)) { } requestPermissions(new String[]{Manifest.permission.READ_CONTACTS}, MY_PERMISSIONS_REQUEST_READ_CONTACTS); return; }

Editor's Notes

  1. When the application given a pending intent triggers the actual intent, it does so with the same permissions and the identity as the application that created the pending intent