1. iamgregor's Avatar
    When apps ask for permissions, what exactly does that all mean? What are the possible risks when it says it wants "phone state and identify"?

    Is there already a well written listing of what these mean somewhere?
    07-12-2012 09:19 PM
  2. jtcady's Avatar
    "A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails), reading or writing another application's files, performing network access, keeping the device awake, etc.

    Because Android sandboxes applications from each other, applications must explicitly share resources and data. They do this by declaring the permissions they need for additional capabilities not provided by the basic sandbox. Applications statically declare the permissions they require, and the Android system prompts the user for consent at the time the application is installed. Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.

    The application sandbox does not depend on the technology used to build an application. In particular the Dalvik VM is not a security boundary, and any app can run native code (see the Android NDK). All types of applications Java, native, and hybrid are sandboxed in the same way and have the same degree of security from each other." - from Developer Guide

    Here's a List
    07-12-2012 10:07 PM
  3. iamgregor's Avatar
    Sure that all makes sense and that list helps some, but what about any interpretation of what these permissions mean and the risks they could pose? For example: Allows read only access to phone state... meaning? The phone is on or off? Or something else? What else?

    How do I get the answer to these questions?
    07-13-2012 01:41 PM