Free Shipping

Secure Payment

easy returns

24/7 support

  • Home
  • Blog
  • Read App Permissions Carefully – May Lead to Security Issue

Read App Permissions Carefully – May Lead to Security Issue

 July 8  | 0 Comments

Have you inadvertently given app permissions and as a consequence your phone has crashed? Well, it is time for you to know which permissions to give to apps and which should not be given.

In addition, this blog is for users of mobile phones as well as app developers who want to know more about the Android Permissions & their consequences. It is also about deciding which permissions an app should ask and including them while developing the app.

It is rather essential to know the basic Android app permissions, their protection levels, and consequences. These are illustrated here along with examples of the Android applications. Permissions determine whether an app can access a specific feature of your phone by allowing it to share with other users or apps.

Suppose user-1 wants to share a specific folder in a network & he has set the permissions to – read only for others. Now user-2 wants to edit the shared folder, then he has to send the request to the user-1 to permit access. Once user-1 accepts the request, then user-2 can edit it.

Now let’s discuss about permissions in Android & their protection level. Application developers will specify the permissions in the app for protecting important and valuable data that is stored in the Android mobile. Some of the Android permissions are Internet Connection Permissions, Location Sharing Permission etc.

Here, shown below is a code snippet that developers can use for specifying permissions in an Android app in the Android manifest file which acts as a metadata for your application.

<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.app.myapp" >
    <uses-permission
android:name="android.permission.RECEIVE_SMS" />
...
</manifest>

DangerousNormal Application security depends upon the attribute android:protectionLevel. This protection level values are categorized into four categories:

  • Normal Permissions
  • Dangerous Permissions
  • Signature Permissions
  • SignatureOrSystem Permissions

 

But mainly there are two important permissions: Normal and Dangerous permissions

  • Normal Permissions: Normal permissions are low-risk permissions that one application gives to other applications. This also means that the other application and the user are at minimal risk. The system automatically grants this type of permissions to a requesting app at the time of app installation, without asking for the user’s explicit approval. For example, Internet Access Permissions.

 

  • Dangerous Permissions: These permissions usually ask the user explicitly to give approval at the time of installing the app. These permissions involve accessing user’s private information i.e. the user’s stored data in the mobile, or server data storage. For example, Location sharing permissions, Camera Permissions etc.
    Shown in tables below are the list of normal & dangerous permissions in Android along with the code snippet, its description and consequences.An Example for Giving App Permission.

 Example

As a developer you might want to check that the Internet is connected, as you might be required to do some operations like sending & retrieving data. For this you need to set a permission in the AndroidManifest.xml file as shown below:

<uses-permission android:name="android.permission.INTERNET" />

Let’s create a file MainActivity.java where we will add relevant permission code. You should add code in the MainActivity.java class  as shown below:

btnInternet.setOnClickListener(new
View.OnClickListener() {
@Override
public void onClick(View v) {
ConnectivityManager connectivityManager = (ConnectivityManager)
this.getSystemService(Context.CONNECTIVITY_SERVICE);
NetworkInfo activeNetworkInfo =
connectivityManager.getActiveNetworkInfo();
if (activeNetworkInfo != null && activeNetworkInfo.isConnected())
{
}
else {
//Toast.makeText(this, "Internet Connection Is
Required", Toast.LENGTH_LONG).show();
Log.d("Intenet Connection","Internet connection
required");
}
}
});

Note:If you don’t set the permission in manifest.xml file then your App will not  respond & will show force close option to the app user as shown in below image: 

As a developer you can check your log for its respective error to resolve it.

 

Conclusion

Whenever permissions are added at the time of developing an app, it is imperative that only those permissions be added which are crucial and necessary for the app to work efficiently.

From users perspective, a user may not understand what a permission entails hence he or she should be in a position to verify the details of the permission. It is suggested that this information be provided by the developer in the Google PlayStore or Amazon App store.

An example scenario to provide apt permissions is: If you need to collect videos on your app and post the results to the server, then you need the internet permission. So only this permission is mandated here. But if your app is just a calculator app, then for sure, the users are going to be confused if internet permission is asked.

Thus, developers need to be judicious in providing permissions to apps and should therefore only include those which are apt for that app.

Keep visiting our site AcadGld for more updates on Android and other technologies.

 

>