When installing an application, the application lists permissions that it needs to perform its functions.
I am creating this list of the the system defined permissions and a description of what they mean. It is a community wiki so if new permissions are added in the future they can be added to this list.
Answer
This is all the available permissions that an application can require. Of this list, there are some that can only be "requested" by "System" applications. Applications that are not system applications will not be able to request permissions to "System Permissions". Only applications that are in the /system/app location and signed with the System key can request these specific system permissions.
These are the names that are used by the developer of the application to request the permission, but the name that is displayed when installing should have some similar wording to the name.
Permissions
- ACCESS_CHECKIN_PROPERTIES
- Allows read/write access to the "properties" table in the (Unix security) checkin database, to change values that get uploaded.
- Group: LOCATION
- Level: SYSTEM
- ACCESS_COARSE_LOCATION
- Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.
- Group: LOCATION
- This permission is usually used by applications that display location based ads by publishers like Admob (Google).
- ACCESS_FINE_LOCATION
- Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.
- Group: LOCATION
- This permission can be used by applications that display location based ads by publishers like Admob (Google). It is also used by applications that want your exact location. Examples would be Navigation applications, "Check-In" apps like 4square.
- ACCESS_LOCATION_EXTRA_COMMANDS
- Allows an application to access extra location provider commands.
A good example for poor documentation, as even books on Android application development state: The Android documentation doesn’t tell us which location commands are “extra,” so we’ll ask for all of them. - Group: LOCATION
- Allows an application to access extra location provider commands.
- ACCESS_MOCK_LOCATION
- Allows an application to create mock location providers for testing, and is intended for development use in e.g. the Android Emulator (to save the dev from having to run around to check if positions are displayed correctly). Cases where this is needed in an app ready for endusers should be rare.
- This allows an application to fake the location information.
- Group: LOCATION
- ACCESS_NETWORK_STATE
- Allows applications to access information about networks.
- Information including if a network is available (or just connecting), what type of network the device is connected to, if any (WiFi, 3G, LTE), if it's in Roaming, and also reasons for a failed connection attempt (if any).
- Good use: The application may check the state of your connection before trying to access the internet, and e.g. restrict itself to WiFi for some actions.
- Bad use: Only in combination with other permissions (e.g. data collection for profiling).
- Group: NETWORK
- ACCESS_SURFACE_FLINGER
- Allows an application to use SurfaceFlinger's low level features.
SurfaceFlinger is part of Android's media framework. It provides a compositor which takes care for rendering in frame buffers (so this has to do with graphics). - Group: SYSTEM_TOOLS
- Level: SYSTEM
- Allows an application to use SurfaceFlinger's low level features.
- ACCESS_WIFI_STATE
- Allows applications to access information about Wi-Fi networks
- Group: NETWORK
- This could be requested by any application that uses internet access. The application may check the state of your connection before trying to access the internet.
- Good/Bad use: See ACCESS_NETWORK_STATE above.
- ACCOUNT_MANAGER
- Allows applications to call into AccountAuthenticators. Only the system can get this permission.
An account-manager is the service working behind the scenes and taking care everything works as expected. - Group: ACCOUNTS
- Level: SYSTEM
- This permission is reserved for system apps.
- Allows applications to call into AccountAuthenticators. Only the system can get this permission.
- ADD_VOICEMAIL (4.0+)
- Allows an application to add voicemails into the system.
- Group: PERSONAL_INFO
- AUTHENTICATE_ACCOUNTS
- Allows an application to act as an AccountAuthenticator for the AccountManager
- Group: ACCOUNTS
- This is for applications that would authenticate you to their service.
An app using this permission usually provides an interface to deal with a certain account type (which is not known by the pre-installed Android system), such as Dropbox. As shipped, Android does not know how to login to Dropbox and how to deal with a Dropbox account – so the Dropbox app provides the mechanism. Additionally, an "account authenticator" might restrict the actions an app can perform with the account (so it would e.g. be possible to administrate this via some web interface offered by the service).
- BATTERY_STATS
- Allows an application to collect battery statistics
- Battery widgets and other battery information tools use this permission
- Group: SYSTEM_TOOLS
- BIND_APPWIDGET
- Allows an application to tell the AppWidget service which application can access AppWidget's data. The normal user flow is that a user picks an AppWidget to go into a particular host, thereby giving that host application access to the private data from the AppWidget app. An application that has this permission should honor that contract. Very few applications should need to use this permission.
- Group: PERSONAL_INFO
- Level: SYSTEM
- BIND_DEVICE_ADMIN (2.2+)
- Must be required by device administration receiver, to ensure that only the system can interact with it.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- BIND_INPUT_METHOD
- Must be required by an InputMethodService, to ensure that only the system can bind to it.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- BIND_REMOTEVIEWS (3.0+)
- Must be required by a RemoteViewsService, to ensure that only the system can bind to it.
- Level: SYSTEM
- BIND_TEXT_SERVICE (4.0+)
- Must be required by a TextService (e.g. SpellCheckerService) to ensure that only the system can bind to it.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- BIND_VPN_SERVICE (4.0+)
- Must be required by a Vpn Service, to ensure that only the system can bind to it.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- BIND_WALLPAPER (2.2+)
- Must be required by a WallpaperService, to ensure that only the system can bind to it.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- BIND_*
- many more like the above for different services, like NFC, PrintService, and others
- BLUETOOTH
- Allows applications to connect to paired bluetooth devices
- Group: NETWORK
- BLUETOOTH_ADMIN
- Allows applications to discover and pair bluetooth devices
- Group: SYSTEM_TOOLS
- BLUETOOTH_PRIVILEGED (4.4+)
- Allows applications to pair bluetooth devices without user interaction. This is not available to third party applications.
- BRICK
- Required to be able to disable the device
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- BROADCAST_PACKAGE_REMOVED
- Allows an application to broadcast a notification that an application package has been removed.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- BROADCAST_SMS
- Allows an application to broadcast an SMS receipt notification
- Group: MESSAGES
- Level: SYSTEM
- BROADCAST_STICKY
- Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast.
- Group: SYSTEM_TOOLS
- BROADCAST_WAP_PUSH
- Allows an application to broadcast a WAP PUSH receipt notification
- Group: MESSAGES
- Level: SYSTEM
- CALL_PHONE
- Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
- Group: COST_MONEY
- This will allow the application to "prompt" you to place a call. You will not have to enter the number, but you will have to place the "call" button. You will be able to see the number that is being called.
- CALL_PRIVILEGED
- Allows an application to call any phone number, including emergency numbers, without going through the Dialer user interface for the user to confirm the call being placed.
- Group: MESSAGES
- Level: SYSTEM
- CAMERA
- Required to be able to access the camera device.
- Group: HARDWARE_CONTROLS
- Any application that uses the rear or front cameras.
- CAPTURE_AUDIO_OUTPUT (4.4+)
- Allows an application to capture audio output. Not for use by third-party applications.
- CAPTURE_SECURE_VIDEO_OUTPUT (4.4+)
- Allows an application to capture secure video output. Not for use by third-party applications.
- CAPTURE_VIDEO_OUTPUT (4.4+)
- Allows an application to capture video output. Not for use by third-party applications.
- CHANGE_COMPONENT_ENABLED_STATE
- Allows an application to change whether an application component (other than its own) is enabled or not.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- CHANGE_CONFIGURATION
- Allows an application to modify the current configuration, such as locale.
- Group: SYSTEM_TOOLS
- CHANGE_NETWORK_STATE
- Allows applications to change network connectivity state
- Group: SYSTEM_TOOLS
- CHANGE_WIFI_MULTICAST_STATE
- Allows applications to enter Wi-Fi Multicast mode
- Group: SYSTEM_TOOLS
- CHANGE_WIFI_STATE
- Allows applications to change Wi-Fi connectivity state
- Group: SYSTEM_TOOLS
- CLEAR_APP_CACHE
- Allows an application to clear the caches of all installed applications on the device.
- Group: SYSTEM_TOOLS
- CLEAR_APP_USER_DATA
- Allows an application to clear user data
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- CONTROL_LOCATION_UPDATES
- Allows enabling/disabling location update notifications from the radio. Not for use by normal applications.
- Group: LOCATION
- Level: SYSTEM
- DELETE_CACHE_FILES
- Allows an application to delete cache files.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- DELETE_PACKAGES
- Allows an application to delete packages.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- DEVICE_POWER
- Allows low-level access to power management
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- DIAGNOSTIC
- Allows applications to RW to diagnostic resources.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- DISABLE_KEYGUARD
- Allows applications to disable the keyguard
- Group: SYSTEM_TOOLS
- DUMP
- Allows an application to retrieve state dump information from system services.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- EXPAND_STATUS_BAR
- Allows an application to expand or collapse the status bar.
- Group: SYSTEM_TOOLS
- FACTORY_TEST
- Run as a manufacturer test application, running as the root user. Only available when the device is running in manufacturer test mode.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- FLASHLIGHT
- Allows access to the flashlight
- Group: HARDWARE_CONTROLS
- Allows application to control the LED flash from the camera and have it act like a flashlight.
- FORCE_BACK
- Allows an application to force a BACK operation on whatever is the top activity.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- GET_ACCOUNTS
- Allows access to the list of accounts in the Accounts Service
- Applications that require some type of authentication from accounts that are "connected" to the device. A list of the accounts are ususally displayed so you can choose the account to use with the application. To really use those credentials, the
USE_CREDENTIALS
permission is required. - Group: ACCOUNTS
- also see: What does “discover known accounts” permission mean?
- GET_PACKAGE_SIZE
- Allows an application to find out the space used by any package.
- Group: SYSTEM_TOOLS
- GET_TASKS
- Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc. Bad cop: spy for possible security leaks (vulnerable apps), data collection. Good cop: check whether the app's own service is running, show recently used apps (task-switcher), provide app-specific behaviour (eg orientation manager tools).
- Group: SYSTEM_TOOLS
- GET_TOP_ACTIVITY_INFO (4.3+)
- Allows an application to retrieve private information about the current top activity, such as any assist context it can provide. Not for use by third-party applications.
- GLOBAL_SEARCH
- This permission can be used on content providers to allow the global search system to access their data. Typically it used when the provider has some permissions protecting it (which global search would not be expected to hold), and added as a read-only permission to the path in the provider where global search queries are performed. This permission can not be held by regular applications; it is used by applications to protect themselves from everyone else besides global search.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- HARDWARE_TEST
- Allows access to hardware peripherals. Intended only for hardware testing
- Group: HARDWARE_CONTROLS
- INJECT_EVENTS
- Allows an application to inject user events (keys, touch, trackball) into the event stream and deliver them to ANY window. Without this permission, you can only deliver events to windows in your own process. Very few applications should need to use this permission.
- Group: SYSTEM_TOOLS
- Level: SYSTEM (or APPLICATION ONLY)
- INSTALL_LOCATION_PROVIDER
- Allows an application to install a location provider into the Location Manager
- Group: LOCATION
- INSTALL_PACKAGES
- Allows an application to install packages.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- INSTALL_SHORTCUT (4.4+)
- Allows an application to install a shortcut in Launcher (Homescreen)
- INTERACT_ACROSS_USERS (4.4+?)
- Allows an application to call APIs that allow it to do interactions across the users on the device, using singleton services and user-targeted broadcasts. This permission is not available to third party applications.
- Group: SYSTEM_TOOLS
- Level: SIGNATURE_OR_SYSTEM
- also see this answer
- INTERNAL_SYSTEM_WINDOW
- Allows an application to open windows that are for use by parts of the system user interface. Not for use by third party apps.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- INTERNET
- Allows applications to open network sockets.
- Group: NETWORK
- Any application that accesses the internet for any reason will have to request this permission.
- KILL_BACKGROUND_PROCESSES (2.2+)
- Allows an application to call
killBackgroundProcesses
- Group: SYSTEM_TOOLS
- Allows an application to call
- LOCATION_HARDWARE (4.3+)
- Allows an application to use location features in hardware, such as the geofencing api. Not for use by third-party applications.
- MANAGE_ACCOUNTS
- Allows an application to manage the list of accounts in the AccountManager
- Group: ACCOUNTS
- This permission allows an application to add/remove accounts in the account manager. Like when you log in to facebook, it adds your account to the Account Manager accounts. For further details, see: What does permission “MANAGE_ACCOUNTS” mean?, and also the AccountManager Documentation on the Android Developers site.
- MANAGE_APP_TOKENS
- Allows an application to manage (create, destroy, Z-order) application tokens in the window manager. This is only for use by the system.
- Group: ACCOUNTS
- Level: SYSTEM
- MANAGE_DOCUMENTS (4.4+)
- Allows an application to manage access to documents, usually as part of a document picker.
- MANAGE_USB
- Allows an application to manage preferences and permissions for USB devices
- Group: HARDWARE_CONTROLS
- Level: SYSTEM
- MANAGE_MTP
- Allows an application to access the MTP USB kernel driver. For use only by the device side MTP implementation.
- Group: HARDWARE_CONTROLS
- Level: SYSTEM
- MASTER_CLEAR
- Level: SYSTEM
- MEDIA_CONTENT_CONTROL (4.4+)
- Allows an application to know what content is playing and control its playback. Not for use by third-party applications due to privacy of media consumption
- MODIFY_AUDIO_SETTINGS
- Allows an application to modify global audio settings
- Group: HARDWARE_CONTROLS
- MODIFY_PHONE_STATE
- Allows modification of the telephony state - power on, mmi, etc. Does not include placing calls.
- Group: PHONE_CALLS
- Level: System
- MOUNT_FORMAT_FILESYSTEMS
- Allows formatting file systems for removable storage
- Group: SYSTEM_TOOLS
- MOUNT_UNMOUNT_FILESYSTEMS
- Allows mounting and unmounting file systems for removable storage
- Group: SYSTEM_TOOLS
- NFC (2.3+)
- Allows applications to perform I/O operations over NFC
- Group: NETWORK
- PERSISTENT_ACTIVITY
- Allow an application to make its activities persistent.
deprecated
- Group: SYSTEM_TOOLS
- Allow an application to make its activities persistent.
- PROCESS_OUTGOING_CALLS
- Allows an application to monitor, modify, or abort outgoing calls.
- Group: PHONE_CALLS
- READ_CALENDAR
- Allows an application to read the user's calendar data.
- Group: PERSONAL_INFO
- READ_CALL_LOG (4.1+)
- Allows an application to read the system's call log that contains information about incoming and outgoing calls.
- READ_CONTACTS
- Allows an application to read the user's contacts data.
- Group: PERSONAL_INFO
- Check the app permission.READ_CONTACTS to see what informations can be obtained with this permission.
- READ_CONTENT_PROVIDER
- Access mail information
- Group: MESSAGES
- This is primarily for access to information on Mails in Gmail. Developers can use this content provider to display label information to the user.
- also see: What lurks behind these Gmail/GTalk permissions?
- READ_EXTERNAL_STORAGE (4.1+)
- Provides protected read access to external storage. In Android 4.1 by default all applications still have read access. This changed with Android 4.4 (API level 19), which now requires that applications explicitly request read access using this permission. If an application already requests write access, it will automatically get read access as well.
- Group: STORAGE
- READ_FRAME_BUFFER
- Allows an application to take screen shots and more generally get access to the frame buffer data
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- READ_GMAIL
- READ_HISTORY_BOOKMARKS
- Allows an application to read (but not write) the user's browsing history and bookmarks.
- Group: PERSONAL_INFO
- Check the app READ_HISTORY_BOOKMARKS App. to see what information can be obtained with this permission.
- READ_INPUT_STATE
- Allows an application to retrieve the current state of keys and switches. This is only for use by the system.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- READ_LOGS
- Allows an application to read the low-level system log files. Log entries can contain the user's private information
- Group: PERSONAL_INFO
- No longer granted to user apps starting with Android 4.2+ (user apps can now only see their own log entries). Work-arounds are possible on rooted devices.
- For details, see: Read logs from all apps on android from within an app for android 4.2+
- READ_OWNER_DATA
- READ_PHONE_STATE
- Allows read only access to phone state.
- Group: PHONE_CALLS
- This permission gives access to your device's identifiers (IMEI/IMSI), SIM ID, voice mailbox number, your phone number and, if a call is in progress, the remote number. It's not required for things like call state (whether a call is in progress/pending), network operator, or the network provider used – according to the app permission.READ_PHONE_STATE, which shows what this permission is needed for (and what not)
- automatically granted to apps targeted at Android 1.6 or before
- good use: ???
- bad use: you can be tracked across networks via your IMSI/IMEI/phone number
- neutral use: targeted ads (service can see what ads have already been displayed on your device, and don't need to be displayed again, for example)
- See also:
- READ_PROFILE (4.0+)
- Allows an application to read the user's personal profile data.
- Group: PERSONAL_INFO
- READ_SECURE_SETTINGS
- Allows an application to read the secure system settings.
- Group: HARDWARE_CONTROLS
- READ_SMS
- Allows an application to read SMS messages.
- Group: MESSAGES
- Check the app permission.READ_SMS to see what information can be obtained with this permission.
- READ_SOCIAL_STREAM (4.0+)
- Allows an application to read from the user's social stream.
- Group: PERSONAL_INFO
- READ_SYNC_SETTINGS
- Allows applications to read the sync settings
- Group: SYSTEM_TOOLS
- READ_SYNC_STATS
- Allows applications to read the sync stats
- Group: SYSTEM_TOOLS
- READ_USER_DICTIONARY (4.1+)
- Allows an application to read the user dictionary. This should really only be required by an IME, or a dictionary editor like the Settings app.
- Group: PERSONAL_INFO
- REBOOT
- Required to be able to reboot the device
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- RECEIVE_BOOT_COMPLETED
- Allows an application to receive the
ACTION_BOOT_COMPLETED
that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user. - Group: SYSTEM_TOOLS
- Allows an application to receive the
- RECEIVE_EMERGENCY_BROADCAST
- Allows an application to receive emergency cell broadcast messages, to record or display them to the user. Reserved for system apps.
- Group: MESSAGES
- Level: SYSTEM
- Pending API council approval
- RECEIVE_MMS
- Allows an application to monitor incoming MMS messages, to record or perform processing on them.
- Group: MESSAGES
- RECEIVE_SMS
- RECEIVE_WAP_PUSH
- Allows an application to monitor incoming WAP push messages.
- Group: MESSAGES
- RECORD_AUDIO
- Allows an application to record audio
- Group: HARDWARE_CONTROLS
- REORDER_TASKS
- Allows an application to change the Z-order of tasks
- Group: SYSTEM_TOOLS
- RESTART_PACKAGES
deprecated
- No longer supported
- SEND_RESPOND_VIA_MESSAGE (4.3+)
- Allows an application (Phone) to send a request to other applications to handle the respond-via-message action during incoming calls. Not for use by third-party applications.
- SEND_SMS
- Allows an application to send SMS messages.
- Group: COST_MONEY
- SEND_SMS_NO_CONFIRMATION
- Allows an application to send SMS messages via the Messaging app with no user input or confirmation.
- Group: COST_MONEY
- Level: SYSTEM
- SET_ACTIVITY_WATCHER
- Allows an application to watch and control how activities are started globally in the system.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- SET_ALARM (2.3+)
- Allows an application to broadcast an Intent to set an alarm for the user.
- Group: PERSONAL_INFO
- SET_ALWAYS_FINISH
- Allows an application to control whether activities are immediately finished when put in the background.
- Group: DEVELOPMENT_TOOLS
- SET_ANIMATION_SCALE
- Modify the global animation scaling factor.
- Group: SYSTEM_TOOLS
- SET_DEBUG_APP
- Configure an application for debugging.
- Group: DEVELOPMENT_TOOLS
- SET_ORIENTATION
- Allows low-level access to setting the orientation (actually rotation) of the screen. Not for use by normal applications.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- SET_POINTER_SPEED (3.2+)
- Allows low-level access to setting the pointer speed. Not for use by normal applications.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- SET_PREFERRED_APPLICATIONS
deprecated
No longer useful- Group: SYSTEM_TOOLS
- SET_PROCESS_LIMIT
- Allows an application to set the maximum number of (not needed) application processes that can be running.
- Group: DEVELOPMENT_TOOLS
- SET_TIME (2.2+)
- Allows applications to set the system time
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- SET_TIME_ZONE
- Allows applications to set the system time zone
- Group: SYSTEM_TOOLS
- SET_WALLPAPER
- Allows applications to set the wallpaper
- Group: SYSTEM_TOOLS
- SET_WALLPAPER_HINTS
- Allows applications to set the wallpaper hints
- Group: SYSTEM_TOOLS
- SIGNAL_PERSISTENT_PROCESSES
- Allow an application to request that a signal be sent to all persistent processes
- Group: DEVELOPMENT_TOOLS
- STATUS_BAR
- Allows an application to open, close, or disable the status bar and its icons.
- Group: SYSTEM_TOOLS
- Level: SYSTEM
- SUBSCRIBED_FEEDS_READ
- Allows an application to read the subscribed feeds ContentProvider.
- Group: SYSTEM_TOOLS
- SUBSCRIBED_FEEDS_WRITE
- Allows an application to write to the subscribed feeds ContentProvider.
- Group: SYSTEM_TOOLS
- SYSTEM_ALERT_WINDOW
- Allows an application to open windows using the type
TYPE_SYSTEM_ALERT
, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user. - Group: SYSTEM_TOOLS
- Allows an application to open windows using the type
continue here
too many characters (Body is limited to 30000 characters), so it had to be split
No comments:
Post a Comment