权限的目的为了保护用户隐私,应用在访问一些敏感数据时,必须事先取得用户授权后才能使用,比如:比如读取sdcard、访问通讯录等。
在Android6.0之前的设备上,系统不会提醒用户正在获取的权限。一旦安装应用,就意味着该应用所需的所有权限均已经得到授权。在这种情况下应用可以自由收集用户隐私信息。或者随意发送短信。为了解决这个问题在Android6.0之后的设备上,应用需要动态授权,当需要使用某个权限时,会弹出一个提醒框来征求用户意见,只有取得用户同意后才能继续使用。
android中所有的预定义权限(不包括厂商自定义的)都可以在Manifest.permission这个静态类中找到定义,android把权限分为三大类:普通权限、危险权限、特殊权限,每一种类型的权限都分配一个对应的Protection Level,分别为:normal、dangerous、appop和signature等,下面简单介绍一下这几种类型的权限:
普通权限也叫正常权限,Protection Level为normal,它不需要动态申请,你只需要在AndroidManifest.xml中静态地声明,然后系统在应用安装时就会自动的授予该应用相应的权限,当应用获得授权时,它就可以访问应用沙盒外受该普通权限保护地数据或操作,这些数据或操作不会泄漏或篡改用户的隐私,对用户或其他应用几乎没有风险。
危险权限也叫运行时权限,Protection Level为dangerous,跟普通权限相反,一旦应用获取了该类权限,用户的隐私数据就会面临被泄露或篡改的风险,所以如果你想使用该权限保护的数据或操作,就必须在AndroidManifest.xml中静态地声明需要用到的危险权限,并在访问这些数据或操作前动态的申请权限,系统就会弹出一个权限请求弹窗征求用户的同意,除非用户同意该权限,否则你不能使用该权限保护的数据或操作。
所有的危险权限都有对应的权限组,android预定义了15个权限组(根据android 14总结),这15个权限组中包含了41个危险权限和几个普通权限,当我们动态的申请某个危险权限时,都是按权限组申请的,当用户一旦同意授权该危险权限,那么该权限所对应的权限组中的其他在AndroidManifest.xml中注册的权限也会同时被授权,android预定义的15个权限组包含的危险权限如下:
权限组名 | 引入版本 | API | 权限 | 引入版本 | API |
---|---|---|---|---|---|
ACTIVITY_RECOGNITION(识别用户活动) | 10.0(Q) | 29 | ACTIVITY_RECOGNITION | 10.0(Q) | 29 |
CALENDAR(日历) | 4.2(Jelly Bean) | 17 | READ_CALENDAR | 1.0(Base) | 1 |
WRITE_CALENDAR | 1.0(Base) | 1 | |||
CALL_LOG(通话记录) | 9.0(Pie) | 28 | PROCESS_OUTGOING_CALLS | 1.0(Base)+10.0(Q)- | 1+ 29- |
READ_CALL_LOG | 4.1(Jelly Bean) | 16 | |||
WRITE_CALL_LOG | 4.1(Jelly Bean) | 16 | |||
CAMERA(相机) | 4.2(Jelly Bean) | 17 | CAMERA | 1.0(Base) | 1 |
CONTACTS(联系人) | 6.0(Marshmallow) | 23 | READ_CONTACTS | 1.0(Base) | 1 |
GET_ACCOUNTS | 1.0(Base) | 1 | |||
WRITE_CONTACTS | 1.0(Base) | 1 | |||
LOCATION(位置) | 1.0(Base) | 1 | ACCESS_BACKGROUND_LOCATION | 10.0(Q) | 29 |
ACCESS_COARSE_LOCATION | 1.0(Base) | 1 | |||
ACCESS_FINE_LOCATION | 1.0(Base) | 1 | |||
MICROPHONE(麦克风) | 4.2(Jelly Bean) | 17 | RECORD_AUDIO | 1.0(Base) | 1 |
NEARBY_DEVICES(附近的蓝牙设备) | 12.0(S) | 31 | BLUETOOTH_ADVERTISE | 12.0(S) | 31 |
BLUETOOTH_CONNECT | 12.0(S) | 31 | |||
BLUETOOTH_SCAN | 12.0(S) | 31 | |||
NOTIFICATIONS(通知) | 13.0(Tiramisu) | 33 | POST_NOTIFICATIONS | 13.0(Tiramisu) | 33 |
PHONE(手机) | 6.0(Marshmallow) | 23 | ACCEPT_HANDOVER | 9.0(Pie) | 28 |
ADD_VOICEMAIL | 4.0(IceCreamSandwich) | 14 | |||
ANSWER_PHONE_CALLS | 8.0(Oreo) | 26 | |||
CALL_PHONE | 1.0(Base) | 1 | |||
READ_PHONE_NUMBERS | 8.0(Oreo) | 26 | |||
READ_PHONE_STATE | 1.0(Base) | 1 | |||
USE_SIP | 2.3(Gingerbread) | 9 | |||
READ_MEDIA_AURAL(读取音频) | 13.0(Tiramisu) | 33 | |||
READ_MEDIA_VISUAL(读取图像和视频) | 13.0(Tiramisu) | 33 | |||
SENSORS(传感器) | 6.0(Marshmallow) | 23 | BODY_SENSORS | 4.4W(KitKat Wear) | 20 |
BODY_SENSORS_BACKGROUND | 13.0(Tiramisu) | 33 | |||
SMS(短信) | 6.0(Marshmallow) | 23 | READ_SMS | 1.0(Base) | 1 |
RECEIVE_MMS | 1.0(Base) | 1 | |||
RECEIVE_SMS | 1.0(Base) | 1 | |||
RECEIVE_WAP_PUSH | 1.0(Base) | 1 | |||
SEND_SMS | 1.0(Base) | 1 | |||
STORAGE(存储卡) | 1.6(Donut) | 4 | READ_EXTERNAL_STORAGE | 4.1(Jelly Bean) | 16 |
READ_MEDIA_AUDIO | 13.0(Tiramisu) | 33 | |||
READ_MEDIA_IMAGES | 13.0(Tiramisu) | 33 | |||
READ_MEDIA_VIDEO | 13.0(Tiramisu) | 33 | |||
READ_MEDIA_VISUAL_USER_SELECTED | 14.0 | 34 | |||
WRITE_EXTERNAL_STORAGE | 1.6(Donut) | 4 | |||
无 | ACCESS_MEDIA_LOCATION | 10.0(Q) | 29 | ||
NEARBY_WIFI_DEVICES | 13.0(Tiramisu) | 33 | |||
UWB_RANGING | 12.0(S) | 31 |
特殊权限用于保护一些特定的应用程序操作,Protection Level为appop(应用操作)、installer(安装程序)、role(职责)、privileged(特权)、signature(签名)等。
Protection Level为appop,使用前也需要在AndroidManifest.xml中静态地声明,也需要动态的申请,但是它不同于危险权限的申请,危险权限的申请会弹出一个对话框询问你是否同意,而此权限的申请需要跳转到指定的设置界面,让你手动点击toggle按钮确认是否同意
Protection Level为signature,只对拥有相同签名的应用开放,它也不需要动态申请,例如应用A在AndroidManifest.xml中自定义了一个permission且在权限标签中加入android:protectionLevel=”signature”,表示应用A声明了一个签名权限,那么应用B想要访问应用A受该权限保护的数据时,必须要在AndroidManifest.xml中声明该权限,同时要用与应用A相同的签名打包,这样系统在应用B安装时才会自动地授予应用B该权限,应用B在获得授权后就可以访问该权限控制的数据,其他应用即使知道这个权限,也在AndroidManifest.xml中声明了该权限,但由于应用签名不同,安装时系统不会授予它该权限,这样其他应用就无法访问受该权限保护的数据。
还有一些签名权限不会供第三方应用程序使用,只会供系统预装应用使用,这种签名权限的Protection Level为signature和privileged。
以下列出所有特殊权限(根据android 14总结,按照appop、installer、role、privileged、signature顺序列出)
权限 | 引入版本 | API | Protection Level |
---|---|---|---|
FOREGROUND_SERVICE_SPECIAL_USE | 14.0 | 34 | normal|appop|instant |
INSTANT_APP_FOREGROUND_SERVICE | 8.0(Oreo) | 26 | signature|development|instant|appop |
LOADER_USAGE_STATS | 11.0(R) | 30 | signature|privileged|appop |
MANAGE_EXTERNAL_STORAGE | 11.0(R) | 30 | signature|appop|preinstalled |
MANAGE_MEDIA | 12.0(S) | 31 | signature|appop|preinstalled |
MANAGE_ONGOING_CALLS | 12.0(S) | 31 | signature|appop |
PACKAGE_USAGE_STATS | 6.0(Marshmallow) | 23 | signature|privileged|development|appop|retailDemo |
SCHEDULE_EXACT_ALARM | 12.0(S) | 31 | signature|privileged|appop |
SMS_FINANCIAL_TRANSACTIONS | 10.0(Q)+12.0(S)- | 29+31- | signature|appop |
SYSTEM_ALERT_WINDOW | 1.0(Base) | 1 | signature|setup|appop|installer|pre23|development |
USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER | 12.0(S) | 31 | signature|appop |
WRITE_SETTINGS | 1.0(Base) | 1 | signature|preinstalled|appop|pre23 |
START_VIEW_APP_FEATURES | 13.0(Tiramisu) | 33 | signature|installerinstaller |
START_VIEW_PERMISSION_USAGE | 10.0(Q) | 29 | signature|installer |
PROVIDE_REMOTE_CREDENTIALS | 14.0 | 34 | signature|privileged|role |
READ_VOICEMAIL | 5.0(Lollipop) | 21 | signature|privileged|role |
WRITE_VOICEMAIL | 5.0(Lollipop) | 21 | signature|privileged|role |
EXECUTE_APP_ACTION | 14.0 | 34 | internal|role |
LAUNCH_CAPTURE_CONTENT_ACTIVITY_FOR_NOTE | 14.0 | 34 | internal|role |
MANAGE_DEVICE_LOCK_STATE | 14.0 | 34 | internal|role |
PROVIDE_OWN_AUTOFILL_SUGGESTIONS | 14.0 | 34 | internal|role |
SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE | 13.0(Tiramisu) | 33 | signature|role |
SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE | 13.0(Tiramisu) | 33 | signature|role |
READ_ASSISTANT_APP_SEARCH_DATA | 13.0(Tiramisu) | 33 | role |
READ_HOME_APP_SEARCH_DATA | 13.0(Tiramisu) | 33 | role |
BATTERY_STATS | 1.0(Base) | 1 | signature|privileged|development |
CHANGE_CONFIGURATION | 1.0(Base) | 1 | signature|privileged|development |
BIND_CALL_REDIRECTION_SERVICE | 10.0(Q) | 29 | signature|privileged |
BIND_CARRIER_SERVICES | 6.0(Marshmallow) | 23 | signature|privileged |
BIND_INCALL_SERVICE | 6.0(Marshmallow) | 23 | signature|privileged |
BIND_REMOTEVIEWS | 3.0(Honeycomb) | 11 | signature|privileged |
BIND_SCREENING_SERVICE | 7.0(Nougat) | 24 | signature|privileged |
BIND_TELECOM_CONNECTION_SERVICE | 6.0(Marshmallow) | 23 | signature|privileged |
BIND_TV_INPUT | 5.0(Lollipop) | 21 | signature|privileged |
BIND_TV_INTERACTIVE_APP | 13.0(Tiramisu) | 33 | signature|privileged |
BIND_VISUAL_VOICEMAIL_SERVICE | 8.0(Oreo) | 26 | signature|privileged |
BIND_WALLPAPER | 2.2(Froyo) | 8 | signature|privileged |
CLEAR_APP_CACHE | 1.0(Base) | 1 | signature|privileged |
DELETE_CACHE_FILES | 1.0(Base) | 1 | signature|privileged |
GET_ACCOUNTS_PRIVILEGED | 6.0(Marshmallow) | 23 | signature|privileged |
GLOBAL_SEARCH | 1.6(Donut) | 4 | signature|privileged |
BLUETOOTH_PRIVILEGED | 4.4(KitKat) | 19 | privileged |
CALL_PRIVILEGED | 1.0(Base) | 1 | privileged |
MANAGE_WIFI_NETWORK_SELECTION | 13.0(Tiramisu) | 33 | privileged |
START_FOREGROUND_SERVICES_FROM_BACKGROUND | 12.0(S) | 31 | privileged |
BIND_ACCESSIBILITY_SERVICE | 4.1(Jelly Bean) | 16 | signature |
BIND_AUTOFILL_SERVICE | 8.0(Oreo) | 26 | signature |
BIND_CARRIER_MESSAGING_CLIENT_SERVICE | 10.0(Q) | 29 | signature |
BIND_CHOOSER_TARGET_SERVICE | 6.0(Marshmallow)+11.0(R)- | 23+30- | signature |
BIND_CONDITION_PROVIDER_SERVICE | 7.0(Nougat) | 24 | signature |
BIND_CREDENTIAL_PROVIDER_SERVICE | 14.0 | 34 | signature |
BIND_DEVICE_ADMIN | 2.2(Froyo) | 8 | signature |
BIND_DREAM_SERVICE | 5.0(Lollipop) | 21 | signature |
BIND_INPUT_METHOD | 1.5(Cupcake) | 3 | signature |
BIND_MIDI_DEVICE_SERVICE | 6.0(Marshmallow) | 23 | signature |
BIND_NFC_SERVICE | 4.4(KitKat) | 19 | signature |
BIND_NOTIFICATION_LISTENER_SERVICE | 4.3(Jelly Bean) | 18 | signature |
BIND_PRINT_SERVICE | 4.4(KitKat) | 19 | signature |
BIND_QUICK_ACCESS_WALLET_SERVICE | 11.0(R) | 30 | signature |
BIND_TEXT_SERVICE | 4.0(IceCreamSandwich) | 14 | signature |
BIND_VOICE_INTERACTION | 5.0(Lollipop) | 21 | signature |
BIND_VPN_SERVICE | 4.0(IceCreamSandwich) | 14 | signature |
BIND_VR_LISTENER_SERVICE | 7.0(Nougat) | 24 | signature |
REQUEST_INSTALL_PACKAGES | 6.0(Marshmallow) | 23 | signature |