Classification of permissions
There are many permissions in Android, but not all permissions are sensitive permissions. The Android 6.0 system begins to classify all permissions as follows:
Normal permissions
Normal permissions are areas where there is little risk to user privacy or other application operations. If an app declares that it needs a normal permission, the system automatically grants the app that permission.
In Android 8.1 (API level 27), the following permissions are classified as normal permissions:
ACCESS_LOCATION_EXTRA_COMMANDS
ACCESS_NETWORK_STATE
ACCESS_NOTIFICATION_POLICY
ACCESS_WIFI_STATE
BLUETOOTH
BLUETOOTH_ADMIN
BROADCAST_STICKY
CHANGE_NETWORK_STATE
CHANGE_WIFI_MULTICAST_STATE
CHANGE_WIFI_STATE
DISABLE_KEYGUARD
EXPAND_STATUS_BAR
GET_PACKAGE_SIZE
INSTALL_SHORTCUT
INTERNET
KILL_BACKGROUND_PROCESSES
MANAGE_OWN_CALLS
MODIFY_AUDIO_SETTINGS
NFC
READ_SYNC_SETTINGS
READ_SYNC_STATS
RECEIVE_BOOT_COMPLETED
REORDER_TASKS
REQUEST_COMPANION_RUN_IN_BACKGROUND
REQUEST_COMPANION_USE_DATA_IN_BACKGROUND
REQUEST_DELETE_PACKAGES
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
REQUEST_INSTALL_PACKAGES
SET_ALARM
SET_WALLPAPER
SET_WALLPAPER_HINTS
TRANSMIT_IR
USE_FINGERPRINT
VIBRATE
WAKE_LOCK
WRITE_SYNC_SETTINGS
Dangerous permissions
Dangerous permissions cover areas where an app requires data or resources that involve the user's private information, or may affect the user's stored data or the operation of other apps. If an app declares that it requires a dangerous permission, the user must explicitly grant that permission to the app.
Permission Group
Any permission can belong to a permission group, including normal permissions and dangerous permissions. The permission groups of dangerous permissions can be divided into the following 9 groups:
| Permission Group | Permission |
|---|---|
| CALENDAR | READ_CALENDAR WRITE_CALENDAR |
| CAMERA | CAMERA |
| CONTACTS | READ_CONTACTS WRITE_CONTACTS GET_ACCOUNTS |
| LOCATION | ACCESS_FINE_LOCATION ACCESS_COARSE_LOCATION |
| MICROPHONE | RECORD_AUDIO |
| PHONE | READ_PHONE_STATE READ_PHONE_NUMBERS CALL_PHONE READ_CALL_LOG WRITE_CALL_LOG ADD_VOICEMAIL USE_SIP PROCESS_OUTGOING_CALLS ANSWER_PHONE_CALLS |
| SENSORS | BODY_SENSORS |
| SMS | SEND_SMS RECEIVE_SMS READ_SMS RECEIVE_WAP_PUSH RECEIVE_MMS |
| STORAGE | READ_EXTERNAL_STORAGE WRITE_EXTERNAL_STORAGE |
When applying for dangerous permissions, you can apply for the permissions of the entire permission group together, so that the user experience is only given a pop-up box, and it is also compatible with all Android versions. Finally, don't forget to declare the permissions to apply for in the manifest file.
Signature permissions
The system will automatically grant the app signature permission when the app is installed, but there is a premise that the app that applies for the permission has the same signature as the app that defines the permission.
Some signature permissions cannot be used by third-party applications. In Android 8.1 (API level 27), third-party applications can use the following signature permissions:
BIND_ACCESSIBILITY_SERVICE
BIND_AUTOFILL_SERVICE
BIND_CARRIER_SERVICES
BIND_CHOOSER_TARGET_SERVICE
BIND_CONDITION_PROVIDER_SERVICE
BIND_DEVICE_ADMIN
BIND_DREAM_SERVICE
BIND_INCALL_SERVICE
BIND_INPUT_METHOD
BIND_MIDI_DEVICE_SERVICE
BIND_NFC_SERVICE
BIND_NOTIFICATION_LISTENER_SERVICE
BIND_PRINT_SERVICE
BIND_SCREENING_SERVICE
BIND_TELECOM_CONNECTION_SERVICE
BIND_TEXT_SERVICE
BIND_TV_INPUT
BIND_VISUAL_VOICEMAIL_SERVICE
BIND_VOICE_INTERACTION
BIND_VPN_SERVICE
BIND_VR_LISTENER_SERVICE
BIND_WALLPAPER
CLEAR_APP_CACHE
MANAGE_DOCUMENTS
READ_VOICEMAIL
REQUEST_INSTALL_PACKAGES
SYSTEM_ALERT_WINDOW
WRITE_SETTINGS
WRITE_VOICEMAIL
特殊权限(Special permissions)
There are many permissions that behave differently from both normal and dangerous permissions.
YSTEM_ALERT_WINDOW
WRITE_SETTINGS
These two permissions are special, they must be declared in the manifest, and an intent requesting user authorization should be sent. In response to this intent, the system will display the detailed administration screen to the user. That is to say, these two permissions cannot be obtained through the code application method, and the user must open the software setting page to open it manually before authorization.
permission application
In the click event, first call the ContextCompat.checkSelfPermission() method to check whether there is a phone permission. The return value of this method is PERMISSION_GRANTED or PERMISSION_DENIED, indicating authorized and unauthorized respectively. According to the return value, if there is no authorization, call the ActivityCompat.requestPermissions() method to initiate a permission request. The parameter CALL_PHONE_REQUEST_CODE is a custom request code, which will be used in the following onRequestPermissionsResult callback method. If you judge that you have permission, just call .
Then a pop-up box will pop up, displaying the permissions requested by the application. The user can choose to allow or deny, and the result of the selection will be processed in the onRequestPermissionsResult callback method.
The request method provided by the AndroidX package
The request method of the AndroidX package lacks the callback part, and the following is an example of making a call:
private ActivityResultLauncher<String> requestPermissionLauncher;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_second);
requestPermissionLauncher = registerForActivityResult(new ActivityResultContracts.RequestPermission(), isGranted -> {
if (isGranted) {
call();
} else {
Toast.makeText(this,"电话权限被拒绝",Toast.LENGTH_SHORT).show();
}
});
}
@RequiresApi(api = Build.VERSION_CODES.M)
public void secondCall(View view) {
if (ContextCompat.checkSelfPermission(this, Manifest.permission.CALL_PHONE) == PackageManager.PERMISSION_GRANTED) {
call();
} else if (shouldShowRequestPermissionRationale(Manifest.permission.CALL_PHONE)) {
DialogUtils.showDialog(this, new DialogClickListener() {
@Override
public void ok() {
requestPermissionLauncher.launch(Manifest.permission.CALL_PHONE);
}
});
} else {
requestPermissionLauncher.launch(Manifest.permission.CALL_PHONE);
}
}
private void call() {
Intent intent = new Intent(Intent.ACTION_CALL);
intent.setData(Uri.parse("tel://12345678"));
startActivity(intent);
}
Different from the previous ones, AndroidX does not need to rewrite the onRequestPermissionsResult method, but puts the processing result in the registerForActivityResult method, which returns an ActivityResultLauncher object, and uses the ActivityResultLauncher.launch() method to apply for permission, according to the isGranted field Determine whether the permission is authorized.
Application for Multiple Permissions
// 1、将String替换成String[]
private ActivityResultLauncher<String[]> requestPermissionLauncher;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_second);
// 2、将RequestPermission替换成RequestMultiplePermissions
requestPermissionLauncher = registerForActivityResult(new ActivityResultContracts.RequestMultiplePermissions(), map -> {
// 3、isGranted的类型由boolean变成map,map的键值对是<String,Boolean>
//String对应的是权限,Boolean对应的是是否授权,需要判断处理
if (map.size() > 0
&& map.get(Manifest.permission.CALL_PHONE)
&& map.get(Manifest.permission.CAMERA)
) {
call();
} else {
Toast.makeText(this,"电话权限被拒绝",Toast.LENGTH_SHORT).show();
}
});
}
@RequiresApi(api = Build.VERSION_CODES.M)
public void secondCall(View view) {
//4、检测权限也需要判断多个,用&&符号
if (ContextCompat.checkSelfPermission(this, Manifest.permission.CALL_PHONE) == PackageManager.PERMISSION_GRANTED
&& ContextCompat.checkSelfPermission(this, Manifest.permission.CAMERA) == PackageManager.PERMISSION_GRANTED
) {
call();
} else if (shouldShowRequestPermissionRationale(Manifest.permission.CALL_PHONE)) {
DialogUtils.showDialog(this, new DialogClickListener() {
@Override
public void ok() {
// 5、launch方法中参数由String变成String[]
requestPermissionLauncher.launch(new String[]{
Manifest.permission.CALL_PHONE,Manifest.permission.CAMERA});
}
});
} else {
requestPermissionLauncher.launch(new String[]{
Manifest.permission.CALL_PHONE,Manifest.permission.CAMERA});
}
}
Apply for permission in Fragment
To apply for permissions in a Fragment, do not use ActivityCompat.requestPermissions, use the Fragment's requestPermissions method directly, otherwise it will call back to the Activity's onRequestPermissionsResult
If you nest a Fragment in a Fragment, it is recommended to use the getParentFragment().requestPermissions method, which will call back to the parent Fragment In onRequestPermissionsResult, add the following code to transparently pass the callback to the child Fragment.
@Override
public void onRequestPermissionsResult(int requestCode, String[] permissions, int[] grantResults) {
super.onRequestPermissionsResult(requestCode, permissions, grantResults);
List fragments = getChildFragmentManager().getFragments();
if (fragments != null) {
for (Fragment fragment : fragments) {
if (fragment != null) {
fragment.onRequestPermissionsResult(requestCode,permissions,grantResults);
}
}
}
}
Authority arrangement
| permission name | permissions | detailed | |
|---|---|---|---|
| access registration properties | android.permission.ACCESS_CHECKIN_PROPERTIES | Permission to read or write the properties table of the check-in database | |
| Get the wrong position | android.permission.ACCESS_COARSE_LOCATION | Obtain the user's erroneous latitude and longitude information through WiFi or mobile base stations, and the positioning accuracy is about 30 to 1500 meters. | |
| get precise location | android.permission.ACCESS_FINE_LOCATION | Receive satellite positioning information through the GPS chip, and the positioning accuracy is within 10 meters | |
| Access to Locate Extra Commands | android.permission.ACCESS_LOCATION_EXTRA_COMMANDS | Allows programs to access additional location provider directives | |
| Obtain simulated positioning information | android.permission.ACCESS_MOCK_LOCATION | Obtain simulated positioning information, which is generally used to help developers debug applications | |
| get network status | android.permission.ACCESS_NETWORK_STATE | Obtain network information status, such as whether the current network connection is valid | |
| Visit Surface Flinger | android.permission.ACCESS_SURFACE_FLINGER | Low-level graphics display support on the Android platform, generally used for screenshots of game or camera preview interfaces and low-level modes | |
| Get WiFi status | android.permission.ACCESS_WIFI_STATE | Obtain the current status of WiFi access and information of WLAN hotspots | |
| account management | android.permission.ACCOUNT_MANAGER | Obtain account verification information, mainly GMail account information, which can only be accessed by system-level processes | |
| verify account | android.permission.AUTHENTICATE_ACCOUNTS | Allows a program to access account management ACCOUNT_MANAGER related information through account authentication | |
| Power statistics | android.permission.BATTERY_STATS | Get battery statistics | |
| bind widget | android.permission.BIND_APPWIDGET | Allows a program to tell the appWidget service that it needs to access the widget's database. Only very few applications use this permission | |
| Bind device management | android.permission.BIND_DEVICE_ADMIN | Request system administrator receiver receiver, only the system can use | |
| binding input method | android.permission.BIND_INPUT_METHOD | Request InputMethodService service, only the system can use it | |
| bind RemoteView | android.permission.BIND_REMOTEVIEWS | It must be requested through the RemoteViewsService service, only the system can use it | |
| binding wallpaper | android.permission.BIND_WALLPAPER | 必须通过WallpaperService服务来请求,只有系统才能用 | |
| 使用蓝牙 | android.permission.BLUETOOTH | 允许程序连接配对过的蓝牙设备 | |
| 蓝牙管理 | android.permission.BLUETOOTH_ADMIN | 允许程序进行发现和配对新的蓝牙设备 | |
| 变成砖头 | android.permission.BRICK | 能够禁用手机,非常危险,顾名思义就是让手机变成砖头 | |
| 应用删除时广播 | android.permission.BROADCAST_PACKAGE_REMOVED | 当一个应用在删除时触发一个广播 | |
| 收到短信时广播 | android.permission.BROADCAST_SMS | 当收到短信时触发一个广播 | |
| 连续广播 | android.permission.BROADCAST_STICKY | 允许一个程序收到广播后快速收到下一个广播 | |
| WAP PUSH广播 | android.permission.BROADCAST_WAP_PUSH | WAP PUSH服务收到后触发一个广播 | |
| 拨打电话 | android.permission.CALL_PHONE | 允许程序从非系统拨号器里输入电话号码 | |
| 通话权限 | android.permission.CALL_PRIVILEGED | 允许程序拨打电话,替换系统的拨号器界面 | |
| 拍照权限 | android.permission.CAMERA | 允许访问摄像头进行拍照 | |
| 改变组件状态 | android.permission.CHANGE_COMPONENT_ENABLED_STATE | 改变组件是否启用状态 | |
| 改变配置 | android.permission.CHANGE_CONFIGURATION | 允许当前应用改变配置 | 如定位 |
| 改变网络状态 | android.permission.CHANGE_NETWORK_STATE | 改变网络状态如是否能联网 | |
| 改变WiFi多播状态 | android.permission.CHANGE_WIFI_MULTICAST_STATE | 改变WiFi多播状态 | |
| 改变WiFi状态 | android.permission.CHANGE_WIFI_STATE | 改变WiFi状态 | |
| 清除应用缓存 | android.permission.CLEAR_APP_CACHE | 清除应用缓存 | |
| 清除用户数据 | android.permission.CLEAR_APP_USER_DATA | 清除应用的用户数据 | |
| 底层访问权限 | android.permission.CWJ_GROUP | 允许CWJ账户组访问底层信息 | |
| 手机优化大师扩展权限 | android.permission.CELL_PHONE_MASTER_EX | 手机优化大师扩展权限 | |
| 控制定位更新 | android.permission.CONTROL_LOCATION_UPDATES | 允许获得移动网络定位信息改变 | |
| 删除缓存文件 | android.permission.DELETE_CACHE_FILES | 允许应用删除缓存文件 | |
| 删除应用 | android.permission.DELETE_PACKAGES | 允许程序删除应用 | |
| 电源管理 | android.permission.DEVICE_POWER | 允许访问底层电源管理 | |
| 应用诊断 | android.permission.DIAGNOSTIC | 允许程序到RW到诊断资源 | |
| 禁用键盘锁 | android.permission.DISABLE_KEYGUARD | 允许程序禁用键盘锁 | |
| 转存系统信息 | android.permission.DUMP | 允许程序获取系统dump信息从系统服务 | |
| 状态栏控制 | android.permission.EXPAND_STATUS_BAR | 允许程序扩展或收缩状态栏 | |
| 工厂测试模式 | android.permission.FACTORY_TEST | 允许程序运行工厂测试模式 | |
| 使用闪光灯 | android.permission.FLASHLIGHT | 允许访问闪光灯 | |
| 强制后退 | android.permission.FORCE_BACK | 允许程序强制使用back后退按键,无论Activity是否在顶层 | |
| 访问账户Gmail列表 | android.permission.GET_ACCOUNTS | 访问GMail账户列表 | |
| 获取应用大小 | android.permission.GET_PACKAGE_SIZE | 获取应用的文件大小 | |
| 获取任务信息 | android.permission.GET_TASKS | 允许程序获取当前或最近运行的应用 | |
| 允许全局搜索 | android.permission.GLOBAL_SEARCH | 允许程序使用全局搜索功能 | |
| 硬件测试 | android.permission.HARDWARE_TEST | 访问硬件辅助设备,用于硬件测试 | |
| 注射事件 | android.permission.INJECT_EVENTS | 允许访问本程序的底层事件,获取按键、轨迹球的事件流 | |
| 安装定位提供 | android.permission.INSTALL_LOCATION_PROVIDER | 安装定位提供 | |
| 安装应用程序 | android.permission.INSTALL_PACKAGES | 允许程序安装应 用 | |
| 内部系统窗口 | android.permission.INTERNAL_SYSTEM_WINDOW | 允许程序打开内部窗口,不对第三方应用程序开放此权限 | |
| 访问网络 | android.permission.INTERNET | 访问网络连接,可能产生GPRS流量 | |
| 结束后台进程 | android.permission.KILL_BACKGROUND_PROCESSES | 允许程序调用killBackgroundProcesses(String).方法结束后台进程 | |
| 管理账户 | android.permission.MANAGE_ACCOUNTS | 允许程序管理AccountManager中的账户列表 | |
| 管理程序引用 | android.permission.MANAGE_APP_TOKENS | 管理创建、摧毁、Z轴顺序,仅用于系统 | |
| 高级权限 | android.permission.MTWEAK_USER | 允许mTweak用户访问高级系统权限 | |
| 社区权限 | android.permission.MTWEAK_FORUM | 允许使用mTweak社区权限 | |
| 软格式化 | android.permission.MASTER_CLEAR | 允许程序执行软格式化,删除系统配置信息 | |
| 修改声音设置 | android.permission.MODIFY_AUDIO_SETTINGS | 修改声音设置信息 | |
| 修改电话状态 | android.permission.MODIFY_PHONE_STATE | 修改电话状态,如飞行模式,但不包含替换系统拨号器界面 | |
| 格式化文件系统 | android.permission.MOUNT_FORMAT_FILESYSTEMS | 格式化可移动文件系统,比如格式化清空SD卡 | |
| 挂载文件系统 | android.permission.MOUNT_UNMOUNT_FILESYSTEMS | 挂载、反挂载外部文件系统 | |
| 允许NFC通讯 | android.permission.NFC | 允许程序执行NFC近距离通讯操作,用于移动支持 | |
| 永久Activity | android.permission.PERSISTENT_ACTIVITY | 创建一个永久的Activity,该功能标记为将来将被移除 | |
| 处理拨出电话 | android.permission.PROCESS_OUTGOING_CALLS | 允许程序监视,修改或放弃播出电话 | |
| 读取日程提醒 | android.permission.READ_CALENDAR | 允许程序读取用户的日程信息 | |
| 读取联系人 | android.permission.READ_CONTACTS | 允许应用访问联系人通讯录信息 | |
| 屏幕截图 | android.permission.READ_FRAME_BUFFER | 读取帧缓存用于屏幕截图 | |
| 读取收藏夹和历史记录 | com.android.browser.permission.READ_HISTORY_BOOKMARKS | 读取浏览器收藏夹和历史记录 | |
| 读取输入状态 | android.permission.READ_INPUT_STATE | 读取当前键的输入状态,仅用于系统 | |
| 读取系统日志 | android.permission.READ_LOGS | 读取系统底层日志 | |
| 读取电话状态 | android.permission.READ_PHONE_STATE | 访问电话状态 | |
| 读取短信内容 | android.permission.READ_SMS | 读取短信内容 | |
| 读取同步设置 | android.permission.READ_SYNC_SETTINGS | 读取同步设置,读取Google在线同步设置 | |
| 读取同步状态 | android.permission.READ_SYNC_STATS | 读取同步状态,获得Google在线同步状态 | |
| 重启设备 | android.permission.REBOOT | 允许程序重新启动设备 | |
| 开机自动允许 | android.permission.RECEIVE_BOOT_COMPLETED | 允许程序开机自动运行 | |
| 接收彩信 | android.permission.RECEIVE_MMS | 接收彩信 | |
| 接收短信 | android.permission.RECEIVE_SMS | 接收短信 | |
| 接收Wap Push | android.permission.RECEIVE_WAP_PUSH | 接收WAP PUSH信息 | |
| 录音 | android.permission.RECORD_AUDIO | 录制声音通过手机或耳机的麦克 | |
| 排序系统任务 | android.permission.REORDER_TASKS | 重新排序系统Z轴运行中的任务 | |
| 结束系统任务 | android.permission.RESTART_PACKAGES | 结束任务通过restartPackage(String)方法,该方式将在外来放弃 | |
| 发送短信 | android.permission.SEND_SMS | 发送短信 | |
| 设置Activity观察器 | android.permission.SET_ACTIVITY_WATCHER | 设置Activity观察器一般用于monkey测试 | |
| 设置闹铃提醒 | com.android.alarm.permission.SET_ALARM | 设置闹铃提醒 | |
| 设置总是退出 | android.permission.SET_ALWAYS_FINISH | 设置程序在后台是否总是退出 | |
| 设置动画缩放 | android.permission.SET_ANIMATION_SCALE | 设置全局动画缩放 | |
| 设置调试程序 | android.permission.SET_DEBUG_APP | 设置调试程序,一般用于开发 | |
| 设置屏幕方向 | android.permission.SET_ORIENTATION | 设置屏幕方向为横屏或标准方式显示,不用于普通应用 | |
| 设置应用参数 | android.permission.SET_PREFERRED_APPLICATIONS | 设置应用的参数,已不再工作具体查看addPackageToPreferred(String) 介绍 | |
| 设置进程限制 | android.permission.SET_PROCESS_LIMIT | 允许程序设置最大的进程数量的限制 | |
| 设置系统时间 | android.permission.SET_TIME | 设置系统时间 | |
| 设置系统时区 | android.permission.SET_TIME_ZONE | 设置系统时区 | |
| 设置桌面壁纸 | android.permission.SET_WALLPAPER | 设置桌面壁纸 | |
| 设置壁纸建议 | android.permission.SET_WALLPAPER_HINTS | 设置壁纸建议 | |
| 发送永久进程信号 | android.permission.SIGNAL_PERSISTENT_PROCESSES | 发送一个永久的进程信号 | |
| 状态栏控制 | android.permission.STATUS_BAR | 允许程序打开、关闭、禁用状态栏 | |
| 访问订阅内容 | android.permission.SUBSCRIBED_FEEDS_READ | 访问订阅信息的数据库 | |
| 写入订阅内容 | android.permission.SUBSCRIBED_FEEDS_WRITE | 写入或修改订阅内容的数据库 | |
| 显示系统窗口 | android.permission.SYSTEM_ALERT_WINDOW | 显示系统窗口 | |
| 更新设备状态 | android.permission.UPDATE_DEVICE_STATS | 更新设备状态 | |
| 使用证书 | android.permission.USE_CREDENTIALS | 允许程序请求验证从AccountManager | |
| 使用SIP视频 | android.permission.USE_SIP | 允许程序使用SIP视频服务 | |
| 使用振动 | android.permission.VIBRATE | 允许振动 | |
| 唤醒锁定 | android.permission.WAKE_LOCK | 允许程序在手机屏幕关闭后后台进程仍然运行 | |
| 写入GPRS接入点设置 | android.permission.WRITE_APN_SETTINGS | 写入网络GPRS接入点设置 | |
| 写入日程提醒 | android.permission.WRITE_CALENDAR | 写入日程,但不可读取 | |
| 写入联系人 | android.permission.WRITE_CONTACTS | 写入联系人,但不可读取 | |
| 写入外部存储 | android.permission.WRITE_EXTERNAL_STORAGE | 允许程序写入外部存储,如SD卡上写文件 | |
| 写入Google地图数据 | android.permission.WRITE_GSERVICES | 允许程序写入Google Map服务数据 | |
| 写入收藏夹和历史记录 | com.android.browser.permission.WRITE_HISTORY_BOOKMARKS | 写入浏览器历史记录或收藏夹,但不可读取 | |
| 读写系统敏感设置 | android.permission.WRITE_SECURE_SETTINGS | 允许程序读写系统安全敏感的设置项 | |
| 读写系统设置 | android.permission.WRITE_SETTINGS | 允许读写系统设置项 | |
| 编写短信 | android.permission.WRITE_SMS | 允许编写短信 | |
| 写入在线同步设置 | android.permission.WRITE_SYNC_SETTINGS | 写入Google在线同步设置 |