Unlike a desktop environment, this provides an opportunity for the user to know in advance what resources the application is seeking access to. In other words, user permission is a must to access any kind of critical resource on the device. By looking at the requested permission, the user is more aware of the risks involved in installing the application.
As mentioned before, developers have to identify the permissions in a file named AndroidManifest.xml. For example, if the application needs to access the internet, the permission INTERNET is specified using the following code in the AndroidManifest.xml file:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.rohit">
…
<uses-permission android:name="android.permission.INTERNET" />
…
</manifest>
Android permissions are categorized into four levels:
|
Permission type |
Description |
|
Normal |
This is the default value. These are low risk permissions and do not pose a risk to other applications, system, or user. This permission is automatically granted to the user without asking for user approval during installation. |
|
Dangerous |
These are the permissions that can cause harm to the system and other applications. Hence, user approval is necessary during installation. |
|
Signature |
These are automatically granted to a requesting app if that app is signed by the same certificate as the one that declared/created the permission. This level is designed to allow apps that are part of a suite, or otherwise related, to share data. |
|
Signature/System |
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. |