As shown in the following screenshot, any Android application must be granted permissions to access sensitive functionality—such as the internet, dialer, and so on—by the user. This provides an opportunity for the user to know in advance which functionality on the device is being accessed by the application. Simply put, it requires the user's permission to perform any kind of malicious activity (stealing data, compromising the system, and so on).

This model helps the user to prevent attacks, but if the user is unaware and gives away a lot of permissions, it leaves them in trouble (remember—when it comes to installing malware on any device, the weakest link is always the user).

Until Android 6.0, users needed to grant the permissions during install time. Users had to either accept all the permissions or not install the application. But, starting from Android 6.0, users grant permissions to apps while the app is running. This new permission system also gives the user more control over the app's functionality by allowing the user to grant selective permissions. For example, a user can deny a particular app access to their location but provide access to the internet. The user can revoke the permissions at any time by going to the app's Settings screen. From a forensic perspective, what this means is that the kind of information that can be extracted from a device depends not only on the device and the installed apps but also on the permissions that are configured by the user.