SlideShare a Scribd company logo

Android secuirty permission - upload

Download as PPTX, PDF
B
Bin Yang

This document discusses Android permissions, including what permissions are, different permission levels (normal, dangerous, signature, signatureOrSystem), how to define and request permissions in the manifest file, how permissions are granted at install time and in runtime in Android M and later, and how permission enforcement works at the kernel, Java component, and native daemon levels. It also covers defining custom permissions in an APK manifest, permission conflicts, and revoking permissions in runtime.

Engineering
1 of 20
Downloaded 23 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
1 Android Security - Permission
2 Agenda • What is permission • System prebuilt vs APK Custom • Request a permission • Grant permission • Enforce Permission • Runtime permission
3 What is Permission • Applications (UIDs) are assigned permissions • Permissions are needed to control access to System resources (logs, battery, etc.) Sensitive data (SMS, contacts, e-mails, etc.) System interfaces (Internet, send SMS, etc.) • Application (developers) can also define own permissions to protect application interfaces • A string
4 Permission Group Divide permissions into some groups based on functionality. In M, Permission is granted by group.
5 Permission Level • Normal Lower-risk permission, auto grant in installation • Dangerous Higher-risk permission, Need user grant.(Runtime grant/revoke in M) • Signature Auto grant in installation if caller/callee are signed by same certification • SignatureOrSystem Auto grant in installation if caller/callee are signed by same certification or caller is in system image.
6 System Prebuilt In frameworks/base/core/res/AndroidManifest.xml <permission android:name="android.permission.READ_CONTACTS" android:permissionGroup="android.permission-group.CONTACTS" android:label="@string/permlab_readContacts" android:description="@string/permdesc_readContacts" android:protectionLevel="dangerous" />
7 APK Custom In AndroidManifest.xml of APK <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.android.myapp" > <permission android:name="com.example.app.DO_X" android:label="@string/do_x_label" android:description="@string/do_x_desc" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="dangerous" /> … </manifest>
8 Permission Conflict Multiple applications may attempt to define the same permission name • "first definition wins" principle. • Android 4.4.3+ gives precedence to system applications • Android 5.0+ blocks installation completely for applications attempting to define an existing permission if they are signed with a different key than the first definer
9 Request Permission Declare in AndroidMainifest.xml <manifest package="com.XXX"> <uses-permission android:name="android.permission.XXX" /> … </manifest>
10 Grant Permission Grant the permission when installation before M.
11 Grant Permission • Android cannot grant permissions that don’t exist yet If an application requires a permission which is not existing in system, the system will not grant the permission to the requesting application. • An application who defines <permission> is uninstalled, the permission records are removed from the system’s known permissions list. Any applications currently holding that permission will still have the permission granted to them until they are updated/reinstalled.
12 Grant Permission (2) Assign permission in prebuilt etc/permission/platform.xml <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />  Assign higher-level permissions to system processes running under a specific UID that do not have a corresponding package.  Allows specific core system users to perform the given operations with the higher-level framework
13 Enforce Permission • Kernel • Java components • Native daemons
14 Enforce Permission - Kernel Access to files/device nodes/and local sockets is regulated by Kernel. Permission <map> Supplementary GIDs <permission name="android.permission.ACCESS_FM_RADIO" > <group gid="media" /> </permission> JNI APK Device Node Security check APK has a special permission which is mapped to GroupB in platform.xml Group B UserID :arbitrary
15 Java Components - Static Managed by ActivityManagerService Components who uses permission Components who declares permission Check by AMS
16 Java Components - Dynamic Programmatically check if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.XX) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException("Requires XXX permission"); }
17 Native daemons Dynamic Programmatically check
18 Runtime Permission • Support in M • Dangerous permissions can be granted/revoked in runtime. • Other permission will be granted in installation automatically. • Only has to grant permission once per app for each permission group. • No difference for permission enforce
19 Runtime Permission - Revoke Before M: Not allowed From M: Revocable from Settings.
20 Runtime Permission - Caller • Always Check for Permissions • Handle Lack of Permissions Gracefully if (checkSelfPermission(Manifest.permission.READ_CONTACTS) != PackageManager.PERMISSION_GRANTED) { if (shouldShowRequestPermissionRationale( Manifest.permission.READ_CONTACTS)) { } requestPermissions(new String[]{Manifest.permission.READ_CONTACTS}, MY_PERMISSIONS_REQUEST_READ_CONTACTS); return; }

More Related Content

What's hot (6)

PDF
Android security
Krazy Koder
 
PPT
Design for security in operating system
Bhagyashree Barde
 
PDF
MR201408 SE for Android Overview
FFRI, Inc.
 
PDF
Ece seminar 20070927
Todd Deshane
 
PPTX
SCEP 2012 inside SCCM 2012
Microsoft TechNet - Belgium and Luxembourg
 
PPT
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
blusmurfydot1
 
Android security
Krazy Koder
 
Design for security in operating system
Bhagyashree Barde
 
MR201408 SE for Android Overview
FFRI, Inc.
 
Ece seminar 20070927
Todd Deshane
 
SCEP 2012 inside SCCM 2012
Microsoft TechNet - Belgium and Luxembourg
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
blusmurfydot1
 

Viewers also liked (20)

PPTX
20150909 日本androidの会9月定例講演資料
ak_shio_555
 
PPTX
Tips dan Third Party Library untuk Android - Part 1
Ibnu Sina Wardy
 
ODP
Android permission system
Shivang Goel
 
PPT
Sandbox Introduction
msimkin
 
PDF
Anatomizing online payment systems: hack to shop
Abhinav Mishra
 
PPTX
Security threats in Android OS + App Permissions
Hariharan Ganesan
 
ODP
Android(1)
Nikola Milosevic
 
ODP
Android permission system
Shivang Goel
 
ODP
Android training day 4
Vivek Bhusal
 
PDF
Web Services and Android - OSSPAC 2009
sullis
 
PDF
Android 6.0 permission change
彥彬 洪
 
PPTX
Android AsyncTask Tutorial
Perfect APK
 
ODP
Json Tutorial
Napendra Singh
 
PDF
Basic Android Push Notification
Chaiyasit Tayabovorn
 
PDF
Android new permission model
Takuji Nishibayashi
 
PPTX
JSON overview and demo
Flatiron School
 
PDF
App Permissions
Shinobu Okano
 
PDF
Simple JSON parser
Dongjun Lee
 
PDF
Android webservices
Krazy Koder
 
ODP
Android porting for dummies @droidconin 2011
pundiramit
 
20150909 日本androidの会9月定例講演資料
ak_shio_555
 
Tips dan Third Party Library untuk Android - Part 1
Ibnu Sina Wardy
 
Android permission system
Shivang Goel
 
Sandbox Introduction
msimkin
 
Anatomizing online payment systems: hack to shop
Abhinav Mishra
 
Security threats in Android OS + App Permissions
Hariharan Ganesan
 
Android(1)
Nikola Milosevic
 
Android permission system
Shivang Goel
 
Android training day 4
Vivek Bhusal
 
Web Services and Android - OSSPAC 2009
sullis
 
Android 6.0 permission change
彥彬 洪
 
Android AsyncTask Tutorial
Perfect APK
 
Json Tutorial
Napendra Singh
 
Basic Android Push Notification
Chaiyasit Tayabovorn
 
Android new permission model
Takuji Nishibayashi
 
JSON overview and demo
Flatiron School
 
App Permissions
Shinobu Okano
 
Simple JSON parser
Dongjun Lee
 
Android webservices
Krazy Koder
 
Android porting for dummies @droidconin 2011
pundiramit
 
Ad

Similar to Android secuirty permission - upload (20)

PDF
Android Security
Mehrnaz Amoon
 
PPT
Android Security
Suminda Gunawardhana
 
PPT
Permission enforcement s in android new (1)
Siddhartha Kakarla
 
PDF
A Framework for Providing Selective Permissions to Android Applications
IOSR Journals
 
PPTX
Privilege Escalation in Ethical Hacking.pptx
Guna Dhondwad
 
PDF
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 
PDF
Securing Android
Marakana Inc.
 
PPTX
Mobile security
priyanka pandey
 
PDF
Unit 3 Android Permission Model.pdf Android Permission Model
ChatanBawankar
 
PDF
Securing android applications
Jose Manuel Ortega Candel
 
PPTX
128-ch4.pptx
SankalpKabra
 
PPTX
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
PPTX
Permission in Android Security: Threats and solution
Tandhy Simanjuntak
 
PDF
CNIT 128 Ch 4: Android
Sam Bowne
 
DOCX
report on network security fundamentals
Jassika
 
PPTX
Hacker Halted 2014 - Reverse Engineering the Android OS
EC-Council
 
PDF
Maemo Platform Security Fosdem
Elena Reshetova
 
PPTX
Lannguyen-Detecting Cyber Attacks
Security Bootcamp
 
PDF
Stormwatch micration
Torsten Böttger
 
PDF
Internet Download Manager (IDM) Free key
alihamzakpa039
 
Android Security
Mehrnaz Amoon
 
Android Security
Suminda Gunawardhana
 
Permission enforcement s in android new (1)
Siddhartha Kakarla
 
A Framework for Providing Selective Permissions to Android Applications
IOSR Journals
 
Privilege Escalation in Ethical Hacking.pptx
Guna Dhondwad
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 
Securing Android
Marakana Inc.
 
Mobile security
priyanka pandey
 
Unit 3 Android Permission Model.pdf Android Permission Model
ChatanBawankar
 
Securing android applications
Jose Manuel Ortega Candel
 
128-ch4.pptx
SankalpKabra
 
Octopus framework; Permission based security framework for Java EE
Rudy De Busscher
 
Permission in Android Security: Threats and solution
Tandhy Simanjuntak
 
CNIT 128 Ch 4: Android
Sam Bowne
 
report on network security fundamentals
Jassika
 
Hacker Halted 2014 - Reverse Engineering the Android OS
EC-Council
 
Maemo Platform Security Fosdem
Elena Reshetova
 
Lannguyen-Detecting Cyber Attacks
Security Bootcamp
 
Stormwatch micration
Torsten Böttger
 
Internet Download Manager (IDM) Free key
alihamzakpa039
 
Ad

More from Bin Yang (8)

PPTX
Introduction of android treble
Bin Yang
 
PPTX
Introduction of Android Architecture
Bin Yang
 
PPTX
New features in android m upload
Bin Yang
 
PPTX
Android ressource and overlay upload
Bin Yang
 
PPTX
Linker namespace upload
Bin Yang
 
PPTX
Linker and loader upload
Bin Yang
 
PPTX
Update from android kk to android l
Bin Yang
 
PPTX
Google IO 2014 overview
Bin Yang
 
Introduction of android treble
Bin Yang
 
Introduction of Android Architecture
Bin Yang
 
New features in android m upload
Bin Yang
 
Android ressource and overlay upload
Bin Yang
 
Linker namespace upload
Bin Yang
 
Linker and loader upload
Bin Yang
 
Update from android kk to android l
Bin Yang
 
Google IO 2014 overview
Bin Yang
 

Recently uploaded (20)

PPTX
Abstract Data Types (ADTs) in Data Structures
mwaslam2303
 
PPTX
Introduction to Neural Networks and Perceptron Learning Algorithm.pptx
Kayalvizhi A
 
PPTX
Coding about python and MySQL connectivity
inderjitsingh1985as
 
PDF
LEARNING CROSS-LINGUAL WORD EMBEDDINGS WITH UNIVERSAL CONCEPTS
kjim477n
 
PPTX
Smart_Cities_IoT_Integration_Presentation.pptx
YashBhisade1
 
PDF
Geothermal Heat Pump ppt-SHRESTH S KOKNE
SHRESTHKOKNE
 
PPTX
Structural Functiona theory this important for the theorist
cagumaydanny26
 
PPT
04 Origin of Evinnnnnnnnnnnnnnnnnnnnnnnnnnl-notes.ppt
LuckySangalala1
 
PDF
Unified_Cloud_Comm_Presentation anil singh ppt
anilsingh298751
 
PPTX
Unit II: Meteorology of Air Pollution and Control Engineering:
sundharamm
 
PPTX
Data_Analytics_Presentation_By_Malik_Azanish_Asghar.pptx
azanishmalik1
 
PDF
mosfet introduction engg topic for students.pdf
trsureshkumardata
 
PPTX
purpose of this tutorial is to introduce you to Computers and its fundamentals.
rameshwardayalrao1
 
PDF
Comparative Analysis of the Use of Iron Ore Concentrate with Different Binder...
msejjournal
 
PDF
SMART HOME AUTOMATION PPT BY - SHRESTH SUDHIR KOKNE
SHRESTHKOKNE
 
PDF
BioSensors glucose monitoring, cholestrol
nabeehasahar1
 
PDF
POWER PLANT ENGINEERING (R17A0326).pdf..
haneefachosa123
 
PDF
NOISE CONTROL ppt - SHRESTH SUDHIR KOKNE
SHRESTHKOKNE
 
PPTX
111111111111111111111111111111111111111111.pptx
sppatelrs
 
PPTX
Dolphin_Conservation_AI_txhasvssbxbanvgdghng
jeeaspirant2026fr
 
Abstract Data Types (ADTs) in Data Structures
mwaslam2303
 
Introduction to Neural Networks and Perceptron Learning Algorithm.pptx
Kayalvizhi A
 
Coding about python and MySQL connectivity
inderjitsingh1985as
 
LEARNING CROSS-LINGUAL WORD EMBEDDINGS WITH UNIVERSAL CONCEPTS
kjim477n
 
Smart_Cities_IoT_Integration_Presentation.pptx
YashBhisade1
 
Geothermal Heat Pump ppt-SHRESTH S KOKNE
SHRESTHKOKNE
 
Structural Functiona theory this important for the theorist
cagumaydanny26
 
04 Origin of Evinnnnnnnnnnnnnnnnnnnnnnnnnnl-notes.ppt
LuckySangalala1
 
Unified_Cloud_Comm_Presentation anil singh ppt
anilsingh298751
 
Unit II: Meteorology of Air Pollution and Control Engineering:
sundharamm
 
Data_Analytics_Presentation_By_Malik_Azanish_Asghar.pptx
azanishmalik1
 
mosfet introduction engg topic for students.pdf
trsureshkumardata
 
purpose of this tutorial is to introduce you to Computers and its fundamentals.
rameshwardayalrao1
 
Comparative Analysis of the Use of Iron Ore Concentrate with Different Binder...
msejjournal
 
SMART HOME AUTOMATION PPT BY - SHRESTH SUDHIR KOKNE
SHRESTHKOKNE
 
BioSensors glucose monitoring, cholestrol
nabeehasahar1
 
POWER PLANT ENGINEERING (R17A0326).pdf..
haneefachosa123
 
NOISE CONTROL ppt - SHRESTH SUDHIR KOKNE
SHRESTHKOKNE
 
111111111111111111111111111111111111111111.pptx
sppatelrs
 
Dolphin_Conservation_AI_txhasvssbxbanvgdghng
jeeaspirant2026fr
 

Android secuirty permission - upload

  • 1. 1 Android Security - Permission
  • 2. 2 Agenda • What is permission • System prebuilt vs APK Custom • Request a permission • Grant permission • Enforce Permission • Runtime permission
  • 3. 3 What is Permission • Applications (UIDs) are assigned permissions • Permissions are needed to control access to System resources (logs, battery, etc.) Sensitive data (SMS, contacts, e-mails, etc.) System interfaces (Internet, send SMS, etc.) • Application (developers) can also define own permissions to protect application interfaces • A string
  • 4. 4 Permission Group Divide permissions into some groups based on functionality. In M, Permission is granted by group.
  • 5. 5 Permission Level • Normal Lower-risk permission, auto grant in installation • Dangerous Higher-risk permission, Need user grant.(Runtime grant/revoke in M) • Signature Auto grant in installation if caller/callee are signed by same certification • SignatureOrSystem Auto grant in installation if caller/callee are signed by same certification or caller is in system image.
  • 6. 6 System Prebuilt In frameworks/base/core/res/AndroidManifest.xml <permission android:name="android.permission.READ_CONTACTS" android:permissionGroup="android.permission-group.CONTACTS" android:label="@string/permlab_readContacts" android:description="@string/permdesc_readContacts" android:protectionLevel="dangerous" />
  • 7. 7 APK Custom In AndroidManifest.xml of APK <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.android.myapp" > <permission android:name="com.example.app.DO_X" android:label="@string/do_x_label" android:description="@string/do_x_desc" android:permissionGroup="android.permission-group.PERSONAL_INFO" android:protectionLevel="dangerous" /> … </manifest>
  • 8. 8 Permission Conflict Multiple applications may attempt to define the same permission name • "first definition wins" principle. • Android 4.4.3+ gives precedence to system applications • Android 5.0+ blocks installation completely for applications attempting to define an existing permission if they are signed with a different key than the first definer
  • 9. 9 Request Permission Declare in AndroidMainifest.xml <manifest package="com.XXX"> <uses-permission android:name="android.permission.XXX" /> … </manifest>
  • 10. 10 Grant Permission Grant the permission when installation before M.
  • 11. 11 Grant Permission • Android cannot grant permissions that don’t exist yet If an application requires a permission which is not existing in system, the system will not grant the permission to the requesting application. • An application who defines <permission> is uninstalled, the permission records are removed from the system’s known permissions list. Any applications currently holding that permission will still have the permission granted to them until they are updated/reinstalled.
  • 12. 12 Grant Permission (2) Assign permission in prebuilt etc/permission/platform.xml <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />  Assign higher-level permissions to system processes running under a specific UID that do not have a corresponding package.  Allows specific core system users to perform the given operations with the higher-level framework
  • 13. 13 Enforce Permission • Kernel • Java components • Native daemons
  • 14. 14 Enforce Permission - Kernel Access to files/device nodes/and local sockets is regulated by Kernel. Permission <map> Supplementary GIDs <permission name="android.permission.ACCESS_FM_RADIO" > <group gid="media" /> </permission> JNI APK Device Node Security check APK has a special permission which is mapped to GroupB in platform.xml Group B UserID :arbitrary
  • 15. 15 Java Components - Static Managed by ActivityManagerService Components who uses permission Components who declares permission Check by AMS
  • 16. 16 Java Components - Dynamic Programmatically check if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.XX) != PackageManager.PERMISSION_GRANTED) { throw new SecurityException("Requires XXX permission"); }
  • 18. 18 Runtime Permission • Support in M • Dangerous permissions can be granted/revoked in runtime. • Other permission will be granted in installation automatically. • Only has to grant permission once per app for each permission group. • No difference for permission enforce
  • 19. 19 Runtime Permission - Revoke Before M: Not allowed From M: Revocable from Settings.
  • 20. 20 Runtime Permission - Caller • Always Check for Permissions • Handle Lack of Permissions Gracefully if (checkSelfPermission(Manifest.permission.READ_CONTACTS) != PackageManager.PERMISSION_GRANTED) { if (shouldShowRequestPermissionRationale( Manifest.permission.READ_CONTACTS)) { } requestPermissions(new String[]{Manifest.permission.READ_CONTACTS}, MY_PERMISSIONS_REQUEST_READ_CONTACTS); return; }

Editor's Notes

  • #12: When the application given a pending intent triggers the actual intent, it does so with the same permissions and the identity as the application that created the pending intent