Android Map V2 - Why MAPS_RECEIVE permission

Question

Consider this as a wiki question.

While I setup my project to support Map V2, There has been a step to add MAPS_RECEIVE permission.

Answer 1

This permission specifies your package name. i.e.

  <permission
          android:name="package_name.permission.MAPS_RECEIVE"
          android:protectionLevel="signature"/>
  <uses-permission android:name="package_name.permission.MAPS_RECEIVE"/>

thus, the google API simply allows your project to recieve the map. The permission tells where to use the API.

Answer 2

I found that this permission is still needed when using the debug certificate. When I exported and signed my application it worked fine, but it wouldn't work when I used the debug cert. I have the MD5 for both my debug cert and application cert associated with the same key. When I finally added these extra permissions, it worked. I am using a Moto X running 4.4 with everything up to date.

Answer 3

This is the same pattern you see when using Google Cloud Messaging (GCM) with its C2D_MESSAGE permission. The idea is to protect an endpoint in your application (e.g. a broadcast receiver) so that some other component (presumably part of the Maps API) can contact it securely (otherwise, another application could impersonate your application by using the same intent filter).

In this case, then, Maps API internally sets up such an endpoint (transparently to you) and can, with the use of this permission, that this endpoint cannot be impersonated (because to do so would require the permission, which is protected by your application signature).

Answer 4

For future visitors:

This permission is now completely unnecessary. The latest update of Google Play Services 3.1.59 made it useless. As a result, it can be removed.

source