Android Map V2 - Why MAPS_RECEIVE permission

Question

Consider this as a wiki question.

While I setup my project to support Map V2, There has been a step to add MAPS_RECEIVE permission.

<permission
          android:name="com.example.mapdemo.permission.MAPS_RECEIVE"
          android:protectionLevel="signature"/>
<uses-permission android:name="com.example.mapdemo.permission.MAPS_RECEIVE"/>

Why we creating and consuming the permission from the app itself?

Is that google play services app interact using this permission ?

This permission can't takes care of these things?

<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES"/>

I thought the use of custom permission is to allow other apps to launch/use our app's services/resources.

Answer 1

For future visitors:

This permission is now completely unnecessary. The latest update of Google Play Services 3.1.59 made it useless. As a result, it can be removed.

source

Answer 2

This is the same pattern you see when using Google Cloud Messaging (GCM) with its C2D_MESSAGE permission. The idea is to protect an endpoint in your application (e.g. a broadcast receiver) so that some other component (presumably part of the Maps API) can contact it securely (otherwise, another application could impersonate your application by using the same intent filter).

In this case, then, Maps API internally sets up such an endpoint (transparently to you) and can, with the use of this permission, that this endpoint cannot be impersonated (because to do so would require the permission, which is protected by your application signature).

Answer 3

This permission specifies your package name. i.e.

  <permission
          android:name="package_name.permission.MAPS_RECEIVE"
          android:protectionLevel="signature"/>
  <uses-permission android:name="package_name.permission.MAPS_RECEIVE"/>

thus, the google API simply allows your project to recieve the map. The permission tells where to use the API.

Answer 4

I found that this permission is still needed when using the debug certificate. When I exported and signed my application it worked fine, but it wouldn't work when I used the debug cert. I have the MD5 for both my debug cert and application cert associated with the same key. When I finally added these extra permissions, it worked. I am using a Moto X running 4.4 with everything up to date.