问题
I need to upgrade old android aplication from minSdkVersion="19" , so I need to handle all the permissions.
In the manifest, it requires some dangerous permissions. e.g.:
<uses-permission android:name="android.permission.BLUETOOTH" /> <!-- normal -->
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" /> <!-- normal -->
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" /> <!-- normal -->
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> <!-- dangerous -->
<uses-permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" /> <!-- ??? -->
<uses-permission android:name="android.permission.WAKE_LOCK" /> <!-- normal -->
<uses-permission android:name="android.permission.INTERNET" /> <!-- normal -->
<uses-permission android:name="android.permission.VIBRATE" /> <!-- normal -->
<uses-permission android:name="android.permission.CAMERA" /> <!-- dangerous -->
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> <!-- dangerous -->
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" /> <!-- dangerous -->
<android:uses-permission android:name="android.permission.READ_PHONE_STATE" /> <!-- dangerous -->
<android:uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" android:maxSdkVersion="18" /> <!-- dangerous -->
How can I find in code where these dangerous permissions are needed? Is there a list of functions that depends on each permission?
Regarding
MOUNT_UNMOUNT_FILESYSTEMS
- where can I find if it is dangerous or normal?
回答1:
Before answering the specific questions, let me say that if your app is to be used by normal users (i.e. download it from Google play or other stores) listing so many permissions will probably scare users away. From the question it sounds like you inherit someone else's code, and some of those permissions are not even needed.
Another important thing to notice here is the difference between 3rd party apps (for example, apps you download from Google's play store) and phone-manufacturer apps (most of the apps installed on your phone when you buy it).
Manufacturer apps can use permissions that 3rd parties can't.
To your question:
I don't recall a complete list for functionalities with needed permission for each. Maybe someone else can enlighten both of us here :) Code targeting Android M and above SHOULD wrap any "dangerous" behaviour with a check that permission is granted, using functions like
ContextCompat.checkSelfPermission(Context, String)
in order to avoid runtimeSecurityException
s. But finding "dangerous" behaviors in old code is almost impossible, mainly because Android OS's agreement with the developers was "you just request those permissions in the manifest and I will make sure no runtime security exceptions will be thrown". A manual search is in need here, I'm afraid.Here is a complete list of all available permissions, from Android official documentation -
https://developer.android.com/reference/android/Manifest.permission
Notice that MOUNT_UNMOUNT_FILESYSTEM permission is ignored for 3rd party apps, so (unless you work for e.g. Samsung or Xiaomi) you can safely delete this permission from your manifest.
- Also notice that it you request FINE_LOCATION permission there is no need to request also COARSE_LOCATION permission.
来源:https://stackoverflow.com/questions/54694818/where-can-i-find-more-info-about-android-specific-permissions