View Single Post
Old January 17th, 2010, 09:55 AM   #2 (permalink)
alostpacket
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Modify global system settings
Hardware controls
URI: android.permission.WRITE_SETTINGS
Risk: MEDIUM
Protection level: DANGEROUS

Official Description
Allows an application to read or write the system settings

Details
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android's main 'settings' window. However, a lot of these settings may be perfectly reasonable for an application to change. Typical applications that use this include: volume control widgets, notification widgets, settings widgets, Wi-Fi utilities, or GPS utilities. Most apps needing this permission will fall under the "widget" or "utility" categories/types.


Read sync settings
Hardware controls
URI: android.permission.READ_SYNC_SETTINGS
Risk: LOW-MODERATE
Protection level: UNKNOWN

Official Description
Allows applications to read the sync settings

Details
This permission is of low to medium importance. It mostly allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.


Automatically start at boot
Hardware controls
URI: android.permission.RECEIVE_BOOT_COMPLETED
Risk: MODERATE-HIGH
Protection level: UNKNOWN

Official Description
Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.

Details
This permission is of low to moderate impact. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in and of itself, it can point to an applications intent


Restart other applications
Hardware controls
URI: android.permission.RESTART_PACKAGES
Risk: HIGH
Protection level: UNKNOWN

Official Description
This constant is deprecated. The restartPackage(String) API is no longer supported.

Details
This permission is of low to moderate impact. It will allow an application to tell Android to 'kill' the process of another application. However, any app that is killed will likely get restarted by the Android OS itself.


Retrieve running applications
Hardware controls
URI: android.permission.GET_TASKS
Risk: MEDIUM-HIGH
Protection level: DANGEROUS

Official Description
Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.

Details
This permission is of moderate importance. It will allow an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets. Other than that however, most apps should not need this permission.


Display system-level alerts
Hardware controls
URI: android.permission.SYSTEM_ALERT_WINDOW
Risk: HIGH
Protection level: DANGEROUS

Official Description
Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications.

Details
This permission is of high importance. This permission allows an app to show a "popup" window above all other apps, even if the app is not in the foreground. A malicious developer/advertiser could use it to show very obnoxious advertising. Almost no apps should require this permission unless they are part of the Android operating system. An example of a system alert would be the alert you are shown when your phone or tablet is out of battery and is about to shut down.


Control vibrator
Development tools
URI: android.permission.VIBRATE
Risk: LOW
Protection level: UNKNOWN

Official Description
Allows access to the vibrator

Details
This permission is of low importance. As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.


Take pictures and videos
Development tools
URI: android.permission.CAMERA
Risk: MODERATE-HIGH
Protection level: DANGEROUS

Official Description
Required to be able to access the camera device.

Details
This permission is of moderate importance. As it states, it lets an app control the camera function on your phone. In theory this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras.


Access location extra commands
Network Communication
URI: android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
Risk: MEDIUM-HIGH
Protection level: UNKNOWN

Official Description
Allows an application to access extra location provider commands

Details
The specifics of the extra commands here are a bit unclear. However, the usage of this permission indicates that an app wants to know detailed information about your location, and respond accordingly. This is often used with advertising and location-based and social-network services like Four Square, Twitter, Facebook or Google Places/Google+. It is recommended that you treat this permission with the same caution as the GPS location permission and assume the same implications to privacy apply.


Access mock location
Network Communication
URI: android.permission.ACCESS_MOCK_LOCATION
Risk: MODERATE
Protection level: DANGEROUS

Official Description
Allows an application to create mock location providers for testing

Details
This is a permission used for development of apps that make use of location based services. By creating "mock" (fake) locations, apps can test if their code works correctly depending on your location.This permission has no known sercurity considerations; Nor much use in a app released to the public.


Battery stats
Hardware controls
URI: android.permission.BATTERY_STATS
Risk: LOW
Protection level: UNKNOWN

Official Description
Allows an application to collect battery statistics

Details
This permission is of little to no importance.


Bluetooth Admin
Your accounts
URI: android.permission.BLUETOOTH_ADMIN
Risk: MEDIUM
Protection level: DANGEROUS

Official Description
Allows applications to discover and pair bluetooth devices

Details
Bluetooth (Wikipedia: http://en.wikipedia.org/wiki/Bluetooth) is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-Fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. Typical applications that would need bluetooth access include: sharing applications, file transfer apps, apps that connect to headset or wireless speakers.


Broadcast Sticky (Intents)
Hardware controls
URI: android.permission.BROADCAST_STICKY
Risk: LOW-MEDIUM
Protection level: UNKNOWN

Official Description
Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast.

Details
The permission has to do with how applications "talk" to each other using a communication method called "Intents". While this permission is highly technical it is a relatively low importance. There are no know obvious malicious uses for this permission.


Change Configuration
Hardware controls
URI: android.permission.CHANGE_CONFIGURATION
Risk: MEDIUM-HIGH
Protection level: DANGEROUS

Official Description
Allows an application to modify the current configuration, such as locale.

Details
This is a permission that generally should not be granted to regular apps. Other than changing the locale (i.e. language), it is unclear what configuration changes this permission allows. As such, it should be treated with considerable caution.


Clear app cache
Hardware controls
URI: android.permission.CLEAR_APP_CACHE
Risk: LOW
Protection level: DANGEROUS

Official Description
Allows an application to clear the caches of all installed applications on the device.

Details
This permission is of low importance. It allows an app to clear the cache of apps on the phone or tablet. The cache is a place that an app stores recently used data for faster access. Clearing the cache can sometimes (very rarely) fix bugs related to those files. Clearing these files generally presents no risk other than to slow the performance of the phone or tablet (as apps will need to re-create the caches when used).


Disable Keyguard (lock screen)
(unknown category)
URI: android.permission.DISABLE_KEYGUARD
Risk: MEDIUM-HIGH
Protection level: DANGEROUS

Official Description
Allows applications to disable the keyguard

Details
This permission is of medium-high importance. It allows an app to disable the "lock screen" that most phones go into after going to sleep and been turned on again. This lockscreen can sometimes be a password screen, or a PIN screen, or just a "slide to unlock" screen.


Expand status bar
Hardware controls
URI: android.permission.EXPAND_STATUS_BAR
Risk: MEDIUM-HIGH
Protection level: UNKNOWN

Official Description
Allows an application to expand or collapse the status bar.

Details
This appears to be a system permission -- not for use by regular applications. If you come across this permission I would beware of any app requesting it that is not an Android system app.


Flashlight
Development tools
URI: android.permission.FLASHLIGHT
Risk: LOW
Protection level: UNKNOWN

Official Description
Allows access to the flashlight

Details
This allows apps to turn on or off the LED "flash" light used by the camera. This is a handy tool but usually of no risk itself.


Get package size
Hardware controls
URI: android.permission.GET_PACKAGE_SIZE
Risk: LOW-MODERATE
Protection level: UNKNOWN

Official Description
Allows an application to find out the space used by any package.

Details
This permission does not seem to have any risk associated with it.


Kill background processes
Hardware controls
URI: android.permission.KILL_BACKGROUND_PROCESSES
Risk: HIGH
Protection level: UNKNOWN

Official Description
Allows an application to call killBackgroundProcesses(String).

Details
This permission is a bit of a tricky one. Often this is used by what are called "task killers". These apps supposedly free system resources by closing apps running in the background. However the usefulness of such apps is minimal at best. They can help close an app that is misbehaving, however a user can already do that themselves through the Android settings under "Apps" or "Manage Applications". Conversely this permission has some potential to maliciously close anti-virus or other security related apps. As with anything I would treat this with caution. Few users should ever need an app with this permission. Rather, it could be an indicator of malicious intent (especially if not requested by a task killer or system performance tuning app).


Modify audio settings
Hardware controls
URI: android.permission.MODIFY_AUDIO_SETTINGS
Risk: LOW
Protection level: DANGEROUS

Official Description
Allows an application to modify global audio settings

Details
This permission is of low importance. Audio settings pose little to no risk to the device.


Format file systems
Your personal information
URI: android.permission.MOUNT_FORMAT_FILESYSTEMS
Risk: MEDIUM
Protection level: DANGEROUS

Official Description
Allows formatting file systems for removable storage.

Details
The primary danger with this permission is that it could be used to erase data from an SD card or other similar storage in your phone. This is also not a permission any normal app should need.


Mount / Unmount file systems
Your personal information
URI: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Risk: MODERATE
Protection level: DANGEROUS

Official Description
Allows mounting and unmounting file systems for removable storage.

Details
This permission just allows for connecting to SD cards for reading and writing. While not a risk itself, this is also not a permission any normal app should need.


NFC (Near Field Communication)
Your accounts
URI: android.permission.NFC
Risk: MEDIUM
Protection level: DANGEROUS

Official Description
Allows applications to perform I/O operations over NFC

Details
NFC stands for Near Field Communication. This is a technology like Bluetooth that enables short range communication between two devices or the reading of NFC "tags". The distance which NFC is able to work is only a few centimeters so that devices (or a device and a tag) must effectively be touching each other to communicate. Due to the distance, this technology is not particularly dangerous. However it does present a small risk and it is something that should used with caution.

For more info: http://en.wikipedia.org/wiki/Near_field_communication


Process outgoing calls
Your location
URI: android.permission.PROCESS_OUTGOING_CALLS
Risk: VERY-HIGH
Protection level: DANGEROUS

Official Description
Allows an application to monitor, modify, or abort outgoing calls.

Details
This permission is of high importance. This would allow an app to see what numbers are called and other personal info. Generally this permission should only be seen on apps for VOIP (Voice Over Internet Protocol) like Google Voice or dialer replacement type apps.


Read sync stats
Hardware controls
URI: android.permission.READ_SYNC_STATS
Risk: MODERATE
Protection level: UNKNOWN

Official Description
Allows applications to read the sync stats

Details
This permission is related to "Read sync settings" but not particularly dangerous itself. There is a minor risk that some personal information could be gleaned from the sync stats, but the information is unlikely to be valuble. Sync in this case relates to syncing of contacts and other types of media on the phone.


Record audio
Development tools
URI: android.permission.RECORD_AUDIO
Risk: MODERATE-HIGH
Protection level: DANGEROUS

Official Description
Allows an application to record audio

Details
While this permission is not typically dangerous, it is a potential tool for eavesdropping. However recording audio has legitimate uses such as note taking apps or voice search apps. As a side note recording audio is typically a significant drain on the battery.


Set alarm
Hardware controls
URI: android.permission.SET_ALARM
Risk: LOW
Protection level: UNKNOWN

Official Description
Allows an application to broadcast an Intent to set an alarm for the user.

Details
This permission seems to be of low risk because it doesnt allow the setting of the alarm directly. Rather it allows the opening of the alarm app on the phone.


Set time zone
Hardware controls
URI: android.permission.SET_TIME_ZONE
Risk: LOW
Protection level: DANGEROUS

Official Description
Allows applications to set the system time zone

Details
This permission poses little, if any, risk


Set wallpaper
Hardware controls
URI: android.permission.SET_WALLPAPER
Risk: LOW
Protection level: UNKNOWN

Official Description
Allows applications to set the wallpaper

Details
This permission poses little, if any, risk


Subscribed feeds read
Development tools / Your personal info
URI: android.permission.SUBSCRIBED_FEEDS_READ
Risk: MEDIUM
Protection level: UNKNOWN

Official Description
Allows an application to allow access the subscribed feeds ContentProvider.

Details
This would give an app access to RSS feed that you have subscribed to. If you dont subscribe to any RSS feeds this permission is of little risk. If you do, this permission is akin to letting an app have access to your broser history. It could glean interests and preferences and other semi-personal information.


Subscribed feeds write
Development tools / Your personal info
URI: android.permission.SUBSCRIBED_FEEDS_WRITE
Risk: LOW-MEDIUM
Protection level: DANGEROUS

Official Description
(No developer documentation is available for this permission)

Details
This would give an app access to RSS feed that you have subscribed to. If you dont subscribe to any RSS feeds, this permission is of little risk. If you do, this permission is akin to letting an app have access to your broser history. It could glean interests and preferences and other semi-personal information.


Use SIP
Your accounts
URI: android.permission.USE_SIP
Risk: MEDIUM-HIGH
Protection level: DANGEROUS

Official Description
Allows an application to use SIP service

Details
SIP stands for Session Initiation Protocol. It is a technology mostly used for making video and voice calls over the Internet. While not a major security risk it should be treated with almost as much caution as the standard "make phone calls" permission.


Write secure settings
Hardware controls
URI: android.permission.WRITE_SECURE_SETTINGS
Risk: VERY-HIGH
Protection level: DEVELOPMENT

Official Description
Allows an application to read or write the secure system settings.

Details
This permission should only be seen on Android system apps (and possibly wireless carriers or hardware manufacturer pre-installed apps).


Write SMS
Services that cost you money
URI: android.permission.WRITE_SMS
Risk: HIGH
Protection level: DANGEROUS

Official Description
Allows an application to write SMS messages.

Details
This permission appears to be an offshoot from the "send SMS" permission. This should allow an app to write, but not send an SMS message. Users should still be cautious of this permission however. Many kinds of malware lure users into sending SMS to special for-pay numbers costing them money.


Write sync settings
Your messages
URI: android.permission.WRITE_SYNC_SETTINGS
Risk: MEDIUM
Protection level: DANGEROUS

Official Description
Allows applications to write the sync settings

Details
This permission relates to backup and sync of certain types of information like contacts. This allows an app to write settings for how that account and the data are sync and backed up. This is a common permission for social services or contact managers or any other type of app with an account associated with it. Alone, this permission doesn't allow an app access to contacts or other sensitive data. Rather, it just relates to how that data is backed up. Nevertheless, care should be taken as always.


Read profile
Development tools / Your personal info
URI: android.permission.READ_PROFILE
Risk: MEDIUM-HIGH
Protection level: DANGEROUS

Official Description
Allows an application to read the user's personal profile data.

Details
This a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile.


Install Shortcut (Android Launcher)
Hardware controls
URI: com.android.launcher.permission.INSTALL_SHORTCUT
Risk: MODERATE-HIGH
Protection level: UNKNOWN

Details
This is a custom permission for the default Android Laucher (the home screen). This permission would allow an app to put an icon or shortcut there. While not dangerous, this can sometimes be a sign of a potentially malicious or adware app. For more on adware, see the guides section of PocketPermissions.


Read external storage
Your personal information
URI: android.permission.READ_EXTERNAL_STORAGE
Risk: LOW
Protection level: UNKNOWN

Official Description
Allows an application to read from external storage.

Details
This permission is granted to all apps by default.


Read SMS
System tools
URI: android.permission.READ_SMS
Risk: MODERATE-HIGH
Protection level: DANGEROUS

Details
This permission is mostly a privacy concern. Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS replacment" apps (such as Handcent) and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device. This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen.


Write call log
Your location
URI: android.permission.WRITE_CALL_LOG
Risk: MEDIUM-HIGH
Protection level: DANGEROUS

Details
This permission is not much of a danger by itself, but rather could be used to hide other malicious behavoir. However it has a legitimate purpose for dialer replacements or voice over IP apps (like Google Voice).


Write profile
Development tools / Your personal info
URI: android.permission.WRITE_PROFILE
Risk: MODERATE-HIGH
Protection level: DANGEROUS

Details
This a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile.


Read social stream
Development tools / Your personal info
URI: android.permission.READ_SOCIAL_STREAM
Risk: HIGH
Protection level: DANGEROUS

Details
This permission is very important. It is a new permission introduced with Android 4.0 (Ice Cream Sandwhich). This permission would allow an app to read updates from social networking apps like Google+, Twitter, and Facebook. By granting this permission you are giving an app the ability to read not only your information, but any updates posted by people in your social circles.


Add voicemail
System tools
URI: com.android.voicemail.permission.ADD_VOICEMAIL
Risk: MEDIUM-HIGH
Protection level: DANGEROUS

Details
This seems to be a new permission related to Android's new centralized voicemail system. It would be an unusual means for an app to use this permission maliciously. However few apps should need it and, as always, it should be treated with caution.


Authenticate Accounts
Your messages
URI: android.permission.AUTHENTICATE_ACCOUNTS
Risk: VERY-HIGH
Protection level: DANGEROUS

Details
This permission is of high importance. It allows an app to authenticate credentials (such as passwords). Typical uses of this would be if an app had it's own type of account on your phone such as Google, Facebook, or Twitter.This permission is closely related to the Account Manager permission. Both are typically requested together.While this doesn't directly give an app access to your personal information or passwords, it does present a security risk for phishing (tricking the user into revealing their password). For more on phishing, see the Guides section of PocketPermissions)


Read email attachments
Development tools / Your personal info
URI: com.android.email.permission.READ_ATTACHMENT
Risk: HIGH
Protection level: DANGEROUS

Details
This is a custom permission for the default Android email app (i.e. not Gmail). This permission should be treated with great caution. Many email attachments contain highly sensitive and personal or financial information.


Read user dictionary
Development tools / Your personal info
URI: android.permission.READ_USER_DICTIONARY
Risk: LOW
Protection level: DANGEROUS

Official Description
Allows an application to read the user dictionary.

Details
This would allow an app to read words added to your custom dictionary. Oftentimes this is abbreviations like "brb" that you might add for typing text messages. Unless you save personal information in your dictionary, this permission is of almost no risk.


Write user dictionary
Hardware controls
URI: android.permission.WRITE_USER_DICTIONARY
Risk: LOW
Protection level: UNKNOWN

Official Description
Allows an application to write to the user dictionary.

Details
This alows an app to add custom words to your user dictionary. For example, the common acronym "brb" for "be right back".


Receive SMS
System tools
URI: android.permission.RECEIVE_SMS
Risk: HIGH
Protection level: DANGEROUS

Official Description
Allows an application to monitor incoming SMS messages, to record or perform processing on them.

Details
This permission is mostly a privacy concern. Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS replacment" apps (such as Handcent) and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device. This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen.


Receive MMS
System tools
URI: android.permission.RECEIVE_MMS
Risk: HIGH
Protection level: DANGEROUS

Official Description
Allows an application to monitor incoming MMS messages, to record or perform processing on them.

Details
This permission is mostly a privacy concern. Any app that can read your MMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS/MMS replacment" apps (such as Handcent) and would naturally need this permission to function.


Install DRM
Hardware controls
URI: android.permission.INSTALL_DRM
Risk: MODERATE-HIGH
Protection level: UNKNOWN

Details
DRM stands for Digital rights management. Typically this permission is not particularly dangerous itself. However, it is a permission related to controlling access to medi such as books, audio video, and more. Due to its purpose to control access, I would be especially careful installing any app requesting it.More info: http://en.wikipedia.org/wiki/Digital_rights_management


Add system service
Hardware controls
URI: android.permission.ADD_SYSTEM_SERVICE
Risk: CRITICAL
Protection level: UNKNOWN

Details
This permission should only be given to Android System apps (and possibly to wireless carrier or hardware manufacturer pre-installed apps)


Access WiMax State
Your accounts
URI: android.permission.ACCESS_WIMAX_STATE
Risk: LOW-MODERATE
Protection level: UNKNOWN

Details
WiMax is a technology developed for "4G" data and internet speeds on mobile devices. This permission allows an app to see if it is currently connected to a wireless network that uses WiMax. There is no significant risk associated with this permission.


Change WiMax state
Your accounts
URI: android.permission.CHANGE_WIMAX_STATE
Risk: MODERATE
Protection level: DANGEROUS

Details
This permission allows an app to turn on or off the WiMax radio. WiMax is a type of "4G" wireless connection like LTE. This permission essensially allows an app to turn on or off 4G.


Read instant messages (IM)
Development tools / Your personal info
URI: com.android.providers.im.permission.READ_ONLY
Risk: HIGH
Protection level: UNKNOWN

Details
This is apermission realated to reading instant messages, such as those on GooleTalk.


RECEIVE
(unknown group)
URI: com.google.android.c2dm.permission.RECEIVE
Risk: LOW
Protection level: UNKNOWN

Details
C2D stands for Cloud to Device Messaging. This is a push notification technology that is being phased out for a similar technology called GCM. (Google Cloud Messaging). This permission is of little to no risk.


In-app billing
Services that cost you money
URI: com.android.vending.BILLING
Risk: CRITICAL
Protection level: UNKNOWN

Details
This permission is of very high importance. This allows an application to directly bill you for services through Google Play. Users will be required to confirm any purchase made however this is potentially costly. Users should beware of games and other free apps with in-app billing.
alostpacket is offline  
Last edited by alostpacket; October 23rd, 2012 at 04:42 PM.
Reply With Quote
The Following 20 Users Say Thank You to alostpacket For This Useful Post:
Blaurad (January 17th, 2014), dschaff39 (January 23rd, 2013), Dutch54 (May 9th, 2010), Geezer Squid (March 8th, 2013), jab456 (March 6th, 2012), jmar (February 10th, 2012), joh65 (March 16th, 2013), jopemon (August 9th, 2011), karlyn123 (November 7th, 2012), katsg81 (March 12th, 2012), kompressorgpl (September 17th, 2011), Metroid Prime (February 11th, 2013), OakIris (January 3rd, 2013), Rxpert83 (July 6th, 2012), skaylar (January 24th, 2013), terewis (February 1st, 2013), upd103 (November 3rd, 2012), woxni (August 22nd, 2014), YouGonaEatThat (February 25th, 2013)