Android Permission Model designed for preventing unauthorized access by third party application.Android applications must declare which permission they require after installation. At a time of android application installation android system display list of permissions which is required to install the current application. The user must decide to install an application or not.
Here the user can not select or grant specific permissions, in order to install application user must have to grant all permissions which are required by an application. So this is an all-or-nothing decision.
- Inform The User: all sensitive permissions are displayed to a user. The user more aware of the risks involved in installing the application.
- Mitigate Exploits: By limiting application access to sensitive APIs, the ability of an attacker to cause damage if an application is successfully exploited is somewhat mitigated.
There are four levels of android permissions
These permissions are automatically granted by default. These permissions can not harm the device.
The Android application needs to request these permissions to the user. These permissions can harm. For example call numbers, open internet connection.
These permissions are automatically granted if an application is signed by the same certificate. This level is designed to allow an application to share data.
- System / Signature:
Same as a signature, except that system image, gets the permissions automatically as well. This level is designed for use by device manufacturers only.