Skip to content

Commit

Permalink
Update the list of permissions (up to API level 34) into the risk ta…
Browse files Browse the repository at this point in the history
…ble. (#2630)

Added permissions:
      - android.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE
      - android.permission.PROVIDE_REMOTE_CREDENTIALS
      - android.permission.MANAGE_ONGOING_CALLS
      - android.permission.READ_RESTRICTED_STATS
      - android.permission.BIND_AUTOFILL_SERVICE
      - android.permission.MANAGE_EXTERNAL_STORAGE
      - android.permission.ACCESS_BLOBS_ACROSS_USERS
      - android.permission.BLUETOOTH_ADVERTISE
      - android.permission.READ_MEDIA_AUDIO
      - android.permission.READ_MEDIA_IMAGES
      - android.permission.READ_MEDIA_VIDEO
      - android.permission.READ_PRECISE_PHONE_STATE
      - android.permission.LOG_FOREGROUND_RESOURCE_USE
      - android.permission.MANAGE_DEFAULT_APPLICATIONS
      - android.permission.MANAGE_FACE

Co-authored-by: Olivier <[email protected]>
  • Loading branch information
olivandcode and Olivier authored Jun 19, 2024
1 parent bde694a commit c27ee17
Showing 1 changed file with 86 additions and 71 deletions.
157 changes: 86 additions & 71 deletions Document/0x05h-Testing-Platform-Interaction.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Android permissions can be classified into distinct categories depending on the
- [**Install-time permissions**](https://developer.android.com/guide/topics/permissions/overview#install-time "Install-time permissions"): grant limited access to restricted data or let the app perform restricted actions that minimally affect the system or other apps. They are granted automatically at installation time (Android 6.0 (API level 23) or higher).
- Protection Level: `normal`. Grants apps access to isolated application-level features with minimal risk to other apps, the user, and the system. Example: `android.permission.INTERNET`
- Protection Level: `signature`. Granted only to apps signed with the same certificate as the one used to sign the declaring app. Example: `android.permission.ACCESS_MOCK_LOCATION`
- Protection Level: `systemOrSignature`. Reserved for system-embedded apps or those signed with the same certificate as the one used to sign the declaring app. Example: `android.permission.ACCESS_DOWNLOAD_MANAGER`. Old synonym for `signature|privileged`. Deprecated in API level 23.
- Protection Level: `signatureOrSystem`. Reserved for system-embedded apps or those signed with the same certificate as the one used to sign the declaring app. Example: `android.permission.ACCESS_DOWNLOAD_MANAGER`. Old synonym for `signature|privileged`. Deprecated in API level 23.
- [**Runtime permissions**](https://developer.android.com/training/permissions/requesting "Request runtime permissions"): require prompting the user at runtime for explicit approval.
- Protection Level: `dangerous`. Grant additional access to restricted data or let the app perform restricted actions that more substantially affect the system and other apps.
- [**Special permissions**](https://developer.android.com/training/permissions/requesting-special "Request special permissions"): require the user to navigate to **Settings > Apps > Special app access** and give explicit consent.
Expand All @@ -32,76 +32,91 @@ Android permissions can be classified into distinct categories depending on the

Independently from the assigned Protection Level, it is important to consider the risk that a permission might be posing considering the additional guarded capabilities, this is especially important for preloaded apps. The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and entrance points to an app to estimate its attack surface.

| Risk Category | Permissions | Protection Level |
|--------------|-----------------------------------------------------|------------------|
| **ASTRONOMICAL** | `android.permission.INSTALL_PACKAGES` | signature |
| | | |
| **CRITICAL** | `android.permission.COPY_PROTECTED_DATA` | signature |
| | `android.permission.WRITE_SECURE_SETTINGS` | signature |
| | `android.permission.READ_FRAME_BUFFER` | signature |
| | `android.permission.MANAGE_CA_CERTIFICATES` | signature |
| | `android.permission.MANAGE_APP_OPS_MODES` | signature |
| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | signature |
| | `android.permission.DUMP` | signature |
| | `android.permission.CAMERA` | dangerous |
| | `android.permission.SYSTEM_CAMERA` | systemOrSignature|
| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS`| signature |
| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | signature |
| | | |
| **HIGH** | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS`| signature |
| | `android.permission.READ_SMS` | dangerous |
| | `android.permission.WRITE_SMS` | normal |
| | `android.permission.RECEIVE_MMS` | dangerous |
| | `android.permission.SEND_SMS_NO_CONFIRMATION` | signature |
| | `android.permission.RECEIVE_SMS` | dangerous |
| | `android.permission.READ_LOGS` | signature |
| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | signature |
| | `android.permission.LOCATION_HARDWARE` | signature |
| | `android.permission.ACCESS_FINE_LOCATION` | dangerous |
| | `android.permission.ACCESS_BACKGROUND_LOCATION` | dangerous |
| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | signature |
| | `android.permission.ACCESS_WIFI_STATE` | normal |
| | `com.android.voicemail.permission.READ_VOICEMAIL` | signature |
| | `android.permission.RECORD_AUDIO` | dangerous |
| | `android.permission.CAPTURE_AUDIO_OUTPUT` | signature |
| | `android.permission.ACCESS_NOTIFICATIONS` | signature |
| | `android.permission.INTERACT_ACROSS_USERS_FULL` | signature |
| | `android.permission.BLUETOOTH_PRIVILEGED` | signature |
| | `android.permission.GET_PASSWORD` | signature |
| | `android.permission.INTERNAL_SYSTEM_WINDOW` | signature |
| | | |
| **MEDIUM** | `android.permission.ACCESS_COARSE_LOCATION` | dangerous |
| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | signature |
| | `android.permission.READ_CONTACTS` | dangerous |
| | `android.permission.WRITE_CONTACTS` | dangerous |
| | `android.permission.CONNECTIVITY_INTERNAL` | signature |
| | `android.permission.ACCESS_MEDIA_LOCATION` | dangerous |
| | `android.permission.READ_EXTERNAL_STORAGE` | dangerous |
| | `android.permission.WRITE_EXTERNAL_STORAGE` | dangerous |
| | `android.permission.SYSTEM_ALERT_WINDOW` | signature |
| | `android.permission.READ_CALL_LOG` | dangerous |
| | `android.permission.WRITE_CALL_LOG` | dangerous |
| | `android.permission.INTERACT_ACROSS_USERS` | signature |
| | `android.permission.MANAGE_USERS` | signature |
| | `android.permission.READ_CALENDAR` | dangerous |
| | `android.permission.BLUETOOTH_ADMIN` | normal |
| | `android.permission.BODY_SENSORS` | dangerous |
| | | |
| **LOW** | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | normal |
| | `android.permission.PACKAGE_USAGE_STATS` | signature |
| | `android.permission.MASTER_CLEAR` | signature |
| | `android.permission.DELETE_PACKAGES` | normal |
| | `android.permission.GET_PACKAGE_SIZE` | normal |
| | `android.permission.BLUETOOTH` | normal |
| | `android.permission.DEVICE_POWER` | signature |
| | | |
| **NONE** | `android.permission.ACCESS_NETWORK_STATE` | normal |
| | `android.permission.RECEIVE_BOOT_COMPLETED` | normal |
| | `android.permission.WAKE_LOCK` | normal |
| | `android.permission.FLASHLIGHT` | normal |
| | `android.permission.VIBRATE` | normal |
| | `android.permission.WRITE_MEDIA_STORAGE` | signature |
| | `android.permission.MODIFY_AUDIO_SETTINGS` | normal |
| Risk Category | Permissions | Protection Level |
|------------------|-----------------------------------------------------------------|-------------------|
| **ASTRONOMICAL** | `android.permission.INSTALL_PACKAGES` | signature |
| | | |
| **CRITICAL** | `android.permission.COPY_PROTECTED_DATA` | signature |
| | `android.permission.WRITE_SECURE_SETTINGS` | signature |
| | `android.permission.READ_FRAME_BUFFER` | signature |
| | `android.permission.MANAGE_CA_CERTIFICATES` | signature |
| | `android.permission.MANAGE_APP_OPS_MODES` | signature |
| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | signature |
| | `android.permission.DUMP` | signature |
| | `android.permission.CAMERA` | dangerous |
| | `android.permission.SYSTEM_CAMERA` | signatureOrSystem |
| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS` | signature |
| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | signature |
| | `android.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE` | signature |
| | `android.permission.PROVIDE_REMOTE_CREDENTIALS` | signature |
| | | |
| **HIGH** | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS` | signature |
| | `android.permission.READ_SMS` | dangerous |
| | `android.permission.WRITE_SMS` | normal |
| | `android.permission.RECEIVE_MMS` | dangerous |
| | `android.permission.SEND_SMS_NO_CONFIRMATION` | signature |
| | `android.permission.RECEIVE_SMS` | dangerous |
| | `android.permission.READ_LOGS` | signature |
| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | signature |
| | `android.permission.LOCATION_HARDWARE` | signature |
| | `android.permission.ACCESS_FINE_LOCATION` | dangerous |
| | `android.permission.ACCESS_BACKGROUND_LOCATION` | dangerous |
| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | signature |
| | `android.permission.ACCESS_WIFI_STATE` | normal |
| | `com.android.voicemail.permission.READ_VOICEMAIL` | signature |
| | `android.permission.RECORD_AUDIO` | dangerous |
| | `android.permission.CAPTURE_AUDIO_OUTPUT` | signature |
| | `android.permission.ACCESS_NOTIFICATIONS` | signature |
| | `android.permission.INTERACT_ACROSS_USERS_FULL` | signature |
| | `android.permission.BLUETOOTH_PRIVILEGED` | signature |
| | `android.permission.GET_PASSWORD` | signature |
| | `android.permission.INTERNAL_SYSTEM_WINDOW` | signature |
| | `android.permission.MANAGE_ONGOING_CALLS` | signature |
| | `android.permission.READ_RESTRICTED_STATS` | internal |
| | `android.permission.BIND_AUTOFILL_SERVICE` | signature |
| | | |
| **MEDIUM** | `android.permission.ACCESS_COARSE_LOCATION` | dangerous |
| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | signature |
| | `android.permission.READ_CONTACTS` | dangerous |
| | `android.permission.WRITE_CONTACTS` | dangerous |
| | `android.permission.CONNECTIVITY_INTERNAL` | signature |
| | `android.permission.ACCESS_MEDIA_LOCATION` | dangerous |
| | `android.permission.READ_EXTERNAL_STORAGE` | dangerous |
| | `android.permission.WRITE_EXTERNAL_STORAGE` | dangerous |
| | `android.permission.SYSTEM_ALERT_WINDOW` | signature |
| | `android.permission.READ_CALL_LOG` | dangerous |
| | `android.permission.WRITE_CALL_LOG` | dangerous |
| | `android.permission.INTERACT_ACROSS_USERS` | signature |
| | `android.permission.MANAGE_USERS` | signature |
| | `android.permission.READ_CALENDAR` | dangerous |
| | `android.permission.BLUETOOTH_ADMIN` | normal |
| | `android.permission.BODY_SENSORS` | dangerous |
| | `android.permission.MANAGE_EXTERNAL_STORAGE` | signature |
| | `android.permission.ACCESS_BLOBS_ACROSS_USERS` | signature |
| | `android.permission.BLUETOOTH_ADVERTISE` | dangerous |
| | `android.permission.READ_MEDIA_AUDIO` | dangerous |
| | `android.permission.READ_MEDIA_IMAGES` | dangerous |
| | `android.permission.READ_MEDIA_VIDEO` | dangerous |
| | | |
| **LOW** | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | normal |
| | `android.permission.PACKAGE_USAGE_STATS` | signature |
| | `android.permission.MASTER_CLEAR` | signature |
| | `android.permission.DELETE_PACKAGES` | normal |
| | `android.permission.GET_PACKAGE_SIZE` | normal |
| | `android.permission.BLUETOOTH` | normal |
| | `android.permission.DEVICE_POWER` | signature |
| | `android.permission.READ_PRECISE_PHONE_STATE` | signature |
| | `android.permission.LOG_FOREGROUND_RESOURCE_USE` | signature |
| | `android.permission.MANAGE_DEFAULT_APPLICATIONS` | signature |
| | `android.permission.MANAGE_FACE` | signature |
| | | |
| **NONE** | `android.permission.ACCESS_NETWORK_STATE` | normal |
| | `android.permission.RECEIVE_BOOT_COMPLETED` | normal |
| | `android.permission.WAKE_LOCK` | normal |
| | `android.permission.FLASHLIGHT` | normal |
| | `android.permission.VIBRATE` | normal |
| | `android.permission.WRITE_MEDIA_STORAGE` | signature |
| | `android.permission.MODIFY_AUDIO_SETTINGS` | normal |

Note that this categorization can change over time. The paper gives us an example of that:

Expand Down

0 comments on commit c27ee17

Please sign in to comment.