From 72ef29a54b28737e9996cbd580073735b9e7c4d8 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Thu, 29 Jun 2023 09:43:49 +0200 Subject: [PATCH 1/8] first version of permissions table --- .../0x05h-Testing-Platform-Interaction.md | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/Document/0x05h-Testing-Platform-Interaction.md b/Document/0x05h-Testing-Platform-Interaction.md index 54991957ae..71ca219a63 100644 --- a/Document/0x05h-Testing-Platform-Interaction.md +++ b/Document/0x05h-Testing-Platform-Interaction.md @@ -24,6 +24,75 @@ A list of all permissions can be found in the [Android developer documentation]( - [Request app permissions](https://developer.android.com/training/permissions/requesting) programmatically. - [Define a Custom App Permission](https://developer.android.com/guide/topics/permissions/defining) to share your app resources and capabilities with other apps. +The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and +entrance points to an app to estimate its attack surface. + +| Risk | Permissions | +|--------------|--------------------------------------------------------| +| ASTRONOMICAL | `android.permission.INSTALL_PACKAGES` | +| CRITICAL | `android.permission.COPY_PROTECTED_DATA` | +| | `android.permission.WRITE_SECURE_SETTINGS` | +| | `android.permission.READ_FRAME_BUFFER` | +| | `android.permission.MANAGE_CA_CERTIFICATES` | +| | `android.permission.MANAGE_APP_OPS_MODES` | +| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | +| | `android.permission.DUMP` | +| | `android.permission.CAMERA` | +| | `android.permission.SYSTEM_CAMERA` | +| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS` | +| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | +| HIGH | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS` | +| | `android.permission.READ_SMS` | +| | `android.permission.WRITE_SMS` | +| | `android.permission.RECEIVE_MMS` | +| | `android.permission.SEND_SMS_NO_CONFIRMATION` | +| | `android.permission.RECEIVE_SMS` | +| | `android.permission.READ_LOGS` | +| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | +| | `android.permission.LOCATION_HARDWARE` | +| | `android.permission.ACCESS_FINE_LOCATION` | +| | `android.permission.ACCESS_BACKGROUND_LOCATION` | +| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | +| | `android.permission.ACCESS_WIFI_STATE` | +| | `com.android.voicemail.permission.READ_VOICEMAIL` | +| | `android.permission.RECORD_AUDIO` | +| | `android.permission.CAPTURE_AUDIO_OUTPUT` | +| | `android.permission.ACCESS_NOTIFICATIONS` | +| | `android.permission.INTERACT_ACROSS_USERS_FULL` | +| | `android.permission.BLUETOOTH_PRIVILEGED` | +| | `android.permission.GET_PASSWORD` | +| | `android.permission.INTERNAL_SYSTEM_WINDOW` | +| MEDIUM | `android.permission.ACCESS_COARSE_LOCATION` | +| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | +| | `android.permission.READ_CONTACTS` | +| | `android.permission.WRITE_CONTACTS` | +| | `android.permission.CONNECTIVITY_INTERNAL` | +| | `android.permission.ACCESS_MEDIA_LOCATION` | +| | `android.permission.READ_EXTERNAL_STORAGE` | +| | `android.permission.WRITE_EXTERNAL_STORAGE` | +| | `android.permission.SYSTEM_ALERT_WINDOW` | +| | `android.permission.READ_CALL_LOG` | +| | `android.permission.WRITE_CALL_LOG` | +| | `android.permission.INTERACT_ACROSS_USERS` | +| | `android.permission.MANAGE_USERS` | +| | `android.permission.READ_CALENDAR` | +| | `android.permission.BLUETOOTH_ADMIN` | +| | `android.permission.BODY_SENSORS` | +| LOW | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | +| | `android.permission.PACKAGE_USAGE_STATS` | +| | `android.permission.MASTER_CLEAR` | +| | `android.permission.DELETE_PACKAGES` | +| | `android.permission.GET_PACKAGE_SIZE` | +| | `android.permission.BLUETOOTH` | +| | `android.permission.DEVICE_POWER` | +| NONE | `android.permission.ACCESS_NETWORK_STATE` | +| | `android.permission.RECEIVE_BOOT_COMPLETED` | +| | `android.permission.WAKE_LOCK` | +| | `android.permission.FLASHLIGHT` | +| | `android.permission.VIBRATE` | +| | `android.permission.WRITE_MEDIA_STORAGE` | +| | `android.permission.MODIFY_AUDIO_SETTINGS` | + **Android 8.0 (API level 26) Changes:** The [following changes](https://developer.android.com/about/versions/oreo/android-8.0-changes#atap "Android 8.0 (API level 26) - Changes for all apps") affect all apps running on Android 8.0 (API level 26), even to those apps targeting lower API levels. From 88eda523c6644c81502d13b6bd7fe7ef62bd58ce Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Tue, 18 Jul 2023 08:11:15 +0200 Subject: [PATCH 2/8] update Permissions table with Protection Levels --- .../0x05h-Testing-Platform-Interaction.md | 142 +++++++++--------- 1 file changed, 74 insertions(+), 68 deletions(-) diff --git a/Document/0x05h-Testing-Platform-Interaction.md b/Document/0x05h-Testing-Platform-Interaction.md index 71ca219a63..96b28d5d9d 100644 --- a/Document/0x05h-Testing-Platform-Interaction.md +++ b/Document/0x05h-Testing-Platform-Interaction.md @@ -24,74 +24,80 @@ A list of all permissions can be found in the [Android developer documentation]( - [Request app permissions](https://developer.android.com/training/permissions/requesting) programmatically. - [Define a Custom App Permission](https://developer.android.com/guide/topics/permissions/defining) to share your app resources and capabilities with other apps. -The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and -entrance points to an app to estimate its attack surface. - -| Risk | Permissions | -|--------------|--------------------------------------------------------| -| ASTRONOMICAL | `android.permission.INSTALL_PACKAGES` | -| CRITICAL | `android.permission.COPY_PROTECTED_DATA` | -| | `android.permission.WRITE_SECURE_SETTINGS` | -| | `android.permission.READ_FRAME_BUFFER` | -| | `android.permission.MANAGE_CA_CERTIFICATES` | -| | `android.permission.MANAGE_APP_OPS_MODES` | -| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | -| | `android.permission.DUMP` | -| | `android.permission.CAMERA` | -| | `android.permission.SYSTEM_CAMERA` | -| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS` | -| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | -| HIGH | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS` | -| | `android.permission.READ_SMS` | -| | `android.permission.WRITE_SMS` | -| | `android.permission.RECEIVE_MMS` | -| | `android.permission.SEND_SMS_NO_CONFIRMATION` | -| | `android.permission.RECEIVE_SMS` | -| | `android.permission.READ_LOGS` | -| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | -| | `android.permission.LOCATION_HARDWARE` | -| | `android.permission.ACCESS_FINE_LOCATION` | -| | `android.permission.ACCESS_BACKGROUND_LOCATION` | -| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | -| | `android.permission.ACCESS_WIFI_STATE` | -| | `com.android.voicemail.permission.READ_VOICEMAIL` | -| | `android.permission.RECORD_AUDIO` | -| | `android.permission.CAPTURE_AUDIO_OUTPUT` | -| | `android.permission.ACCESS_NOTIFICATIONS` | -| | `android.permission.INTERACT_ACROSS_USERS_FULL` | -| | `android.permission.BLUETOOTH_PRIVILEGED` | -| | `android.permission.GET_PASSWORD` | -| | `android.permission.INTERNAL_SYSTEM_WINDOW` | -| MEDIUM | `android.permission.ACCESS_COARSE_LOCATION` | -| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | -| | `android.permission.READ_CONTACTS` | -| | `android.permission.WRITE_CONTACTS` | -| | `android.permission.CONNECTIVITY_INTERNAL` | -| | `android.permission.ACCESS_MEDIA_LOCATION` | -| | `android.permission.READ_EXTERNAL_STORAGE` | -| | `android.permission.WRITE_EXTERNAL_STORAGE` | -| | `android.permission.SYSTEM_ALERT_WINDOW` | -| | `android.permission.READ_CALL_LOG` | -| | `android.permission.WRITE_CALL_LOG` | -| | `android.permission.INTERACT_ACROSS_USERS` | -| | `android.permission.MANAGE_USERS` | -| | `android.permission.READ_CALENDAR` | -| | `android.permission.BLUETOOTH_ADMIN` | -| | `android.permission.BODY_SENSORS` | -| LOW | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | -| | `android.permission.PACKAGE_USAGE_STATS` | -| | `android.permission.MASTER_CLEAR` | -| | `android.permission.DELETE_PACKAGES` | -| | `android.permission.GET_PACKAGE_SIZE` | -| | `android.permission.BLUETOOTH` | -| | `android.permission.DEVICE_POWER` | -| NONE | `android.permission.ACCESS_NETWORK_STATE` | -| | `android.permission.RECEIVE_BOOT_COMPLETED` | -| | `android.permission.WAKE_LOCK` | -| | `android.permission.FLASHLIGHT` | -| | `android.permission.VIBRATE` | -| | `android.permission.WRITE_MEDIA_STORAGE` | -| | `android.permission.MODIFY_AUDIO_SETTINGS` | +The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and entrance points to an app to estimate its attack surface. + +| Category | Permissions | Protection Level | +|--------------|-----------------------------------------------------|-----------------------------------------------------| +| ASTRONOMICAL | `android.permission.INSTALL_PACKAGES` | signature, appop | +| -------------|-----------------------------------------------------|-----------------------------------------------------| +| CRITICAL | `android.permission.COPY_PROTECTED_DATA` | signature | +| | `android.permission.WRITE_SECURE_SETTINGS` | signature, privileged, development, role, installer| +| | `android.permission.READ_FRAME_BUFFER` | signature, recents | +| | `android.permission.MANAGE_CA_CERTIFICATES` | signature, privileged | +| | `android.permission.MANAGE_APP_OPS_MODES` | signature, installer, verifier, role | +| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | signature, installer, verifier | +| | `android.permission.DUMP` | signature, privileged, development | +| | `android.permission.CAMERA` | signature | +| | `android.permission.SYSTEM_CAMERA` | system, signature, role | +| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS`| signature, role | +| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | signature, privileged | +| -------------|-----------------------------------------------------|-----------------------------------------------------| +| HIGH | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS`| signature, installer, verifier | +| | `android.permission.READ_SMS` | dangerous | +| | `android.permission.WRITE_SMS` | normal | +| | `android.permission.RECEIVE_MMS` | dangerous | +| | `android.permission.SEND_SMS_NO_CONFIRMATION` | signature, privileged | +| | `android.permission.RECEIVE_SMS` | dangerous | +| | `android.permission.READ_LOGS` | signature, privileged, development | +| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | signature, privileged, role | +| | `android.permission.LOCATION_HARDWARE` | signature, privileged, role | +| | `android.permission.ACCESS_FINE_LOCATION` | dangerous, instant | +| | `android.permission.ACCESS_BACKGROUND_LOCATION` | dangerous, instant | +| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | signature | +| | `android.permission.ACCESS_WIFI_STATE` | normal | +| | `com.android.voicemail.permission.READ_VOICEMAIL` | signature, privileged, role | +| | `android.permission.RECORD_AUDIO` | dangerous, instant | +| | `android.permission.CAPTURE_AUDIO_OUTPUT` | signature, privileged, role | +| | `android.permission.ACCESS_NOTIFICATIONS` | signature, privileged, appop | +| | `android.permission.INTERACT_ACROSS_USERS_FULL` | signature, installer, role | +| | `android.permission.BLUETOOTH_PRIVILEGED` | signature, privileged | +| | `android.permission.GET_PASSWORD` | signature | +| | `android.permission.INTERNAL_SYSTEM_WINDOW` | signature | +| -------------|-----------------------------------------------------|-----------------------------------------------------| +| MEDIUM | `android.permission.ACCESS_COARSE_LOCATION` | dangerous, instant | +| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | signature, privileged, role | +| | `android.permission.READ_CONTACTS` | dangerous | +| | `android.permission.WRITE_CONTACTS` | dangerous | +| | `android.permission.CONNECTIVITY_INTERNAL` | signature, privileged | +| | `android.permission.ACCESS_MEDIA_LOCATION` | dangerous | +| | `android.permission.READ_EXTERNAL_STORAGE` | dangerous | +| | `android.permission.WRITE_EXTERNAL_STORAGE` | dangerous | +| | `android.permission.SYSTEM_ALERT_WINDOW` | signature, setup, appop, installer, pre23, development| +| | `android.permission.READ_CALL_LOG` | dangerous | +| | `android.permission.WRITE_CALL_LOG` | dangerous | +| | `android.permission.INTERACT_ACROSS_USERS` | signature, privileged, development, role | +| | `android.permission.MANAGE_USERS` | signature, privileged | +| | `android.permission.READ_CALENDAR` | dangerous | +| | `android.permission.BLUETOOTH_ADMIN` | normal | +| | `android.permission.BODY_SENSORS` | dangerous | +| -------------|-----------------------------------------------------|-----------------------------------------------------| +| LOW | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | normal | +| | `android.permission.PACKAGE_USAGE_STATS` | signature, privileged, development, appop, retailDemo| +| | `android.permission.MASTER_CLEAR` | signature, privileged, role | +| | `android.permission.DELETE_PACKAGES` | normal | +| | `android.permission.GET_PACKAGE_SIZE` | normal | +| | `android.permission.BLUETOOTH` | normal | +| | `android.permission.DEVICE_POWER` | signature, role | +| -------------|-----------------------------------------------------|-----------------------------------------------------| +| NONE | `android.permission.ACCESS_NETWORK_STATE` | normal, instant | +| | `android.permission.RECEIVE_BOOT_COMPLETED` | normal | +| | `android.permission.WAKE_LOCK` | normal, instant | +| | `android.permission.FLASHLIGHT` | normal | +| | `android.permission.VIBRATE` | normal, instant | +| | `android.permission.WRITE_MEDIA_STORAGE` | signature, privileged | +| | `android.permission.MODIFY_AUDIO_SETTINGS` | normal | + +#### Permission Changes per API Level **Android 8.0 (API level 26) Changes:** From af3d6cd3f05b7477b55416ada8e04e004f512c2d Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Tue, 18 Jul 2023 08:15:36 +0200 Subject: [PATCH 3/8] fix empty rows --- .../0x05h-Testing-Platform-Interaction.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Document/0x05h-Testing-Platform-Interaction.md b/Document/0x05h-Testing-Platform-Interaction.md index 96b28d5d9d..6ce8de2b1f 100644 --- a/Document/0x05h-Testing-Platform-Interaction.md +++ b/Document/0x05h-Testing-Platform-Interaction.md @@ -28,9 +28,9 @@ The following table presents a representative set of Android permissions categor | Category | Permissions | Protection Level | |--------------|-----------------------------------------------------|-----------------------------------------------------| -| ASTRONOMICAL | `android.permission.INSTALL_PACKAGES` | signature, appop | -| -------------|-----------------------------------------------------|-----------------------------------------------------| -| CRITICAL | `android.permission.COPY_PROTECTED_DATA` | signature | +| **ASTRONOMICAL** | `android.permission.INSTALL_PACKAGES` | signature, appop | +| | | | +| **CRITICAL** | `android.permission.COPY_PROTECTED_DATA` | signature | | | `android.permission.WRITE_SECURE_SETTINGS` | signature, privileged, development, role, installer| | | `android.permission.READ_FRAME_BUFFER` | signature, recents | | | `android.permission.MANAGE_CA_CERTIFICATES` | signature, privileged | @@ -41,8 +41,8 @@ The following table presents a representative set of Android permissions categor | | `android.permission.SYSTEM_CAMERA` | system, signature, role | | | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS`| signature, role | | | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | signature, privileged | -| -------------|-----------------------------------------------------|-----------------------------------------------------| -| HIGH | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS`| signature, installer, verifier | +| | | | +| **HIGH** | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS`| signature, installer, verifier | | | `android.permission.READ_SMS` | dangerous | | | `android.permission.WRITE_SMS` | normal | | | `android.permission.RECEIVE_MMS` | dangerous | @@ -63,8 +63,8 @@ The following table presents a representative set of Android permissions categor | | `android.permission.BLUETOOTH_PRIVILEGED` | signature, privileged | | | `android.permission.GET_PASSWORD` | signature | | | `android.permission.INTERNAL_SYSTEM_WINDOW` | signature | -| -------------|-----------------------------------------------------|-----------------------------------------------------| -| MEDIUM | `android.permission.ACCESS_COARSE_LOCATION` | dangerous, instant | +| | | | +| **MEDIUM** | `android.permission.ACCESS_COARSE_LOCATION` | dangerous, instant | | | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | signature, privileged, role | | | `android.permission.READ_CONTACTS` | dangerous | | | `android.permission.WRITE_CONTACTS` | dangerous | @@ -80,16 +80,16 @@ The following table presents a representative set of Android permissions categor | | `android.permission.READ_CALENDAR` | dangerous | | | `android.permission.BLUETOOTH_ADMIN` | normal | | | `android.permission.BODY_SENSORS` | dangerous | -| -------------|-----------------------------------------------------|-----------------------------------------------------| -| LOW | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | normal | +| | | | +| **LOW** | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | normal | | | `android.permission.PACKAGE_USAGE_STATS` | signature, privileged, development, appop, retailDemo| | | `android.permission.MASTER_CLEAR` | signature, privileged, role | | | `android.permission.DELETE_PACKAGES` | normal | | | `android.permission.GET_PACKAGE_SIZE` | normal | | | `android.permission.BLUETOOTH` | normal | | | `android.permission.DEVICE_POWER` | signature, role | -| -------------|-----------------------------------------------------|-----------------------------------------------------| -| NONE | `android.permission.ACCESS_NETWORK_STATE` | normal, instant | +| | | | +| **NONE** | `android.permission.ACCESS_NETWORK_STATE` | normal, instant | | | `android.permission.RECEIVE_BOOT_COMPLETED` | normal | | | `android.permission.WAKE_LOCK` | normal, instant | | | `android.permission.FLASHLIGHT` | normal | From 918b4da9056e3514fd63657adf1143541304664d Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Tue, 18 Jul 2023 09:15:34 +0200 Subject: [PATCH 4/8] simplyfy protection levels --- .../0x05h-Testing-Platform-Interaction.md | 144 +++++++++--------- 1 file changed, 72 insertions(+), 72 deletions(-) diff --git a/Document/0x05h-Testing-Platform-Interaction.md b/Document/0x05h-Testing-Platform-Interaction.md index 6ce8de2b1f..a6986cdc03 100644 --- a/Document/0x05h-Testing-Platform-Interaction.md +++ b/Document/0x05h-Testing-Platform-Interaction.md @@ -24,78 +24,78 @@ A list of all permissions can be found in the [Android developer documentation]( - [Request app permissions](https://developer.android.com/training/permissions/requesting) programmatically. - [Define a Custom App Permission](https://developer.android.com/guide/topics/permissions/defining) to share your app resources and capabilities with other apps. -The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and entrance points to an app to estimate its attack surface. - -| Category | Permissions | Protection Level | -|--------------|-----------------------------------------------------|-----------------------------------------------------| -| **ASTRONOMICAL** | `android.permission.INSTALL_PACKAGES` | signature, appop | -| | | | -| **CRITICAL** | `android.permission.COPY_PROTECTED_DATA` | signature | -| | `android.permission.WRITE_SECURE_SETTINGS` | signature, privileged, development, role, installer| -| | `android.permission.READ_FRAME_BUFFER` | signature, recents | -| | `android.permission.MANAGE_CA_CERTIFICATES` | signature, privileged | -| | `android.permission.MANAGE_APP_OPS_MODES` | signature, installer, verifier, role | -| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | signature, installer, verifier | -| | `android.permission.DUMP` | signature, privileged, development | -| | `android.permission.CAMERA` | signature | -| | `android.permission.SYSTEM_CAMERA` | system, signature, role | -| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS`| signature, role | -| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | signature, privileged | -| | | | -| **HIGH** | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS`| signature, installer, verifier | -| | `android.permission.READ_SMS` | dangerous | -| | `android.permission.WRITE_SMS` | normal | -| | `android.permission.RECEIVE_MMS` | dangerous | -| | `android.permission.SEND_SMS_NO_CONFIRMATION` | signature, privileged | -| | `android.permission.RECEIVE_SMS` | dangerous | -| | `android.permission.READ_LOGS` | signature, privileged, development | -| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | signature, privileged, role | -| | `android.permission.LOCATION_HARDWARE` | signature, privileged, role | -| | `android.permission.ACCESS_FINE_LOCATION` | dangerous, instant | -| | `android.permission.ACCESS_BACKGROUND_LOCATION` | dangerous, instant | -| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | signature | -| | `android.permission.ACCESS_WIFI_STATE` | normal | -| | `com.android.voicemail.permission.READ_VOICEMAIL` | signature, privileged, role | -| | `android.permission.RECORD_AUDIO` | dangerous, instant | -| | `android.permission.CAPTURE_AUDIO_OUTPUT` | signature, privileged, role | -| | `android.permission.ACCESS_NOTIFICATIONS` | signature, privileged, appop | -| | `android.permission.INTERACT_ACROSS_USERS_FULL` | signature, installer, role | -| | `android.permission.BLUETOOTH_PRIVILEGED` | signature, privileged | -| | `android.permission.GET_PASSWORD` | signature | -| | `android.permission.INTERNAL_SYSTEM_WINDOW` | signature | -| | | | -| **MEDIUM** | `android.permission.ACCESS_COARSE_LOCATION` | dangerous, instant | -| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | signature, privileged, role | -| | `android.permission.READ_CONTACTS` | dangerous | -| | `android.permission.WRITE_CONTACTS` | dangerous | -| | `android.permission.CONNECTIVITY_INTERNAL` | signature, privileged | -| | `android.permission.ACCESS_MEDIA_LOCATION` | dangerous | -| | `android.permission.READ_EXTERNAL_STORAGE` | dangerous | -| | `android.permission.WRITE_EXTERNAL_STORAGE` | dangerous | -| | `android.permission.SYSTEM_ALERT_WINDOW` | signature, setup, appop, installer, pre23, development| -| | `android.permission.READ_CALL_LOG` | dangerous | -| | `android.permission.WRITE_CALL_LOG` | dangerous | -| | `android.permission.INTERACT_ACROSS_USERS` | signature, privileged, development, role | -| | `android.permission.MANAGE_USERS` | signature, privileged | -| | `android.permission.READ_CALENDAR` | dangerous | -| | `android.permission.BLUETOOTH_ADMIN` | normal | -| | `android.permission.BODY_SENSORS` | dangerous | -| | | | -| **LOW** | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | normal | -| | `android.permission.PACKAGE_USAGE_STATS` | signature, privileged, development, appop, retailDemo| -| | `android.permission.MASTER_CLEAR` | signature, privileged, role | -| | `android.permission.DELETE_PACKAGES` | normal | -| | `android.permission.GET_PACKAGE_SIZE` | normal | -| | `android.permission.BLUETOOTH` | normal | -| | `android.permission.DEVICE_POWER` | signature, role | -| | | | -| **NONE** | `android.permission.ACCESS_NETWORK_STATE` | normal, instant | -| | `android.permission.RECEIVE_BOOT_COMPLETED` | normal | -| | `android.permission.WAKE_LOCK` | normal, instant | -| | `android.permission.FLASHLIGHT` | normal | -| | `android.permission.VIBRATE` | normal, instant | -| | `android.permission.WRITE_MEDIA_STORAGE` | signature, privileged | -| | `android.permission.MODIFY_AUDIO_SETTINGS` | normal | +The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and entrance points to an app to estimate its attack surface. You can inspect all Android permissions in the [Android developer documentation Manifest.permission](https://developer.android.com/reference/android/Manifest.permission). + +| Category | Permissions | Protection Level | +|--------------|-----------------------------------------------------|------------------| +| **ASTRONOMICAL** | `android.permission.INSTALL_PACKAGES` | Signature | +| | | | +| **CRITICAL** | `android.permission.COPY_PROTECTED_DATA` | Signature | +| | `android.permission.WRITE_SECURE_SETTINGS` | Signature | +| | `android.permission.READ_FRAME_BUFFER` | Signature | +| | `android.permission.MANAGE_CA_CERTIFICATES` | Signature | +| | `android.permission.MANAGE_APP_OPS_MODES` | Signature | +| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | Signature | +| | `android.permission.DUMP` | Signature | +| | `android.permission.CAMERA` | Dangerous | +| | `android.permission.SYSTEM_CAMERA` | SystemOrSignature| +| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS`| Signature | +| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | Signature | +| | | | +| **HIGH** | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS`| Signature | +| | `android.permission.READ_SMS` | Dangerous | +| | `android.permission.WRITE_SMS` | Normal | +| | `android.permission.RECEIVE_MMS` | Dangerous | +| | `android.permission.SEND_SMS_NO_CONFIRMATION` | Signature | +| | `android.permission.RECEIVE_SMS` | Dangerous | +| | `android.permission.READ_LOGS` | Signature | +| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | Signature | +| | `android.permission.LOCATION_HARDWARE` | Signature | +| | `android.permission.ACCESS_FINE_LOCATION` | Dangerous | +| | `android.permission.ACCESS_BACKGROUND_LOCATION` | Dangerous | +| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | Signature | +| | `android.permission.ACCESS_WIFI_STATE` | Normal | +| | `com.android.voicemail.permission.READ_VOICEMAIL` | Signature | +| | `android.permission.RECORD_AUDIO` | Dangerous | +| | `android.permission.CAPTURE_AUDIO_OUTPUT` | Signature | +| | `android.permission.ACCESS_NOTIFICATIONS` | Signature | +| | `android.permission.INTERACT_ACROSS_USERS_FULL` | Signature | +| | `android.permission.BLUETOOTH_PRIVILEGED` | Signature | +| | `android.permission.GET_PASSWORD` | Signature | +| | `android.permission.INTERNAL_SYSTEM_WINDOW` | Signature | +| | | | +| **MEDIUM** | `android.permission.ACCESS_COARSE_LOCATION` | Dangerous | +| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | Signature | +| | `android.permission.READ_CONTACTS` | Dangerous | +| | `android.permission.WRITE_CONTACTS` | Dangerous | +| | `android.permission.CONNECTIVITY_INTERNAL` | Signature | +| | `android.permission.ACCESS_MEDIA_LOCATION` | Dangerous | +| | `android.permission.READ_EXTERNAL_STORAGE` | Dangerous | +| | `android.permission.WRITE_EXTERNAL_STORAGE` | Dangerous | +| | `android.permission.SYSTEM_ALERT_WINDOW` | Signature | +| | `android.permission.READ_CALL_LOG` | Dangerous | +| | `android.permission.WRITE_CALL_LOG` | Dangerous | +| | `android.permission.INTERACT_ACROSS_USERS` | Signature | +| | `android.permission.MANAGE_USERS` | Signature | +| | `android.permission.READ_CALENDAR` | Dangerous | +| | `android.permission.BLUETOOTH_ADMIN` | Normal | +| | `android.permission.BODY_SENSORS` | Dangerous | +| | | | +| **LOW** | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | Normal | +| | `android.permission.PACKAGE_USAGE_STATS` | Signature | +| | `android.permission.MASTER_CLEAR` | Signature | +| | `android.permission.DELETE_PACKAGES` | Normal | +| | `android.permission.GET_PACKAGE_SIZE` | Normal | +| | `android.permission.BLUETOOTH` | Normal | +| | `android.permission.DEVICE_POWER` | Signature | +| | | | +| **NONE** | `android.permission.ACCESS_NETWORK_STATE` | Normal | +| | `android.permission.RECEIVE_BOOT_COMPLETED` | Normal | +| | `android.permission.WAKE_LOCK` | Normal | +| | `android.permission.FLASHLIGHT` | Normal | +| | `android.permission.VIBRATE` | Normal | +| | `android.permission.WRITE_MEDIA_STORAGE` | Signature | +| | `android.permission.MODIFY_AUDIO_SETTINGS` | Normal | #### Permission Changes per API Level From 87912d4a1e1170eed5751e43042f74d90256aa3d Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Tue, 18 Jul 2023 09:51:00 +0200 Subject: [PATCH 5/8] add more context and turn bullets into table --- .../0x05h-Testing-Platform-Interaction.md | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/Document/0x05h-Testing-Platform-Interaction.md b/Document/0x05h-Testing-Platform-Interaction.md index a6986cdc03..3712c38b83 100644 --- a/Document/0x05h-Testing-Platform-Interaction.md +++ b/Document/0x05h-Testing-Platform-Interaction.md @@ -11,22 +11,27 @@ platform: android Android assigns a distinct system identity (Linux user ID and group ID) to every installed app. Because each Android app operates in a process sandbox, apps must explicitly request access to resources and data that are outside their sandbox. They request this access by declaring the permissions they need to use system data and features. Depending on how sensitive or critical the data or feature is, the Android system will grant the permission automatically or ask the user to approve the request. -Android permissions are classified into four different categories on the basis of the protection level they offer: - -- **Normal**: This permission gives apps access to isolated application-level features with minimal risk to other apps, the user, and the system. For apps targeting Android 6.0 (API level 23) or higher, these permissions are granted automatically at installation time. For apps targeting a lower API level, the user needs to approve them at installation time. Example: `android.permission.INTERNET`. -- **Dangerous**: This permission usually gives the app control over user data or control over the device in a way that impacts the user. This type of permission may not be granted at installation time; whether the app should have the permission may be left for the user to decide. Example: `android.permission.RECORD_AUDIO`. -- **Signature**: This permission is granted only if the requesting app was signed with the same certificate used to sign the app that declared the permission. If the signature matches, the permission will be granted automatically. This permission is granted at installation time. Example: `android.permission.ACCESS_MOCK_LOCATION`. -- **SystemOrSignature**: This permission is granted only to applications embedded in the system image or signed with the same certificate used to sign the application that declared the permission. Example: `android.permission.ACCESS_DOWNLOAD_MANAGER`. - -A list of all permissions can be found in the [Android developer documentation](https://developer.android.com/guide/topics/permissions/overview.html "Permissions overview") as well as concrete steps on how to: +See the Android developer documentation for guides and trainings: +- [Permissions on Android](https://developer.android.com/guide/topics/permissions/overview.html "Permissions on Android") - [Declare app permissions](https://developer.android.com/training/permissions/declaring) in your app's manifest file. - [Request app permissions](https://developer.android.com/training/permissions/requesting) programmatically. - [Define a Custom App Permission](https://developer.android.com/guide/topics/permissions/defining) to share your app resources and capabilities with other apps. -The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and entrance points to an app to estimate its attack surface. You can inspect all Android permissions in the [Android developer documentation Manifest.permission](https://developer.android.com/reference/android/Manifest.permission). +Android permissions are classified into four different categories on the basis of the protection level they offer: + +| Protection Level | Description | Granting Method | Example | +|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------|----------------------------------------------| +| **Normal** | Grants apps access to isolated application-level features with minimal risk to other apps, the user, and the system. | Automatic at installation time (Android 6.0 (API level 23) or higher) | `android.permission.INTERNET` | +| **Dangerous** | Provides the app with control over user data or device functionality that could potentially impact the user. | User approval required | `android.permission.RECORD_AUDIO` | +| **Signature** | Granted only to apps signed with the same certificate as the one used to sign the declaring app. | Automatic at installation time | `android.permission.ACCESS_MOCK_LOCATION` | +| **SystemOrSignature** | Reserved for system-embedded apps or those signed with the same certificate as the one used to sign the declaring app. | Automatic at installation time | `android.permission.ACCESS_DOWNLOAD_MANAGER` | -| Category | Permissions | Protection Level | +A list of all permissions can be found in the [Android developer documentation](https://developer.android.com/reference/android/Manifest.permission "Manifest.permission"). + +Independently from the assigned Protection Level, it is important to consider the risk that a permission might be posing considering the additional guarded capabilities, this is especially important for preloaded apps. The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and entrance points to an app to estimate its attack surface. + +| Risk Category | Permissions | Protection Level | |--------------|-----------------------------------------------------|------------------| | **ASTRONOMICAL** | `android.permission.INSTALL_PACKAGES` | Signature | | | | | @@ -97,6 +102,10 @@ The following table presents a representative set of Android permissions categor | | `android.permission.WRITE_MEDIA_STORAGE` | Signature | | | `android.permission.MODIFY_AUDIO_SETTINGS` | Normal | +Note that this categorization can change over time. The paper gives us an example of that: + +> Prior to Android 10, the `READ_PHONE_STATE` permission would be classified as HIGH, due to the permanent device identifiers (e.g. (IMEI/MEID, IMSI, SIM, and build serial) that it guards. However, starting from Android 10, a bulk of the sensitive information that can be used for tracking has been moved, refactored or rescoped into a new permission called `READ_PRIVILEGED_PHONE_STATE`, putting the new permission in the HIGH category, but resulting in the `READ_PHONE_STATE` permission moving to LOW. + #### Permission Changes per API Level **Android 8.0 (API level 26) Changes:** From bb6c5f15572bbd9e984c01e7209b202ccaf56a64 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Thu, 20 Jul 2023 08:36:29 +0200 Subject: [PATCH 6/8] last fixes for permission categories and text flow --- .../0x05h-Testing-Platform-Interaction.md | 157 +++++++++--------- 1 file changed, 79 insertions(+), 78 deletions(-) diff --git a/Document/0x05h-Testing-Platform-Interaction.md b/Document/0x05h-Testing-Platform-Interaction.md index 3712c38b83..c7a357688e 100644 --- a/Document/0x05h-Testing-Platform-Interaction.md +++ b/Document/0x05h-Testing-Platform-Interaction.md @@ -9,98 +9,99 @@ platform: android ### App Permissions -Android assigns a distinct system identity (Linux user ID and group ID) to every installed app. Because each Android app operates in a process sandbox, apps must explicitly request access to resources and data that are outside their sandbox. They request this access by declaring the permissions they need to use system data and features. Depending on how sensitive or critical the data or feature is, the Android system will grant the permission automatically or ask the user to approve the request. +Android assigns a distinct system identity (Linux user ID and group ID) to every installed app. Because each Android app operates in a process sandbox, apps must explicitly request access to resources and data that are outside their sandbox. They request this access by [declaring the permissions](https://developer.android.com/guide/topics/permissions/overview "Permissions on Android") they need to use system data and features. Depending on how sensitive or critical the data or feature is, the Android system will grant the permission automatically or ask the user to approve the request. -See the Android developer documentation for guides and trainings: +To enhance user privacy and mitigate privacy risks, it is crucial for Android apps to minimize permission requests and only request access to sensitive information when absolutely necessary. The Android developer documentation offers valuable insights and best practices to help apps achieve the same level of functionality without requiring direct access to sensitive resources: -- [Permissions on Android](https://developer.android.com/guide/topics/permissions/overview.html "Permissions on Android") -- [Declare app permissions](https://developer.android.com/training/permissions/declaring) in your app's manifest file. -- [Request app permissions](https://developer.android.com/training/permissions/requesting) programmatically. -- [Define a Custom App Permission](https://developer.android.com/guide/topics/permissions/defining) to share your app resources and capabilities with other apps. +- [Minimize your permission requests](https://developer.android.com/training/permissions/evaluating "Minimize your permission requests") +- [App permissions best practices](https://developer.android.com/training/permissions/usage-notes "App permissions best practices") +- [Permissions and APIs that Access Sensitive Information](https://support.google.com/googleplay/android-developer/answer/9888170 "Permissions and APIs that Access Sensitive Information") -Android permissions are classified into four different categories on the basis of the protection level they offer: +Android permissions can be classified into distinct categories depending on the extent of restricted data access and permitted actions that they grant to an app. This classification includes the so-called ["Protection Level"](https://developer.android.com/guide/topics/manifest/permission-element#plevel " - android:protectionLevel") as shown on the [permissions API reference page](https://developer.android.com/reference/android/Manifest.permission "Manifest.permission") and [AndroidManifest.xml Source Definitions](https://android.googlesource.com/platform/frameworks/base/+/refs/heads/master/core/res/AndroidManifest.xml#819 "android.googlesource.com - AndroidManifest.xml"). -| Protection Level | Description | Granting Method | Example | -|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------|----------------------------------------------| -| **Normal** | Grants apps access to isolated application-level features with minimal risk to other apps, the user, and the system. | Automatic at installation time (Android 6.0 (API level 23) or higher) | `android.permission.INTERNET` | -| **Dangerous** | Provides the app with control over user data or device functionality that could potentially impact the user. | User approval required | `android.permission.RECORD_AUDIO` | -| **Signature** | Granted only to apps signed with the same certificate as the one used to sign the declaring app. | Automatic at installation time | `android.permission.ACCESS_MOCK_LOCATION` | -| **SystemOrSignature** | Reserved for system-embedded apps or those signed with the same certificate as the one used to sign the declaring app. | Automatic at installation time | `android.permission.ACCESS_DOWNLOAD_MANAGER` | - -A list of all permissions can be found in the [Android developer documentation](https://developer.android.com/reference/android/Manifest.permission "Manifest.permission"). +- [**Install-time permissions**](https://developer.android.com/guide/topics/permissions/overview#install-time Install-time permissions): grant limited access to restricted data or let the app perform restricted actions that minimally affect the system or other apps. They are granted automatically at installation time (Android 6.0 (API level 23) or higher). + - Protection Level: `normal`. Grants apps access to isolated application-level features with minimal risk to other apps, the user, and the system. Example: `android.permission.INTERNET` + - Protection Level: `signature`. Granted only to apps signed with the same certificate as the one used to sign the declaring app. Example: `android.permission.ACCESS_MOCK_LOCATION` + - Protection Level: `systemOrSignature`. Reserved for system-embedded apps or those signed with the same certificate as the one used to sign the declaring app. Example: `android.permission.ACCESS_DOWNLOAD_MANAGER`. Old synonym for `signature|privileged`. Deprecated in API level 23. +- [**Runtime permissions**](https://developer.android.com/training/permissions/requesting "Request runtime permissions"): require prompting the user at runtime for explicit approval. + - Protection Level: `dangerous`. Grant additional access to restricted data or let the app perform restricted actions that more substantially affect the system and other apps. +- [**Special permissions**](https://developer.android.com/training/permissions/requesting-special "Request special permissions"): require the user to navigate to **Settings > Apps > Special app access** and give explicit consent. + - Protection Level: `appop`. Grant access to system resources that are particularly sensitive such as displaying and drawing over other apps or accessing all storage data. +- [**Custom permissions**](https://developer.android.com/guide/topics/permissions/defining "Define a custom app permission") in order to share their own resources and capabilities with other apps. + - Protection Level: `normal`, `signature` or `dangerous`. Independently from the assigned Protection Level, it is important to consider the risk that a permission might be posing considering the additional guarded capabilities, this is especially important for preloaded apps. The following table presents a representative set of Android permissions categorized by associated risk as defined in this [paper](https://www.android-device-security.org/publications/2020-lau-uraniborg/Lau_2020_Uraniborg_Scoring_Whitepaper_20200827.pdf "Uraniborg’s Device Preloaded App Risks Scoring Metrics") which leverages the set of (privileged) permissions and entrance points to an app to estimate its attack surface. | Risk Category | Permissions | Protection Level | |--------------|-----------------------------------------------------|------------------| -| **ASTRONOMICAL** | `android.permission.INSTALL_PACKAGES` | Signature | +| **ASTRONOMICAL** | `android.permission.INSTALL_PACKAGES` | signature | | | | | -| **CRITICAL** | `android.permission.COPY_PROTECTED_DATA` | Signature | -| | `android.permission.WRITE_SECURE_SETTINGS` | Signature | -| | `android.permission.READ_FRAME_BUFFER` | Signature | -| | `android.permission.MANAGE_CA_CERTIFICATES` | Signature | -| | `android.permission.MANAGE_APP_OPS_MODES` | Signature | -| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | Signature | -| | `android.permission.DUMP` | Signature | -| | `android.permission.CAMERA` | Dangerous | -| | `android.permission.SYSTEM_CAMERA` | SystemOrSignature| -| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS`| Signature | -| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | Signature | +| **CRITICAL** | `android.permission.COPY_PROTECTED_DATA` | signature | +| | `android.permission.WRITE_SECURE_SETTINGS` | signature | +| | `android.permission.READ_FRAME_BUFFER` | signature | +| | `android.permission.MANAGE_CA_CERTIFICATES` | signature | +| | `android.permission.MANAGE_APP_OPS_MODES` | signature | +| | `android.permission.GRANT_RUNTIME_PERMISSIONS` | signature | +| | `android.permission.DUMP` | signature | +| | `android.permission.CAMERA` | dangerous | +| | `android.permission.SYSTEM_CAMERA` | systemOrSignature| +| | `android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS`| signature | +| | `android.permission.MOUNT_UNMOUNT_FILESYSTEMS` | signature | | | | | -| **HIGH** | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS`| Signature | -| | `android.permission.READ_SMS` | Dangerous | -| | `android.permission.WRITE_SMS` | Normal | -| | `android.permission.RECEIVE_MMS` | Dangerous | -| | `android.permission.SEND_SMS_NO_CONFIRMATION` | Signature | -| | `android.permission.RECEIVE_SMS` | Dangerous | -| | `android.permission.READ_LOGS` | Signature | -| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | Signature | -| | `android.permission.LOCATION_HARDWARE` | Signature | -| | `android.permission.ACCESS_FINE_LOCATION` | Dangerous | -| | `android.permission.ACCESS_BACKGROUND_LOCATION` | Dangerous | -| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | Signature | -| | `android.permission.ACCESS_WIFI_STATE` | Normal | -| | `com.android.voicemail.permission.READ_VOICEMAIL` | Signature | -| | `android.permission.RECORD_AUDIO` | Dangerous | -| | `android.permission.CAPTURE_AUDIO_OUTPUT` | Signature | -| | `android.permission.ACCESS_NOTIFICATIONS` | Signature | -| | `android.permission.INTERACT_ACROSS_USERS_FULL` | Signature | -| | `android.permission.BLUETOOTH_PRIVILEGED` | Signature | -| | `android.permission.GET_PASSWORD` | Signature | -| | `android.permission.INTERNAL_SYSTEM_WINDOW` | Signature | +| **HIGH** | `android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS`| signature | +| | `android.permission.READ_SMS` | dangerous | +| | `android.permission.WRITE_SMS` | normal | +| | `android.permission.RECEIVE_MMS` | dangerous | +| | `android.permission.SEND_SMS_NO_CONFIRMATION` | signature | +| | `android.permission.RECEIVE_SMS` | dangerous | +| | `android.permission.READ_LOGS` | signature | +| | `android.permission.READ_PRIVILEGED_PHONE_STATE` | signature | +| | `android.permission.LOCATION_HARDWARE` | signature | +| | `android.permission.ACCESS_FINE_LOCATION` | dangerous | +| | `android.permission.ACCESS_BACKGROUND_LOCATION` | dangerous | +| | `android.permission.BIND_ACCESSIBILITY_SERVICE` | signature | +| | `android.permission.ACCESS_WIFI_STATE` | normal | +| | `com.android.voicemail.permission.READ_VOICEMAIL` | signature | +| | `android.permission.RECORD_AUDIO` | dangerous | +| | `android.permission.CAPTURE_AUDIO_OUTPUT` | signature | +| | `android.permission.ACCESS_NOTIFICATIONS` | signature | +| | `android.permission.INTERACT_ACROSS_USERS_FULL` | signature | +| | `android.permission.BLUETOOTH_PRIVILEGED` | signature | +| | `android.permission.GET_PASSWORD` | signature | +| | `android.permission.INTERNAL_SYSTEM_WINDOW` | signature | | | | | -| **MEDIUM** | `android.permission.ACCESS_COARSE_LOCATION` | Dangerous | -| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | Signature | -| | `android.permission.READ_CONTACTS` | Dangerous | -| | `android.permission.WRITE_CONTACTS` | Dangerous | -| | `android.permission.CONNECTIVITY_INTERNAL` | Signature | -| | `android.permission.ACCESS_MEDIA_LOCATION` | Dangerous | -| | `android.permission.READ_EXTERNAL_STORAGE` | Dangerous | -| | `android.permission.WRITE_EXTERNAL_STORAGE` | Dangerous | -| | `android.permission.SYSTEM_ALERT_WINDOW` | Signature | -| | `android.permission.READ_CALL_LOG` | Dangerous | -| | `android.permission.WRITE_CALL_LOG` | Dangerous | -| | `android.permission.INTERACT_ACROSS_USERS` | Signature | -| | `android.permission.MANAGE_USERS` | Signature | -| | `android.permission.READ_CALENDAR` | Dangerous | -| | `android.permission.BLUETOOTH_ADMIN` | Normal | -| | `android.permission.BODY_SENSORS` | Dangerous | +| **MEDIUM** | `android.permission.ACCESS_COARSE_LOCATION` | dangerous | +| | `android.permission.CHANGE_COMPONENT_ENABLED_STATE` | signature | +| | `android.permission.READ_CONTACTS` | dangerous | +| | `android.permission.WRITE_CONTACTS` | dangerous | +| | `android.permission.CONNECTIVITY_INTERNAL` | signature | +| | `android.permission.ACCESS_MEDIA_LOCATION` | dangerous | +| | `android.permission.READ_EXTERNAL_STORAGE` | dangerous | +| | `android.permission.WRITE_EXTERNAL_STORAGE` | dangerous | +| | `android.permission.SYSTEM_ALERT_WINDOW` | signature | +| | `android.permission.READ_CALL_LOG` | dangerous | +| | `android.permission.WRITE_CALL_LOG` | dangerous | +| | `android.permission.INTERACT_ACROSS_USERS` | signature | +| | `android.permission.MANAGE_USERS` | signature | +| | `android.permission.READ_CALENDAR` | dangerous | +| | `android.permission.BLUETOOTH_ADMIN` | normal | +| | `android.permission.BODY_SENSORS` | dangerous | | | | | -| **LOW** | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | Normal | -| | `android.permission.PACKAGE_USAGE_STATS` | Signature | -| | `android.permission.MASTER_CLEAR` | Signature | -| | `android.permission.DELETE_PACKAGES` | Normal | -| | `android.permission.GET_PACKAGE_SIZE` | Normal | -| | `android.permission.BLUETOOTH` | Normal | -| | `android.permission.DEVICE_POWER` | Signature | +| **LOW** | `android.permission.DOWNLOAD_WITHOUT_NOTIFICATION` | normal | +| | `android.permission.PACKAGE_USAGE_STATS` | signature | +| | `android.permission.MASTER_CLEAR` | signature | +| | `android.permission.DELETE_PACKAGES` | normal | +| | `android.permission.GET_PACKAGE_SIZE` | normal | +| | `android.permission.BLUETOOTH` | normal | +| | `android.permission.DEVICE_POWER` | signature | | | | | -| **NONE** | `android.permission.ACCESS_NETWORK_STATE` | Normal | -| | `android.permission.RECEIVE_BOOT_COMPLETED` | Normal | -| | `android.permission.WAKE_LOCK` | Normal | -| | `android.permission.FLASHLIGHT` | Normal | -| | `android.permission.VIBRATE` | Normal | -| | `android.permission.WRITE_MEDIA_STORAGE` | Signature | -| | `android.permission.MODIFY_AUDIO_SETTINGS` | Normal | +| **NONE** | `android.permission.ACCESS_NETWORK_STATE` | normal | +| | `android.permission.RECEIVE_BOOT_COMPLETED` | normal | +| | `android.permission.WAKE_LOCK` | normal | +| | `android.permission.FLASHLIGHT` | normal | +| | `android.permission.VIBRATE` | normal | +| | `android.permission.WRITE_MEDIA_STORAGE` | signature | +| | `android.permission.MODIFY_AUDIO_SETTINGS` | normal | Note that this categorization can change over time. The paper gives us an example of that: From 5dbe4cf95e84c28ae8693040ca3002f91cb899bb Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Thu, 20 Jul 2023 08:38:50 +0200 Subject: [PATCH 7/8] Update Document/0x05h-Testing-Platform-Interaction.md --- Document/0x05h-Testing-Platform-Interaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Document/0x05h-Testing-Platform-Interaction.md b/Document/0x05h-Testing-Platform-Interaction.md index c7a357688e..7d3ea6c878 100644 --- a/Document/0x05h-Testing-Platform-Interaction.md +++ b/Document/0x05h-Testing-Platform-Interaction.md @@ -19,7 +19,7 @@ To enhance user privacy and mitigate privacy risks, it is crucial for Android ap Android permissions can be classified into distinct categories depending on the extent of restricted data access and permitted actions that they grant to an app. This classification includes the so-called ["Protection Level"](https://developer.android.com/guide/topics/manifest/permission-element#plevel " - android:protectionLevel") as shown on the [permissions API reference page](https://developer.android.com/reference/android/Manifest.permission "Manifest.permission") and [AndroidManifest.xml Source Definitions](https://android.googlesource.com/platform/frameworks/base/+/refs/heads/master/core/res/AndroidManifest.xml#819 "android.googlesource.com - AndroidManifest.xml"). -- [**Install-time permissions**](https://developer.android.com/guide/topics/permissions/overview#install-time Install-time permissions): grant limited access to restricted data or let the app perform restricted actions that minimally affect the system or other apps. They are granted automatically at installation time (Android 6.0 (API level 23) or higher). +- [**Install-time permissions**](https://developer.android.com/guide/topics/permissions/overview#install-time "Install-time permissions"): grant limited access to restricted data or let the app perform restricted actions that minimally affect the system or other apps. They are granted automatically at installation time (Android 6.0 (API level 23) or higher). - Protection Level: `normal`. Grants apps access to isolated application-level features with minimal risk to other apps, the user, and the system. Example: `android.permission.INTERNET` - Protection Level: `signature`. Granted only to apps signed with the same certificate as the one used to sign the declaring app. Example: `android.permission.ACCESS_MOCK_LOCATION` - Protection Level: `systemOrSignature`. Reserved for system-embedded apps or those signed with the same certificate as the one used to sign the declaring app. Example: `android.permission.ACCESS_DOWNLOAD_MANAGER`. Old synonym for `signature|privileged`. Deprecated in API level 23. From 12daf25d8307f30ea303e81b97d9728970bc47b2 Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Thu, 20 Jul 2023 08:43:25 +0200 Subject: [PATCH 8/8] add spell check ignore words --- .github/workflows/spell-checker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/spell-checker.yml b/.github/workflows/spell-checker.yml index 85b8aeb9cf..14ddd51f60 100644 --- a/.github/workflows/spell-checker.yml +++ b/.github/workflows/spell-checker.yml @@ -14,5 +14,5 @@ jobs: - uses: actions/checkout@v3 - uses: codespell-project/actions-codespell@master with: - ignore_words_list: "ba,bund,compliancy,firt,ist,keypair,ligh,ro,ser,synopsys,theses,zuser,lief" + ignore_words_list: "aas,aaS,ba,bund,compliancy,firt,ist,keypair,ligh,ro,ser,synopsys,theses,zuser,lief" skip: "*.json,*.yml,*.apk,*.ipa"