Permissions
With application sandboxing, apps cannot access parts of the system without permission, but even with it, Android allows data sharing with other apps or access to some system services. An app needs to request permission to access device data or to access system services. Permissions are a security feature of Android system, but misused permissions make your application vulnerable.
The permission needs of an app are declared in its manifest file. This manifest file is bundled into the app's Android application package (APK), which includes its compiled code along with other resources. The permissions requested in the manifest file (manifest permissions) will be shown to the user when installing the app. The user should review these permissions and accept them to complete the installation process. If the user agrees to them, the protected resources are available to the app.
Tip
Do not request permissions that your app does not need. Reducing the number of permissions makes your app less vulnerable.
Permissions control how an app interacts with the system by using an Android application programming interface (API). Some of the protected APIs that need permission include the following:
- Bluetooth
- Camera
- Location GPS
- Network and data connections
- NFC
- SMS and MMS
- Telephony
For example, to request permission to use the camera, you have to add the following line code in our manifest file:
<uses-permission android:name="android.permission.CAMERA" />
The following code is used to request permission to access the Internet:
<uses-permission android:name="android.permission.INTERNET" />
The following code is used to request permission to send a SMS:
<uses-permission android:name="android.permission.SEND_SMS" />