Android权限列表(基于Android 14)
一、简介
权限的目的为了保护用户隐私,应用在访问一些敏感数据时,必须事先取得用户授权后才能使用,比如:比如读取sdcard、访问通讯录等。 在Android6.0之前的设备上,系统不会提醒用户正在获取的权限。一旦安装应用,就意味着该应用所需的所有权限均已经得到授权。在这种情况下应用可以自由收集用户隐私信息。或者随意发送短信。为了解决这个问题在Android6.0之后的设备上,应用需要动态授权,当需要使用某个权限时,会弹出一个提醒框来征求用户意见,只有取得用户同意后才能继续使用。
二、权限分类
android中所有的预定义权限(不包括厂商自定义的)都可以在Manifest.permission这个静态类中找到定义,android把权限分为三大类:普通权限、危险权限、特殊权限,每一种类型的权限都分配一个对应的Protection Level,分别为:normal、dangerous、appop和signature等,下面简单介绍一下这几种类型的权限:
1.普通权限
普通权限也叫正常权限,Protection Level为normal,它不需要动态申请,你只需要在AndroidManifest.xml中静态地声明,然后系统在应用安装时就会自动的授予该应用相应的权限,当应用获得授权时,它就可以访问应用沙盒外受该普通权限保护地数据或操作,这些数据或操作不会泄漏或篡改用户的隐私,对用户或其他应用几乎没有风险。
以下列出所有普通权限:
权限引入版本APIProtection LevelFOREGROUND_SERVICE_SPECIAL_USE14.034normal|appop|instantFOREGROUND_SERVICE_CAMERA14.034normal|instantFOREGROUND_SERVICE_CONNECTED_DEVICE14.034normal|instantFOREGROUND_SERVICE_DATA_SYNC14.034normal|instantFOREGROUND_SERVICE_HEALTH14.034normal|instantFOREGROUND_SERVICE_LOCATION14.034normal|instantFOREGROUND_SERVICE_MEDIA_PLAYBACK14.034normal|instantFOREGROUND_SERVICE_MEDIA_PROJECTION14.034normal|instantFOREGROUND_SERVICE_MICROPHONE14.034normal|instantFOREGROUND_SERVICE_PHONE_CALL14.034normal|instantFOREGROUND_SERVICE_REMOTE_MESSAGING14.034normal|instantFOREGROUND_SERVICE_SYSTEM_EXEMPTED14.034normal|instantACCESS_LOCATION_EXTRA_COMMANDS1.0(Base)1normalACCESS_NETWORK_STATE1.0(Base)1normalACCESS_NOTIFICATION_POLICY6.0(Marshmallow)23normalACCESS_WIFI_STATE1.0(Base)1normalBLUETOOTH1.0(Base)1normalBLUETOOTH_ADMIN1.0(Base)1normalBROADCAST_STICKY1.0(Base)1normalCALL_COMPANION_APP10.0(Q)29normalCHANGE_NETWORK_STATE1.0(Base)1normalCHANGE_WIFI_MULTICAST_STATE1.6(Donut)4normalCHANGE_WIFI_STATE1.0(Base)1normalCREDENTIAL_MANAGER_QUERY_CANDIDATE_CREDENTIALS14.034normalCREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS14.034normalCREDENTIAL_MANAGER_SET_ORIGIN14.034normalDETECT_SCREEN_CAPTURE14.034normalDISABLE_KEYGUARD1.0(Base)1normalENFORCE_UPDATE_OWNERSHIP14.034normalEXPAND_STATUS_BAR1.0(Base)1normalFOREGROUND_SERVICE9.0(Pie)28normalGET_PACKAGE_SIZE1.0(Base)1normalHIGH_SAMPLING_RATE_SENSORS12.0(S)31normalINSTALL_SHORTCUT4.4(KitKat)19normalINTERNET1.0(Base)1normalKILL_BACKGROUND_PROCESSES2.2(Froyo)8normalMANAGE_OWN_CALLS8.0(Oreo)26normalMODIFY_AUDIO_SETTINGS1.0(Base)1normalNFC2.3(Gingerbread)9normalNFC_PREFERRED_PAYMENT_INFO11.0(R)30normalNFC_TRANSACTION_EVENT9.0(Pie)28normalQUERY_ALL_PACKAGES11.0(R)30normalREAD_SYNC_SETTINGS1.0(Base)1normalREAD_SYNC_STATS1.0(Base)1normalRECEIVE_BOOT_COMPLETED1.0(Base)1normalREORDER_TASKS1.0(Base)1normalREQUEST_COMPANION_PROFILE_GLASSES14.034normalREQUEST_COMPANION_PROFILE_WATCH12.0(S)31normalREQUEST_COMPANION_RUN_IN_BACKGROUND8.0(Oreo)26normalREQUEST_COMPANION_START_FOREGROUND_SERVICES_FROM_BACKGROUND12.0(S)31normalREQUEST_COMPANION_USE_DATA_IN_BACKGROUND8.0(Oreo)26normalREQUEST_DELETE_PACKAGES8.0(Oreo)26normalREQUEST_IGNORE_BATTERY_OPTIMIZATIONS6.0(Marshmallow)23normalREQUEST_PASSWORD_COMPLEXITY10.0(Q)29normalRUN_USER_INITIATED_JOBS14.034normalSET_ALARM2.3(Gingerbread)9normalSET_WALLPAPER1.0(Base)1normalSET_WALLPAPER_HINTS1.0(Base)1normalTRANSMIT_IR4.4(KitKat)19normalUPDATE_PACKAGES_WITHOUT_USER_ACTION12.0(S)31normalUSE_BIOMETRIC9.0(Pie)28normalUSE_FINGERPRINT+6.0(Marshmallow)-9.0(Pie)+23-28normalUSE_FULL_SCREEN_INTENT10.0(Q)29normalVIBRATE1.0(Base)1normalWAKE_LOCK1.0(Base)1normalWRITE_SYNC_SETTINGS1.0(Base)1normal
2.危险权限
危险权限也叫运行时权限,Protection Level为dangerous,跟普通权限相反,一旦应用获取了该类权限,用户的隐私数据就会面临被泄露或篡改的风险,所以如果你想使用该权限保护的数据或操作,就必须在AndroidManifest.xml中静态地声明需要用到的危险权限,并在访问这些数据或操作前动态的申请权限,系统就会弹出一个权限请求弹窗征求用户的同意,除非用户同意该权限,否则你不能使用该权限保护的数据或操作。 所有的危险权限都有对应的权限组,android预定义了15个权限组(根据android 14总结),这15个权限组中包含了41个危险权限和几个普通权限,当我们动态的申请某个危险权限时,都是按权限组申请的,当用户一旦同意授权该危险权限,那么该权限所对应的权限组中的其他在AndroidManifest.xml中注册的权限也会同时被授权,android预定义的15个权限组包含的危险权限如下:
权限组名引入版本API权限引入版本APIACTIVITY_RECOGNITION(识别用户活动)10.0(Q)29ACTIVITY_RECOGNITION10.0(Q)29CALENDAR(日历)4.2(Jelly Bean)17READ_CALENDAR1.0(Base)1WRITE_CALENDAR1.0(Base)1CALL_LOG(通话记录)9.0(Pie)28PROCESS_OUTGOING_CALLS1.0(Base)+10.0(Q)-1+ 29-READ_CALL_LOG4.1(Jelly Bean)16WRITE_CALL_LOG4.1(Jelly Bean)16CAMERA(相机)4.2(Jelly Bean)17CAMERA1.0(Base)1CONTACTS(联系人)6.0(Marshmallow)23READ_CONTACTS1.0(Base)1GET_ACCOUNTS1.0(Base)1WRITE_CONTACTS1.0(Base)1LOCATION(位置)1.0(Base)1ACCESS_BACKGROUND_LOCATION10.0(Q)29ACCESS_COARSE_LOCATION1.0(Base)1ACCESS_FINE_LOCATION1.0(Base)1MICROPHONE(麦克风)4.2(Jelly Bean)17RECORD_AUDIO1.0(Base)1NEARBY_DEVICES(附近的蓝牙设备)12.0(S)31BLUETOOTH_ADVERTISE12.0(S)31BLUETOOTH_CONNECT12.0(S)31BLUETOOTH_SCAN12.0(S)31NOTIFICATIONS(通知)13.0(Tiramisu)33POST_NOTIFICATIONS13.0(Tiramisu)33PHONE(手机)6.0(Marshmallow)23ACCEPT_HANDOVER9.0(Pie)28ADD_VOICEMAIL4.0(IceCreamSandwich)14ANSWER_PHONE_CALLS8.0(Oreo)26CALL_PHONE1.0(Base)1READ_PHONE_NUMBERS8.0(Oreo)26READ_PHONE_STATE1.0(Base)1USE_SIP2.3(Gingerbread)9READ_MEDIA_AURAL(读取音频)13.0(Tiramisu)33READ_MEDIA_VISUAL(读取图像和视频)13.0(Tiramisu)33SENSORS(传感器)6.0(Marshmallow)23BODY_SENSORS4.4W(KitKat Wear)20BODY_SENSORS_BACKGROUND13.0(Tiramisu)33SMS(短信)6.0(Marshmallow)23READ_SMS1.0(Base)1RECEIVE_MMS1.0(Base)1RECEIVE_SMS1.0(Base)1RECEIVE_WAP_PUSH1.0(Base)1SEND_SMS1.0(Base)1STORAGE(存储卡)1.6(Donut)4READ_EXTERNAL_STORAGE4.1(Jelly Bean)16READ_MEDIA_AUDIO13.0(Tiramisu)33READ_MEDIA_IMAGES13.0(Tiramisu)33READ_MEDIA_VIDEO13.0(Tiramisu)33READ_MEDIA_VISUAL_USER_SELECTED14.034WRITE_EXTERNAL_STORAGE1.6(Donut)4无ACCESS_MEDIA_LOCATION10.0(Q)29NEARBY_WIFI_DEVICES13.0(Tiramisu)33UWB_RANGING12.0(S)31
3.特殊权限
特殊权限用于保护一些特定的应用程序操作,Protection Level为appop(应用操作)、installer(安装程序)、role(职责)、privileged(特权)、signature(签名)等。
· 应用操作
Protection Level为appop,使用前也需要在AndroidManifest.xml中静态地声明,也需要动态的申请,但是它不同于危险权限的申请,危险权限的申请会弹出一个对话框询问你是否同意,而此权限的申请需要跳转到指定的设置界面,让你手动点击toggle按钮确认是否同意
· 签名权限
Protection Level为signature,只对拥有相同签名的应用开放,它也不需要动态申请,例如应用A在AndroidManifest.xml中自定义了一个permission且在权限标签中加入android:protectionLevel=”signature”,表示应用A声明了一个签名权限,那么应用B想要访问应用A受该权限保护的数据时,必须要在AndroidManifest.xml中声明该权限,同时要用与应用A相同的签名打包,这样系统在应用B安装时才会自动地授予应用B该权限,应用B在获得授权后就可以访问该权限控制的数据,其他应用即使知道这个权限,也在AndroidManifest.xml中声明了该权限,但由于应用签名不同,安装时系统不会授予它该权限,这样其他应用就无法访问受该权限保护的数据。 还有一些签名权限不会供第三方应用程序使用,只会供系统预装应用使用,这种签名权限的Protection Level为signature和privileged。
· 特殊权限明细
以下列出所有特殊权限(按照appop、installer、role、privileged、signature顺序列出)
权限引入版本APIProtection LevelFOREGROUND_SERVICE_SPECIAL_USE14.034normal|appop|instantINSTANT_APP_FOREGROUND_SERVICE8.0(Oreo)26signature|development|instant|appopLOADER_USAGE_STATS11.0(R)30signature|privileged|appopMANAGE_EXTERNAL_STORAGE11.0(R)30signature|appop|preinstalledMANAGE_MEDIA12.0(S)31signature|appop|preinstalledMANAGE_ONGOING_CALLS12.0(S)31signature|appopPACKAGE_USAGE_STATS6.0(Marshmallow)23signature|privileged|development|appop|retailDemoSCHEDULE_EXACT_ALARM12.0(S)31signature|privileged|appopSMS_FINANCIAL_TRANSACTIONS10.0(Q)+12.0(S)-29+31-signature|appopSYSTEM_ALERT_WINDOW1.0(Base)1signature|setup|appop|installer|pre23|developmentUSE_ICC_AUTH_WITH_DEVICE_IDENTIFIER12.0(S)31signature|appopWRITE_SETTINGS1.0(Base)1signature|preinstalled|appop|pre23START_VIEW_APP_FEATURES13.0(Tiramisu)33signature|installerinstallerSTART_VIEW_PERMISSION_USAGE10.0(Q)29signature|installerPROVIDE_REMOTE_CREDENTIALS14.034signature|privileged|roleREAD_VOICEMAIL5.0(Lollipop)21signature|privileged|roleWRITE_VOICEMAIL5.0(Lollipop)21signature|privileged|roleEXECUTE_APP_ACTION14.034internal|roleLAUNCH_CAPTURE_CONTENT_ACTIVITY_FOR_NOTE14.034internal|roleMANAGE_DEVICE_LOCK_STATE14.034internal|rolePROVIDE_OWN_AUTOFILL_SUGGESTIONS14.034internal|roleSUBSCRIBE_TO_KEYGUARD_LOCKED_STATE13.0(Tiramisu)33signature|roleSUBSCRIBE_TO_KEYGUARD_LOCKED_STATE13.0(Tiramisu)33signature|roleREAD_ASSISTANT_APP_SEARCH_DATA13.0(Tiramisu)33roleREAD_HOME_APP_SEARCH_DATA13.0(Tiramisu)33roleBATTERY_STATS1.0(Base)1signature|privileged|developmentCHANGE_CONFIGURATION1.0(Base)1signature|privileged|developmentBIND_CALL_REDIRECTION_SERVICE10.0(Q)29signature|privilegedBIND_CARRIER_SERVICES6.0(Marshmallow)23signature|privilegedBIND_INCALL_SERVICE6.0(Marshmallow)23signature|privilegedBIND_REMOTEVIEWS3.0(Honeycomb)11signature|privilegedBIND_SCREENING_SERVICE7.0(Nougat)24signature|privilegedBIND_TELECOM_CONNECTION_SERVICE6.0(Marshmallow)23signature|privilegedBIND_TV_INPUT5.0(Lollipop)21signature|privilegedBIND_TV_INTERACTIVE_APP13.0(Tiramisu)33signature|privilegedBIND_VISUAL_VOICEMAIL_SERVICE8.0(Oreo)26signature|privilegedBIND_WALLPAPER2.2(Froyo)8signature|privilegedCLEAR_APP_CACHE1.0(Base)1signature|privilegedDELETE_CACHE_FILES1.0(Base)1signature|privilegedGET_ACCOUNTS_PRIVILEGED6.0(Marshmallow)23signature|privilegedGLOBAL_SEARCH1.6(Donut)4signature|privilegedBLUETOOTH_PRIVILEGED4.4(KitKat)19privilegedCALL_PRIVILEGED1.0(Base)1privilegedMANAGE_WIFI_NETWORK_SELECTION13.0(Tiramisu)33privilegedSTART_FOREGROUND_SERVICES_FROM_BACKGROUND12.0(S)31privilegedBIND_ACCESSIBILITY_SERVICE4.1(Jelly Bean)16signatureBIND_AUTOFILL_SERVICE8.0(Oreo)26signatureBIND_CARRIER_MESSAGING_CLIENT_SERVICE10.0(Q)29signatureBIND_CHOOSER_TARGET_SERVICE6.0(Marshmallow)+11.0(R)-23+30-signatureBIND_CONDITION_PROVIDER_SERVICE7.0(Nougat)24signatureBIND_CREDENTIAL_PROVIDER_SERVICE14.034signatureBIND_DEVICE_ADMIN2.2(Froyo)8signatureBIND_DREAM_SERVICE5.0(Lollipop)21signatureBIND_INPUT_METHOD1.5(Cupcake)3signatureBIND_MIDI_DEVICE_SERVICE6.0(Marshmallow)23signatureBIND_NFC_SERVICE4.4(KitKat)19signatureBIND_NOTIFICATION_LISTENER_SERVICE4.3(Jelly Bean)18signatureBIND_PRINT_SERVICE4.4(KitKat)19signatureBIND_QUICK_ACCESS_WALLET_SERVICE11.0(R)30signatureBIND_TEXT_SERVICE4.0(IceCreamSandwich)14signatureBIND_VOICE_INTERACTION5.0(Lollipop)21signatureBIND_VPN_SERVICE4.0(IceCreamSandwich)14signatureBIND_VR_LISTENER_SERVICE7.0(Nougat)24signatureREQUEST_INSTALL_PACKAGES6.0(Marshmallow)23signature