Android 6 and new privacy related settings

Android version 6, Marshmellow, has adopted a new run-time permission system that is available to the users. Permissions are divided into permission groups and users can modify permissions per application. It is possible to see how many applications are allowed in each group, and what permissions are applicable for each application. Please go to “Settings –> Apps” to find out.

Screenshots

“Permission groups” “Example: Firefox permissions” “3pp App showing more details”

Android6-permission-groups Android6-AppPermission-Firefox Android6-3pp-PermissionExplorer-REBOOT-permission

Links for permission settings:

The following table is from developer pages “Permissions“:

 

Permission Group Permissions
CALENDAR READ_CALENDAR
WRITE_CALENDAR
CAMERA CAMERA
CONTACTS READ_CONTACTS
WRITE_CONTACTS
GET_ACCOUNTS
LOCATION ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION
MICROPHONE RECORD_AUDIO
PHONE READ_PHONE_STATE
CALL_PHONE
READ_CALL_LOG
WRITE_CALL_LOG
ADD_VOICEMAIL
USE_SIP
PROCESS_OUTGOING_CALLS
SENSORS BODY_SENSORS
SMS SEND_SMS
RECEIVE_SMS
READ_SMS
RECEIVE_WAP_PUSH
RECEIVE_MMS
STORAGE READ_EXTERNAL_STORAGE
WRITE_EXTERNAL_STORAGE

More details from “Application security: Permission model“:

permissions check

  • These resources are only accessible through the operating system.
  • The user can not grant or deny individual permissions — the user must grant or deny all of the requested permissions as a block.
  • applications that are included in the core operating system or bundled by an OEM do not request permissions from the user

More details from developer docs:

Security: Permissions

Normal permissions cover areas where your app needs to access data or resources outside the app’s sandbox, but where there’s very little risk to the user’s privacy or the operation of other apps.

Dangerous permissions cover areas where the app wants data or resources that involve the user’s private information, or could potentially affect the user’s stored data or the operation of other apps

For a list of normal permissions, see here. For a full list of permissions, please see Manifest.permission.

Permission element, PermissionInfo, protectionLevel

When looking the developers docs, the real story is more complex. For example, there is a full list of protection levels defined as

  • normal
  • dangerous
  • signature
  • signatureOrSystem
  • privileged
  • system
  • development
  • appop
  • pre23
  • installer
  • verifier
  • preinstalled

Other related

  • Assist application has many permissions, but can be turned off. (See Apps–>Default Apps–>”Assist & voice input”)
  • “Ok Google” voice recognition can be turned off. (Deny access to microphone).
  • Permission Explorer is quite handy to browse through permissions.

Summary

It is great that there are more controls for the user. This is significant improvement for many users. In addition, there are several related configurations spread around the settings tool, and one would need to go through all possible settings. For example, one have to select “Show system” option inside “Microphone permissions” under “App Permissions” to see also the system applications, and not only the ones that you have installed yourself…

If privacy is your concern, then this improvement does not guarantee that you would have full control.

Additional “on device” alternative for the privacy

There are some additional steps that one can do.

  • Use only local calendar. (Can be created by MyPhoneExplorer)
  • Use only local account for Contacts. (Can be created by MyLocalAccount)
  • Use local firewall to block unwanted traffic. (Can be done with NoRoot Firewall, creates a local VPN to filter traffic)
  • Turn off GPS, and/or data traffic when not needed

Please note that email clients/solution have not been included here. Those should be evaluated case by case.

This entry was posted in Android, Privacy, Protection, Recommended Android Applications, Security Management, Security Training, Awareness and Reports, Tips. Bookmark the permalink.

Comments are closed.