{"id":1871,"date":"2016-03-27T10:57:01","date_gmt":"2016-03-27T07:57:01","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=1871"},"modified":"2016-03-27T11:00:36","modified_gmt":"2016-03-27T08:00:36","slug":"android-6-and-new-privacy-related-settings","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=1871","title":{"rendered":"Android 6 and new privacy related settings"},"content":{"rendered":"<p>Android version <a href=\"https:\/\/www.android.com\/versions\/marshmallow-6-0\/\">6<\/a>, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Android_Marshmallow\">Marshmellow<\/a>, has adopted a new run-time permission system that is available to the users. Permissions are divided into permission groups and users can modify permissions per application. It is possible to see how many applications are allowed in each group, and what permissions are applicable for each application. Please go to &#8220;Settings &#8211;&gt; Apps&#8221; to find out.<\/p>\n<p>Screenshots<\/p>\n<p>&#8220;Permission groups&#8221; &#8220;Example: Firefox permissions&#8221; &#8220;3pp App showing more details&#8221;<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2016\/03\/android6-permission-groups.jpg\"><img loading=\"lazy\" alt=\"Android6-permission-groups\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2016\/03\/android6-permission-groups-small.jpg\" width=\"180\" height=\"316\" \/><\/a> <a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2016\/03\/android6-apppermission-firefox.jpg\"><img loading=\"lazy\" alt=\"Android6-AppPermission-Firefox\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2016\/03\/android6-apppermission-firefox-small.jpg\" width=\"180\" height=\"319\" \/><\/a> <a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2016\/03\/android6-3pp-permissionexplorer-reboot-permission.jpg\"><img loading=\"lazy\" alt=\"Android6-3pp-PermissionExplorer-REBOOT-permission\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2016\/03\/android6-3pp-permissionexplorer-reboot-permission-small.jpg\" width=\"180\" height=\"319\" \/><\/a><\/p>\n<p>Links for permission settings:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.howtogeek.com\/230683\/how-to-manage-app-permissions-on-android-6.0\/\">How to Manage App Permissions on Android 6.0<\/a><\/li>\n<li>Android 6.0 Marshmallow, thoroughly reviewed: <a href=\"http:\/\/arstechnica.com\/gadgets\/2015\/10\/android-6-0-marshmallow-thoroughly-reviewed\/5\/\">Permissions<\/a>, <a href=\"http:\/\/arstechnica.com\/gadgets\/2015\/10\/android-6-0-marshmallow-thoroughly-reviewed\/3\/#h1\">Google Now on Tap<\/a><\/li>\n<li>\n<p><a href=\"http:\/\/www.androidcentral.com\/android-60-marshmallow-review?pg=5#content\">Android 6.0 Review: Security and privacy<\/a><\/p>\n<\/li>\n<li>\n<p>Android <a href=\"https:\/\/source.android.com\/security\/index.html\">software stack<\/a><\/p>\n<\/li>\n<\/ul>\n<p>The following table is from developer pages &#8220;<a href=\"http:\/\/developer.android.com\/guide\/topics\/security\/permissions.html\">Permissions<\/a>&#8220;:<\/p>\n<blockquote>\n<p>&nbsp;<\/p>\n<table border=\"1\">\n<tr>\n<th scope=\"col\">Permission Group<\/th>\n<th scope=\"col\">Permissions<\/th>\n<\/tr>\n<tr>\n<td><code>CALENDAR<\/code><\/td>\n<td><code>READ_CALENDAR<br \/>\nWRITE_CALENDAR<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>CAMERA<\/code><\/td>\n<td><code>CAMERA<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>CONTACTS<\/code><\/td>\n<td><code>READ_CONTACTS<br \/>\nWRITE_CONTACTS<br \/>\nGET_ACCOUNTS<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>LOCATION<\/code><\/td>\n<td><code>ACCESS_FINE_LOCATION<br \/>\nACCESS_COARSE_LOCATION<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>MICROPHONE<\/code><\/td>\n<td><code>RECORD_AUDIO<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>PHONE<\/code><\/td>\n<td><code>READ_PHONE_STATE<br \/>\nCALL_PHONE<br \/>\nREAD_CALL_LOG<br \/>\nWRITE_CALL_LOG<br \/>\nADD_VOICEMAIL<br \/>\nUSE_SIP<br \/>\nPROCESS_OUTGOING_CALLS<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>SENSORS<\/code><\/td>\n<td><code>BODY_SENSORS<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>SMS<\/code><\/td>\n<td><code>SEND_SMS<br \/>\nRECEIVE_SMS<br \/>\nREAD_SMS<br \/>\nRECEIVE_WAP_PUSH<br \/>\nRECEIVE_MMS<\/code><\/td>\n<\/tr>\n<tr>\n<td><code>STORAGE<\/code><\/td>\n<td><code>READ_EXTERNAL_STORAGE<br \/>\nWRITE_EXTERNAL_STORAGE<\/code><\/td>\n<\/tr>\n<\/table>\n<\/blockquote>\n<p><\/p>\n<p><strong>More details from &#8220;<\/strong><a href=\"https:\/\/source.android.com\/security\/overview\/app-security.html#the-android-permission-model-accessing-protected-apis\"><strong>Application security: Permission model<\/strong><\/a><strong>&#8220;:<\/strong><\/p>\n<blockquote>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2016\/03\/permissions_check.png\"><img loading=\"lazy\" alt=\"permissions check\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2016\/03\/permissions_check-small.png\" width=\"300\" height=\"116\" \/><\/a><\/p>\n<\/blockquote>\n<ul>\n<li>These resources are only accessible through the operating system.<\/li>\n<li>The user can not grant or deny individual permissions &#8212; the user must grant or deny all of the requested permissions as a block.<\/li>\n<li>applications that are included in the core operating system or bundled by an OEM do not request permissions from the user<\/li>\n<\/ul>\n<p><strong>More details from developer docs:<\/strong><\/p>\n<p><a href=\"http:\/\/developer.android.com\/guide\/topics\/security\/permissions.html\">Security: Permissions<\/a><\/p>\n<blockquote>\n<p><strong>Normal permissions<\/strong> cover areas where your app needs to access data or resources outside the app&#8217;s sandbox, but where there&#8217;s very little risk to the user&#8217;s privacy or the operation of other apps.<\/p>\n<p><strong>Dangerous permissions<\/strong> cover areas where the app wants data or resources that involve the user&#8217;s private information, or could potentially affect the user&#8217;s stored data or the operation of other apps<\/p>\n<\/blockquote>\n<p>For a list of normal permissions, see <a href=\"http:\/\/developer.android.com\/guide\/topics\/security\/normal-permissions.html\">here<\/a>. For a full list of permissions, please see <a href=\"http:\/\/developer.android.com\/reference\/android\/Manifest.permission.html\">Manifest.permission<\/a>.<\/p>\n<p><a href=\"http:\/\/developer.android.com\/guide\/topics\/manifest\/permission-element.html\">Permission element<\/a>, <a href=\"http:\/\/developer.android.com\/reference\/android\/content\/pm\/PermissionInfo.html\">PermissionInfo<\/a>, <a href=\"http:\/\/developer.android.com\/reference\/android\/R.attr.html#protectionLevel\">protectionLevel<\/a><\/p>\n<p>When looking the developers docs, the real story is more complex. For example, there is a full list of protection levels defined as<\/p>\n<div style=\"margin-left: 2em\">\n<ul>\n<li>normal<\/li>\n<li>dangerous<\/li>\n<li>signature<\/li>\n<li>signatureOrSystem<\/li>\n<li>privileged<\/li>\n<li>system<\/li>\n<li>development<\/li>\n<li>appop<\/li>\n<li>pre23<\/li>\n<li>installer<\/li>\n<li>verifier<\/li>\n<li>preinstalled<\/li>\n<\/ul>\n<\/div>\n<p><strong>Other related<\/strong><\/p>\n<ul>\n<li>Assist application has many permissions, but can be turned off. (See Apps&#8211;&gt;Default Apps&#8211;&gt;&#8221;Assist &amp; voice input&#8221;)<\/li>\n<li>&#8220;Ok Google&#8221; voice recognition can be turned off. (Deny access to microphone).<\/li>\n<li><a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.carlocriniti.android.permission_explorer&amp;hl=en\">Permission Explorer<\/a> is quite handy to browse through permissions.<\/li>\n<\/ul>\n<p><strong>Summary<\/strong><\/p>\n<p>It is great that there are more controls for the user. This is significant improvement for many users. In addition, there are several related configurations spread around the settings tool, and one would need to go through all possible settings. For example, one have to select &#8220;Show system&#8221; option inside &#8220;Microphone permissions&#8221; under &#8220;App Permissions&#8221; to see also the system applications, and not only the ones that you have installed yourself&#8230;<\/p>\n<p>If privacy is your concern, then this improvement does not guarantee that you would have full control.<\/p>\n<p><strong>Additional &#8220;on device&#8221; alternative for the privacy<\/strong><\/p>\n<p>There are some additional steps that one can do.<\/p>\n<ul>\n<li>Use only local calendar. (Can be created by <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.fjsoft.myphoneexplorer.client&amp;hl=en\">MyPhoneExplorer<\/a>)<\/li>\n<li>Use only local account for Contacts. (Can be created by <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.fjsoft.mylocalaccount&amp;hl=en\">MyLocalAccount<\/a>)<\/li>\n<li>Use local firewall to block unwanted traffic. (Can be done with <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=app.greyshirts.firewall&amp;hl=en\">NoRoot Firewall<\/a>, creates a local VPN to filter traffic)<\/li>\n<li>Turn off GPS, and\/or data traffic when not needed<\/li>\n<\/ul>\n<p>Please note that email clients\/solution have not been included here. Those should be evaluated case by case.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Android version 6, Marshmellow, has adopted a new run-time permission system that is available to the users. Permissions are divided into permission groups and users can modify permissions per application. It is possible to see how many applications are allowed &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=1871\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[9,3,11,22,32,44,10],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/1871"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1871"}],"version-history":[{"count":1,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/1871\/revisions"}],"predecessor-version":[{"id":1872,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/1871\/revisions\/1872"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}