android 6.0 sdk出来了,码农们有何看法
发布网友
发布时间:2022-05-29 05:29
共2个回答
热心网友
时间:2023-10-06 07:04
For example, suppose an app lists in its manifest that it needs the SEND_SMS and RECEIVE_SMS permissions, which both belong to android.permission-group.SMS. When the app needs to send a message, it requests the SEND_SMS permission. The system shows the user a dialog box asking if the app can have access to SMS. If the user agrees, the system grants the app the SEND_SMS permission it requested. Later, the app requestsRECEIVE_SMS. The system automatically grants this permission, since the user had already approved a permission in the same permission group.
要允许app发短信,就得自动允许它收短信。感觉不太对吧...
android.permission-group.STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
读写sd卡也在一组。要想用某个app查看sd卡上一个文件,就必须允许它读你全部的照片,修改你sd卡上任何文件...
总的来说,Android权限系统的设计者要么没怎么读过capability-based security的文献,要么基本无视了最小权限原则(principle of least privilege)。就像是boss只吩咐了一句“要使用capability-based security”,然后下面的人搞了个徒具其形,有所有的麻烦而基本没有获得安全的权限系统。
If an app does not target the M Developer Preview, the app continues to use the old permissions model even on M Preview devices. When the user installs the app, the system asks the user to grant all permissions listed in the app's manifest.
国产流氓app们估计永远不会target 6.0吧...
Note: On devices running the M Developer Preview, a user can turn off permissions for any app (including legacy apps) from the app's Settings screen. If a user turns off permissions for a legacy app, the system silently disables the appropriate functionality. When the app attempts to perform an operation that requires that permission, the operation will not necessarily cause an exception. Instead, it might return an empty data set, signal an error, or otherwise exhibit unexpected behavior. For example, if you query a calendar without permission, the method returns an empty data set.
对于旧app,关闭权限的效果与各种国产ROM,各种管家,Xposed XPrivacy相同。这也是兼容性比较好的方式。
我们再看看系统自动授权的PROTECTION_NORMAL级别有哪些权限:
android.permission.INTERNET
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
和后台启动/广告相关的权限不允许用户关闭(第三方工具一般可以关闭)。这也是Google一贯的态度。
著作权归作者所有。
商业转载请联系作者获得授权,非商业转载请注明出处。
作者:刘缙
热心网友
时间:2023-10-06 07:04
