Permissions are the focus of this chapter. They are an integral part of an Android application and almost all application developers and users will encounter them at one time or the other. As we discussed in Chapter 1, Android Security Model – the Big Picture, install time application review is the most important security gate. This step is an all or nothing decision by the user; a user either accepts all the listed permissions or declines to download the app. So, as a user of an Android phone, it is important to understand permissions to make prudent decisions about which application to install. Permissions form the basis for securing components and protecting user data.

This chapter begins with an introduction of an existing permission in the Android system. We discuss the four permission protection levels namely Normal, Dangerous, Signature, and SignatureOrSystem. Then, we will discuss about how to secure an application and its components using permissions. Next, we learn how to extend the permission model by adding user defined permissions. This section will discuss permission groups, permission trees, and the syntax to create a new permission in the manifest file.