As a matter of fact, protecting the privacy of users in using Android apps is an extremely vital issue. Google has mentioned that the main goal is to give users more transparency and control to their own personal information, which is being used by Android applications. Therefore, Android permissions play a significant role in this area. This essay aims to discuss some new features and best practices in Android permissions.

事实上,在使用Android应用程序时保护用户的隐私是极为重要的问题。 Google提到,主要目标是使用户对自己的个人信息具有更高的透明度和控制力,这些信息已被Android应用程序使用。 因此,Android权限在这一领域起着重要作用。 本文旨在讨论Android权限中的一些新功能和最佳做法。

(Introduction and Overview)

As you know, the purpose of a permission is protecting the privacy of an Android user. Android apps must request permission to access sensitive user data such as contacts and SMS, as well as some system features such as camera and internet. Depending on the feature, the system might grant the permission automatically, or might prompt the user to approve the request. By default, a central design point of the Android security architecture is that no application has permission to perform any operations that would adversely impact other Android apps, the Operating System, or the user. This could be included reading or writing the user’s private data such as contacts or emails, reading or writing another app’s files, performing network access, and keeping the device awake.

如您所知, 权限的目的是保护Android用户的隐私。 Android应用必须请求权限才能访问敏感的用户数据(例如联系人和SMS)以及某些系统功能(例如相机和互联网)。 根据功能的不同,系统可能会自动授予权限,或者可能提示用户批准请求。 默认情况下,Android安全体系结构的中心设计要点是没有应用程序有权执行任何会对其他Android应用程序,操作系统或用户产生不利影响的操作。 这可能包括读取或写入用户的私人数据(如联系人或电子邮件),读取或写入其他应用程序的文件,执行网络访问以及使设备保持唤醒状态。

On all versions of Android, to declare that your app needs a permission, put a <uses-permission> element in your app manifest, as a child of the top-level <manifest> element.

在所有版本的Android上,要声明您的应用需要权限,请在应用清单中放入<uses-permission>元素,作为顶级<manifest>元素的子元素。

The system’s behavior after you declare a permission depends on how sensitive the permission is. Some permissions are considered “normal” so the system immediately grants them upon installation. Other permissions are considered “dangerous” so the user must explicitly grant your app access.

声明许可后,系统的行为取决于许可的敏感程度。 一些权限被认为是“正常”的,因此系统在安装后立即授予它们。 其他权限被视为“危险”,因此用户必须明确授予您的应用访问权限。

On Android, Google has mentioned that the goal is to give users more transparency and control to their own personal information, which is being used by applications. To achieve the goal, Google has been working on Android permission to evolve and become it much more private. In Android 10, Google introduced over 50 privacy features, made it much more privacy-friendly release to use. For instance, some new features in Android for having much more privacy-friendly environment could be:

Google在Android上提到,其目标是使用户对自己的个人信息(应用程序正在使用的信息)具有更高的透明度和控制权。 为了实现这一目标,Google一直在研究Android许可以发展并变得更加私有。 在Android 10中,Google引入了50多种隐私功能,使其使用起来更加隐私友好。 例如,Android中具有更多隐私友好环境的一些新功能可能是:

  1. Privacy and location top-level settings menu.

2. Introducing more granular location and adding background location reminders.

2.引入更详细的位置并添加背景位置提醒。

3. Activity recognition for a dangerous runtime permission.

3.活动识别具有危险的运行时权限。

4. Restricting access to on-device screen content

4.限制对设备屏幕内容的访问

5. Restricting access to dangerous hardware IDs.

5.限制访问危险的硬件ID。

6. Randomizing MAC address by default.

6.默认情况下,随机化MAC地址。

7. Restricting background activities launching from background.

7.限制从后台启动的后台活动。

8. Restricting access to background mic and camera.

8.限制访问背景麦克风和摄像头。

These are some of the changes that Google has made to Android recently; however, in this essay, just only permissions will be reviewed.

这些是Google最近对Android所做的一些更改; 但是,在本文中,仅会审查权限。

(Types of location access)

Android’s location permissions face the following categories of location access:

Android的位置权限面临以下位置访问类别:

The Operating System considers your Android app to be using foreground location if a feature of your app accesses the device’s current location in one of the following cases:

如果在以下情况之一下,如果您的应用程序的某个功能访问了设备的当前位置,则操作系统会认为您的Android应用程序正在使用前台位置

  1. An activity that belongs to your app is visible.

2. Your application is running a foreground service.

2.您的应用程序正在运行前台服务。

Besides, it is recommended that you should declare a foreground service type of location. On Android 10, you have to indicate this foreground service type as follows:

此外,建议您声明位置的前台服务类型。 在Android 10上,您必须按如下所示指示此前台服务类型:

<service
    android:name="MyNavigationService"android:foregroundServiceType="location" ... >
</service><service
    android:name="MyNavigationService"android:foregroundServiceType="location" ... >
</service>

Also, You must indicate a need for foreground location when your app requests either the ACCESS_COARSE_LOCATION permission or the ACCESS_FINE_LOCATION permission. For instance:

另外,当您的应用请求ACCESS_COARSE_LOCATION权限或ACCESS_FINE_LOCATION权限时,您必须指示需要前台位置。 例如:

<manifest ... >
  <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
  <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
</manifest>

An Android app needs background location access if a feature within the app constantly shares location with other users or uses the Geofencing API. The system considers your app to be using background location if it accesses the device’s current location in any case other than the ones that are mentioned in the foreground location section. In Android 10, you have to indicate the ACCESS_BACKGROUND_LOCATION permission in your app's manifest in order to request background location access at runtime.

如果应用中的某个功能不断与其他用户共享位置或使用Geofencing API,则Android应用需要后台位置访问权限。 如果系统在前台位置部分提到的情况以外的任何情况下访问设备的当前位置,则系统会认为您的应用程序正在使用后台位置。 在Android 10中,您必须在应用的清单中指定ACCESS_BACKGROUND_LOCATION权限,以便在运行时请求后台位置访问。

(Privacy and location)

In Android 10, Google wanted to enhance the user’s understanding of their current privacy configuration. As a result, they added a new top-level privacy setting that links to the permissions management, but also to privacy-related information, such as their web activity and their ad settings. Another privacy-related settings is the location setting, In the location settings, you can be able to find which app recently used your locations, but also location proxies, such as Bluetooth and Wi-Fi. Now, users are very sensitive about sharing location data; therefore, hence in Android 10, we allowed the users to choose if they share their location data all the time or only while using the app. Some use cases could be:

在Android 10中,Google希望增强用户对其当前隐私配置的了解。 结果,他们添加了一个新的顶级隐私设置,该设置不仅可以链接到权限管理,还可以链接到与隐私相关的信息,例如其网络活动和广告设置。 另一个与隐私相关的设置是位置设置。在位置设置中,您可以找到哪个应用最近使用了您的位置,还可以找到位置代理,例如蓝牙和Wi-Fi。 现在,用户对共享位置数据非常敏感。 因此,因此,在Android 10中,我们允许用户选择是否始终或仅在使用应用程序时共享位置数据。 一些用例可能是:

If the app wants to tag a photo or tag a social media post with location, the user clearly knows it is using the app, and knows how location is used. If the app provides navigation, the user probably select to temporarily use a various apps. In this case, we need the app to show a notification to remind the user that your navigation component is still using location data.

如果该应用程序想要标记照片或使用位置标记社交媒体帖子,则用户清楚地知道它正在使用该应用程序,并且知道如何使用位置。 如果该应用程序提供导航,则用户可能选择临时使用各种应用程序。 在这种情况下,我们需要该应用显示通知以提醒用户您的导航组件仍在使用位置数据。

As you know, the background location use cases should become quite rare. Even if the app has a background location feature, the user might still be uncomfortable with sharing their location all the time with this application, and user might deny the access. Implementation-wise, if your feature requires background location access, you have to add an additional permission, that is called modifier permission in your manifest. And this permission is a runtime permission. And once it is granted, it grants background access to the additional foreground. So, this means, in this case, Coarse or Fine location.

如您所知, 背景位置用例应该变得非常罕见。 即使该应用程序具有后台定位功能,用户仍可能始终不满意与该应用程序始终共享其位置,并且用户可能会拒绝访问。 在实现方面,如果您的功能需要后台位置访问,则必须添加一个附加权限,即清单中的修饰符权限。 而且此权限是运行时权限。 一旦被授予,它将授予对其他前景的后台访问权限。 因此,在这种情况下,这意味着粗略或精细位置。

<manifest ... >
  <uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
</manifest>

As you can see, the background location something very unique. If your app is accessing location in the background, the Android OS will eventually show a notification reminder user that user has the choice to deny background access.

如您所见,背景位置非常独特。 如果您的应用正在后台访问位置,则Android操作系统最终会向通知提醒用户显示该用户可以选择拒绝后台访问的通知。

(Activity recognition)

In Android 9 and before, activity recognition was not considered user sensitive. However, in Android 10, Google has considered it user sensitive. Android 10 introduced the android.permission.ACTIVITY_RECOGNITION runtime permission for Android apps, which need to identify the user's step count or classify the user's physical activity, such as walking, biking, or moving in a vehicle. This is designed to give users visibility of how device sensor data is used in Settings. In addition, some libraries within Google Play services provide this permission, such as the Activity Recognition API and the Google Fit API.

在Android 9及更低版本中,活动识别不被认为是用户敏感的。 但是,在Android 10中,Google认为它对用户敏感。 Android 10为Android应用程序引入了android.permission.ACTIVITY_RECOGNITION运行时权限,该权限需要标识用户的步数或对用户的身体活动(例如步行,骑自行车或在车辆中移动)进行分类。 旨在使用户了解设置中如何使用设备传感器数据。 此外,Google Play服务中的某些库提供了此权限,例如活动识别APIGoogle Fit API

(Screen content and screen recording)

This feature can restrict access to on device screen content. In fact, access the device’s screen contents require use the MediaProjectionManager API, which displays a prompt asking the user to provide consent.Screen recording is another very sensitive topic for the user. Hence we enforce user consent by requiring all apps to go through the MediaProjectionManager API. Therefore, to use this feature, you have to create a foreground service with a specific type. Then you start the foreground service. Once the foreground service is connected, you start the consent activity. The user can then say yes or no. Once a user says yes, you start the projection.

此功能可以限制对设备屏幕内容的访问。 实际上,访问设备的屏幕内容需要使用MediaProjectionManager API ,该API会显示一个提示,要求用户提供同意。屏幕记录是用户另一个非常敏感的主题。 因此,我们通过要求所有应用都通过MediaProjectionManager API来执行用户同意。 因此,要使用此功能,必须创建具有特定类型的前台服务。 然后,您启动前台服务。 连接前台服务后,您将启动同意活动。 然后,用户可以说是或否。 一旦用户说是,就开始投影。

(Some best practices for using permissions in Android development)

Basically, Google has recently considered this important point that just only 18% of users allow every permission on their devices. As a result, developers should follow some best practices for engaging users to their apps. For example:

基本上,Google最近考虑了这一重要点,只有18%的用户允许其设备上的所有权限。 因此,开发人员应遵循一些最佳做法来吸引用户使用他们的应用程序。 例如:

  1. Requesting the minimum permissions that your feature needs.
  2. Paying attention to your permissions required by libraries because your users do not distinguish between the data that your app is using and the third party SDKs.
  3. Minimizing the use of location, particularly background location.
  4. Requesting permissions in context for the use case
  5. Being transparent about the data that you are using. Let your users know why need access to that data.

(The new permission features in Android 11)

At the moment, the latest version is Android 11 that is released by Google as a Beta version in August 6, 2020. Initially, Android 11 gives users the ability to specify more granular permissions for location, microphone, and camera. Also, the system resets the permissions of unused apps that target Android 11, and apps might require to update the permissions that they declare if they use the system alert window, or read information related to phone numbers. To be more specific, the changes have been mentioned as follows:

目前,最新版本是2020年8月6日由Google作为Beta版发布的Android11。最初,Android 11使用户能够为位置,麦克风和摄像头指定更精细的权限。 此外,系统会重置针对Android 11的未使用应用程序的权限,如果应用程序使用系统警报窗口或读取与电话号码相关的信息,则它们可能需要更新其声明的权限。 更具体地说,已提及的更改如下:

  1. Whenever your app requests a permission related to location, microphone, or camera, the user-facing permissions dialog includes an option that is called Only this time. If the user chooses this option in the dialog, your Android app is granted a temporary one-time permission.
    每当您的应用请求与位置,麦克风或摄像头相关的权限时,面向用户的权限对话框都会包含一个名为Only this time的选项。 如果用户在对话框中选择此选项,则会为您的Android应用授予临时的一次性权限
  2. If your app targets Android 11 and is not used for a few months, the system protects user data by automatically resetting the sensitive runtime permissions that the user had granted your app.
  3. If your app targets Android 11 and also requires to access the phone number APIs shown in the following list, you have to request the READ_PHONE_NUMBERS permission instead of the READ_PHONE_STATE permission.
    如果您的应用程序以Android 11为目标,并且还需要访问以下列表中显示的电话号码API,则您必须请求READ_PHONE_NUMBERS权限,而不是READ_PHONE_STATE权限。
  4. In the latest version, there are some changes to how apps are granted the SYSTEM_ALERT_WINDOW permission. These changes are wanted to protect users by making the permission grant more intentional.
    在最新版本中,对向应用程序授予SYSTEM_ALERT_WINDOW权限的方式进行了一些更改。 希望通过使许可授予更有针对性来保护用户,以保护这些用户。

(In conclusion)

Basically, the purpose of a permission is protecting the privacy of an Android user. Android apps must request permission to access sensitive user data such as contacts and SMS, as well as some system features such as camera and internet. This essay considered some new features and best practices in Android permissions.

基本上, 权限的目的是保护Android用户的隐私。 Android应用必须请求权限才能访问敏感的用户数据(例如联系人和SMS)以及某些系统功能(例如相机和互联网)。 本文考虑了Android权限中的一些新功能和最佳做法。



翻译自: https://medium.com/kayvan-kaseb/the-new-features-in-android-permission-31e2ae850c82