This will fall on deaf ears, but at Symbian we came up with what I think is a better way of dividing things up: <a href="http://williamedwardscoder.tumblr.com/post/13316924653/better-permissions-in-android" rel="nofollow">http://williamedwardscoder.tumblr.com/post/13316924653/bette...</a>
> android.permission.WRITE_MEDIA_STORAGE<p>Oh how what a mess the intro of this one was.<p>Over night Android went from a potential production platform to a straight media consumption platform, as now only system apps could write to removable storage.
The first thing I do when I start a new Android app project is copy and paste this list-of-all-permissions into the project. This way I don't have to deal with any of the permissions related stuff until I have a working MVP. Once you have a MVP it's pretty easy to pin down the exact list of all the permissions you actually need in one go.<p>On a related note, there's some research[0] into parsing the Android OS source code and coming up with a mapping of "API call => required permission", and by apply this mapping to the source code of your own app the list of required permissions can be generated automatically. What do you guys think of this approach?<p>[0] <a href="http://pscout.csl.toronto.edu/" rel="nofollow">http://pscout.csl.toronto.edu/</a>
I am not sure what the point of this list is ?
Aren't the runtime permissions the only ones we really need to think about going forward ?
We still need to declare the 'normal' permissions, but they will be mostly invisible to the end-user, no ?<p>for reference : <a href="https://developer.android.com/guide/topics/security/permissions.html#normal-dangerous" rel="nofollow">https://developer.android.com/guide/topics/security/permissi...</a><p>The others ones are still there but pretty much an implementation detail now for Marshmallow apps (I know M+ is a tiny market share at the moment, but it will only increase).
Why is this list "all" permissions? It contains non-Google stuff like Amazon permissions, yet not for other platform like Symbol permissions. I'm confused.
Um, why is this worthy of the hackernews front page? Is this not the permissions extracted from the platform manifest with all the useful per-permission information removed? <a href="https://github.com/android/platform_frameworks_base/blob/master/core/res/AndroidManifest.xml" rel="nofollow">https://github.com/android/platform_frameworks_base/blob/mas...</a> is much more useful. Linked to from my repo entry <a href="https://github.com/doridori/Android-Security-Reference/blob/master/permissions/app_framework_perms.md" rel="nofollow">https://github.com/doridori/Android-Security-Reference/blob/...</a>