PHMayBeBasic
Forum Veteran
Permissions A - C
ACCESS_ALL_DOWNLOADS
access all system downloads Network Allows an app to access all downloads in the system via the /all_downloads/ URIs. The protection level could be relaxed in the future to support third-party download managers.
ACCESS_ALL_EXTERNAL_STORAGE
access external storage of all users Development Tools Allows the app to access external storage for all users.
ACCESS_CHECKIN_PROPERTIES
Access check-in properties Location Allows read/write access to the "properties" table in the (Unix security) checkin database, to change values that get uploaded.
ACCESS_COARSE_LOCATION
Approximate location (network-based) Location Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.
This permission is usually used by applications that display location based ads by publishers like Admob (Google).
ACCESS_DOWNLOAD_MANAGER
Access download manager.Network Allows the app to access the download manager and to use it to download files. Malicious apps can use this to disrupt downloads and access private information.
Only accessible by system apps
ACCESS_DOWNLOAD_MANAGER_ADVANCED
Advanced download manager functions.Network Allows the app to access the download manager's advanced functions. Malicious apps can use this to disrupt downloads and access private information.
ACCESS_DRM
Access DRM content Allows application to access DRM-protected content.
ACCESS_FINE_LOCATION
Precise location (GPS and network-based) Location Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.
This permission can be used by applications that display location based ads by publishers like Admob (Google). It is also used by applications that want your exact location. Examples would be Navigation applications, "Check-In" apps like 4square.
ACCESS_LOCATION_EXTRA_COMMANDS
Access extra location provider commands Location good example for poor documentation, as even books on Android application development state: The Android documentation doesn’t tell us which location commands are “extra,” so we’ll ask for all of them.
The documentation of Locus Map gives a hint, though: allows disabling the A-GPS data status and forcing system to load new.
ACCESS_MOCK_LOCATION
mock location sources for testing Location Allows an application to create mock location providers for testing, and is intended for development use in e.g. the Android Emulator (to save the dev from having to run around to check if positions are displayed correctly). Cases where this is needed in an app ready for endusers should be rare.
Requires "Allow mock locations" to be enabled in developer options
ACCESS_NETWORK_STATE
View network connections Network Allows applications to access information about networks, including if a network is available (or just connecting), what type of network the device is connected to, if any (WiFi, 3G, LTE), if it's in Roaming, and also reasons for a failed connection attempt (if any).
Good use: The application may check the state of your connection before trying to access the internet, and e.g. restrict itself to WiFi for some actions.
Bad use: Only in combination with other permissions (e.g. data collection for profiling).
ACCESS_NOTIFICATION_POLICY
Marker permission for applications that wish to access notification policy.Enables an app to toggle your notification policy, e.g. Do Not Disturb. Runtime Permission; i.e. user must at least confirm this once.
ACCESS_NOTIFICATIONS
Access notifications System Tools Allows the app to retrieve, examine, and clear notifications, including those posted by other apps.
This permission is reserved for system apps. It was introduced with Android 4.3 as part of the new Notification Service.
ACCESS_SUPERUSER
Use root privileges System Tools An app with this permission obviously wants to use "root powers". This permission requested or not, no app automatically gets granted those "root powers"; but some "SuperUser apps" can be configured to ignore requests by all apps not having it. For all (other) apps, the user has to acknowledge their legitimity at least on the first request. Thus an app with this permission does not automatically have root permission – but only obtains them when the user explicitely approves that to the "SuperUser app".
Warning: an app with root-powers can do pretty much anything to your system. So better be sure you trust its developer (and your installation source) that far.
ACCESS_SURFACE_FLINGER
Access SurfaceFlinger System Tools Allows an application to use SurfaceFlinger's low level features.
SurfaceFlinger is part of Android's media framework. It provides a compositor which takes care for rendering in frame buffers (so this has to do with graphics).
ACCESS_WEATHERCLOCK_PROVIDER
Access Huawei WeatherClock data This permission allows accessing data of the Huawei Content Provider for WeatherClock. For details, please see Android.SE.
ACCESS_WIFI_STATE
View Wi-Fi connections Network This could be requested by any application that uses internet access. The application may check the state of your connection before trying to access the internet.
It's comparable to ACCESS_NETWORK_STATE, just for WiFi.
ACCESS_WIMAX_STATE
View WIMAX connections Network Allows the app to determine whether WiMAX is enabled and information about any WiMAX networks that are connected.
ACCOUNT_MANAGER Act as the AccountManagerService Accounts Allows applications to call into AccountAuthenticators. Only the system can get this permission.
An account-manager is the service working behind the scenes and taking care everything works as expected.
This permission is reserved for system apps.
For details, take a look at the Stack Exchange article What does permission “MANAGE_ACCOUNTS” mean?
ACTIVITY_RECOGNITION
Activity recognition Personal Information Allows an app to receive periodic updates of your activity level from Google,for example, if you are walking, driving, cycling, or stationary. This is part of Google Play Services ActivityRecognitionClient.
According to the API reference, the app doesn't receive any coordinates this way, but rather the type of the detected activity – e.g. WALKING, RUNNING, or STILL.
ADD_VOICEMAIL
Add Voicemail Voice Mailbox Allows the app to add messages to your voicemail inbox.
adm.permission.RECEIVE
Receive Amazon Device Messaging notifications Network Allows apps to accept cloud to device messages sent by the app's service (Amazon Device Messaging – like GoogleCloudMessaging). Using this service will incur data usage.
ANT Connect to ANT sensors
Network Allow to connect to ANT and ANT+ sensors. For what ANT is about, see Wikipedia and the ANT Android page.
ANT_ADMIN
Manage ANT connections Network Allow to manage connections to ANT and ANT+ sensors. For what ANT is about, see Wikipedia and the ANT Android page.
AUTHENTICATE_ACCOUNTS
Create accounts and set passwords Accounts Allows an application to act as an AccountAuthenticator for the AccountManager. This is for applications that would authenticate you to their service.
An app using this permission usually provides an interface to deal with a certain account type (which is not known by the pre-installed Android system), such as Dropbox. As shipped, Android does not know how to login to Dropbox and how to deal with a Dropbox account – so the Dropbox app provides the mechanism. Additionally, an "account authenticator" might restrict the actions an app can perform with the account (so it would e.g. be possible to administrate this via some web interface offered by the service). More details can be found e.g. in this Stack Exchange post.
BACKUP Control system backup and restore
Permits an app to manage backups of another app. This e.g. includes to tell the BackupManager that: data of that app have changed (dataChanged()), all backups of that app should be deleted (clearBackupData()), or backups for that app should be (de)activated.
BACKUP_DATA
Participate in the system backup and restore Allows the application to participate in the system's backup and restore mechanism.
Packages that do not use android.
permission.BACKUP_DATA
will neither be backed up nor restored. This seems to be an old (and possibly deprecated?) permission, as a commit message of August 2009 describes: In the future if access to the backup/restore infrastructure is made available to arbitrary 3rd party applications, the permission checks (and indeed, the permission itself) can simply be removed, and another one of February 2010 confirms: Any package can now participate in backup/restore, without requiring any manifest-declared permission.
badge.permission.READ
Read notification badges com.sec.android.provider.badge.* refer to the so called "Badge Provider", which is responsible for drawing numbers on your homescreen/lockscreen icons for e.g. missed calls or pending messages. Not clear to me is why an app must read these numbers; couldn't it simply tell the service to add/remove a given number to/from icon X?
For some details, please take a look at this Stack Exchange article.
Might be a permission specific to Samsung Touchwiz (with "sec" referring to the "seclauncher"); not sure whether other devices are affected by it.
badge.permission.WRITE Write notification badges no 0 0 Enables an app to paint numbers on icons, using the "Badge Service" described with badge.permission.READ.
BATTERY_STATS
Read battery statistics System Tools Allows an application to collect battery statistics. Battery widgets and other battery information tools use this permission.
BIND_ACCESSIBILITY_SERVICE
Bind to an Accessibility Service Accessibility Allows the holder to bind to the top-level interface of an accessibility service. Must be required by an AccessibilityService, to ensure that only the system can bind to it.
BIND_APPWIDGET
Choose Widgets Personal Information Allows an application to tell the AppWidget service which application can access AppWidget's data. The normal user flow is that a user picks an AppWidget to go into a particular host, thereby giving that host application access to the private data from the AppWidget app. An application that has this permission should honor that contract. Very few applications should need to use this permission.
BIND_DEVICE_ADMIN
Interact with device admin System Tools Allows the holder to send intents to a device administrator. Must be required by device administration receiver, to ensure that only the system can interact with it.
BIND_INPUT_METHOD
Bind to an Input Method System Tools Allows the holder to bind to the top-level interface of an input method. Must be required by an InputMethodService, to ensure that only the system can bind to it.
BIND_JOB_SERVICE
run the application's scheduled background work System Tools This permission gives access to the JobService and allows the Android system to run the application in the background when requested.
BIND_NFC_SERVICE
Bind NFC Service System Tools Must be required by a hostApduService or OffHostApduService to ensure that only the system can bind to it.
BIND_NOTIFICATION_LISTENER_SERVICE Bind Notification Listener Service System Tools Must be required by an NotificationListenerService, to ensure that only the system can bind to it.
BIND_PRINT_SERVICE
Bind Print Service System Tools Must be required by a PrintService, to ensure that only the system can bind to it.
BIND_REMOTEVIEWS
Bind to a widget service System Tools Allows the holder to bind to the top-level interface of a widget service. Must be required by a RemoteViewsService, to ensure that only the system can bind to it.
BIND_TEXT_SERVICE Bind to a Text Service System Tools Allows the holder to bind to the top-level interface of a text service (e.g. SpellCheckerService). Must be required by a TextService to ensure that only the system can bind to it.
BIND_VPN_SERVICE
Bind to a VPN service System Tools Allows the holder to bind to the top-level interface of a Vpn service. Must be required by a VpnService, to ensure that only the system can bind to it.
BIND_WALLPAPER
Bind to wallpaper System Tools Allows the holder to bind to the top-level interface of wallpaper. Must be required by a WallpaperService, to ensure that only the system can bind to it.
BLUETOOTH
Pair with Bluetooth devices Bluetooth Allows applications to connect to paired bluetooth devices.
Typical applications that would need bluetooth access include: sharing applications, file transfer apps, apps that connect to headset or wireless speakers.
BLUETOOTH_ADMIN
Access Bluetooth settings Bluetooth Allows applications to discover and pair bluetooth devices.
BLUETOOTH_PRIVILEGED
Bluetooth Privileged Bluetooth Allows applications to pair bluetooth devices without user interaction. This is not available to third party applications.
BODY_SENSORS
body sensors (like heart rate monitors) Personal Information Allows the app to access data from sensors you use to measure what's happening inside your body, such as heart rate.
BRICK (HAHAHA WOW MAY LIBRENG 500 TB TO)
Permanently disable phone System Tools si 0 5 Required to be able to disable the device (very dangerous!). Not available to 3rd party apps – and seemingly even not used anywhere, see Why do some apps request too many permissions?.
BROADCAST_DATA_MESSAGE
Broadcast data messages to apps Network Can broadcast data messages received from the Internet to apps registered to listen for them. Reserved to system apps.
BROADCAST_PACKAGE_ADDED
Send Package Added Broadcast System Tools Allows an application to broadcast a notification that an application package has been added.
BROADCAST_PACKAGE_REMOVED
Send package removed broadcast System Tools Allows an application to broadcast a notification that an application package has been removed.
BROADCAST_SMS
Send SMS-received broadcast Messages Allows an application to broadcast an SMS receipt notification.
BROADCAST_STICKY
Send Sticky Broadcasts System Tools Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast.
The permission has to do with how applications "talk" to each other using a communication method called Intents. While this permission is highly technical it is a relatively low importance. There are no know obvious malicious uses for this permission.
BROADCAST_WAP_PUSH
Send WAP-PUSH-received broadcast Messages Allows an application to broadcast a WAP PUSH receipt notification.
Not for use by third-party applications.
c2dm.permission.RECEIVE
Receive data from Internet network Allows apps to accept cloud to device messages sent by the app's service (GoogleCloudMessaging). Using this service will incur data usage. Malicious apps could cause excess data usage.
c2dm.permission.SEND
Send data to Internet network Allows apps to send cloud to device messages (GoogleCloudMessaging). Using this service will incur data usage.
CALL_PHONE
Directly call phone numbers Phone Calls Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
This permission is of high importance. This could let an application call a 1-900 number and charge you money. However, this is not as common a way to cheat people in today's world as it used to be. Legitimate applications that use this include: Google Voice and Google Maps.
Another important point to note here is that any app can launch the phone screen and pre-fill a number for you. However, in order to make the call, you would need to press "Send" or "Call" yourself. The difference with this permission is that an app could make the entire process automatic and hidden.
CALL_PRIVILEGED
Directly call any phone numbers Phone Calls Allows an application to call any phone number, including emergency numbers, without going through the Dialer user interface for the user to confirm the call being placed. For technical details, see CALL_PHONE.
CAMERA
Take pictures and videos Camera Required to be able to access the camera device.
CAPTURE_AUDIO_OUTPUT
Capture audio output Allows an application to capture audio output. Not for use by third-party applications.
Requested e.g. by Google Play Services.
CAPTURE_SECURE_VIDEO_OUTPUT
Capture Secure Video Output Allows an application to capture secure video output. Not for use by third-party applications.
Requested e.g. by Google Play Services.
CAPTURE_VIDEO_OUTPUt
Capture Video Output Allows an application to capture video output. Not for use by third-party applications.
Requested e.g. by Google Play Services
CHANGE_BACKGROUND_DATA_SETTING
Change background data usage setting Network Allows the app to change the background data usage setting.
CHANGE_COMPONENT_ENABLED_STATE
Enable or disable app components System Tools Allows an app to change whether an application component (other than its own) is enabled or not.
Malicious apps may use this to disable important device capabilities. Care must be used with this permission, as it is possible to get app components into an unusable, inconsistent, or unstable state
CHANGE_CONFIGURATION
Change system display settings Development Tools Allows an application to modify the current configuration, such as locale.
CHANGE_NETWORK_STATE
Change network connectivity Network Allows applications to change network connectivity state.
Good Cop: Enable network connection only when needed, according to the requirements of the user.
Bad Cop: Cause extra costs (especially when in roaming) just for mischievous glee; secretly transfer data (in conjunction with INTERNET)
CHANGE_WIFI_MULTICAST_STATE
Allow Wi-Fi Multicast reception Effects on Battery Life Allows applications to enter Wi-Fi Multicast mode. This allows to send data packages to multiple recipients simultaneously, without using additional bandwidth. Useful e.g. for streaming servers supporting multiple clients. It also enables to receive network packages not intended for the own device (sniffing).
Uses more power than non-multicast-mode.
CHANGE_WIFI_STATE
Connect and disconnect from Wi-Fi network Allows applications to change Wi-Fi connectivity state. Think of it as CHANGE_NETWORK_STATE for WiFi.
CHANGE_WIMAX_STATE
Change WiMAX state Network Allows the app to connect the device to and disconnect the device from WiMAX networks.
CHANGE_NETWORK_STATE for WIMAX. Also can apply changes to configured WIMAX networks.
CLEAR_APP_CACHE
Delete all app cache data System Tools Allows an application to clear the caches of all installed applications on the device.
CLEAR_APP_USER_DATA
Delete other apps data System Tools Allows an application to clear user data.
COLLECT_METRICS
Collect customer metrics Permits an app to collect customer metrics for Amazon, on how an app is used. This permission is bound to the Amazon Metrics Service Application (com.amazon.client.metrics) and thus only granted with that app installed.
CONFIGURE_SIP
Full access to SIP Accounts/Calls/Messages Phone Calls Configure SIP accounts and settings, access to SIP contents (call logs, messages...), extends and hook SIP flow.
A malicious app with this permission can cause additional costs by e.g. configuring a costly SIP service.
CONNECTIVITY_INTERNAL
Use privileged ConnectivityManager API Network Allows an internal user to use priviledged ConnectivityManager APIs.
CONTROL_LOCATION_UPDATES
Control Location Updates Location Allows enabling/disabling location update notifications from the radio. Not for use by normal.
ACCESS_ALL_DOWNLOADS
access all system downloads Network Allows an app to access all downloads in the system via the /all_downloads/ URIs. The protection level could be relaxed in the future to support third-party download managers.
ACCESS_ALL_EXTERNAL_STORAGE
access external storage of all users Development Tools Allows the app to access external storage for all users.
ACCESS_CHECKIN_PROPERTIES
Access check-in properties Location Allows read/write access to the "properties" table in the (Unix security) checkin database, to change values that get uploaded.
ACCESS_COARSE_LOCATION
Approximate location (network-based) Location Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi.
This permission is usually used by applications that display location based ads by publishers like Admob (Google).
ACCESS_DOWNLOAD_MANAGER
Access download manager.Network Allows the app to access the download manager and to use it to download files. Malicious apps can use this to disrupt downloads and access private information.
Only accessible by system apps
ACCESS_DOWNLOAD_MANAGER_ADVANCED
Advanced download manager functions.Network Allows the app to access the download manager's advanced functions. Malicious apps can use this to disrupt downloads and access private information.
ACCESS_DRM
Access DRM content Allows application to access DRM-protected content.
ACCESS_FINE_LOCATION
Precise location (GPS and network-based) Location Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.
This permission can be used by applications that display location based ads by publishers like Admob (Google). It is also used by applications that want your exact location. Examples would be Navigation applications, "Check-In" apps like 4square.
ACCESS_LOCATION_EXTRA_COMMANDS
Access extra location provider commands Location good example for poor documentation, as even books on Android application development state: The Android documentation doesn’t tell us which location commands are “extra,” so we’ll ask for all of them.
The documentation of Locus Map gives a hint, though: allows disabling the A-GPS data status and forcing system to load new.
ACCESS_MOCK_LOCATION
mock location sources for testing Location Allows an application to create mock location providers for testing, and is intended for development use in e.g. the Android Emulator (to save the dev from having to run around to check if positions are displayed correctly). Cases where this is needed in an app ready for endusers should be rare.
Requires "Allow mock locations" to be enabled in developer options
ACCESS_NETWORK_STATE
View network connections Network Allows applications to access information about networks, including if a network is available (or just connecting), what type of network the device is connected to, if any (WiFi, 3G, LTE), if it's in Roaming, and also reasons for a failed connection attempt (if any).
Good use: The application may check the state of your connection before trying to access the internet, and e.g. restrict itself to WiFi for some actions.
Bad use: Only in combination with other permissions (e.g. data collection for profiling).
ACCESS_NOTIFICATION_POLICY
Marker permission for applications that wish to access notification policy.Enables an app to toggle your notification policy, e.g. Do Not Disturb. Runtime Permission; i.e. user must at least confirm this once.
ACCESS_NOTIFICATIONS
Access notifications System Tools Allows the app to retrieve, examine, and clear notifications, including those posted by other apps.
This permission is reserved for system apps. It was introduced with Android 4.3 as part of the new Notification Service.
ACCESS_SUPERUSER
Use root privileges System Tools An app with this permission obviously wants to use "root powers". This permission requested or not, no app automatically gets granted those "root powers"; but some "SuperUser apps" can be configured to ignore requests by all apps not having it. For all (other) apps, the user has to acknowledge their legitimity at least on the first request. Thus an app with this permission does not automatically have root permission – but only obtains them when the user explicitely approves that to the "SuperUser app".
Warning: an app with root-powers can do pretty much anything to your system. So better be sure you trust its developer (and your installation source) that far.
ACCESS_SURFACE_FLINGER
Access SurfaceFlinger System Tools Allows an application to use SurfaceFlinger's low level features.
SurfaceFlinger is part of Android's media framework. It provides a compositor which takes care for rendering in frame buffers (so this has to do with graphics).
ACCESS_WEATHERCLOCK_PROVIDER
Access Huawei WeatherClock data This permission allows accessing data of the Huawei Content Provider for WeatherClock. For details, please see Android.SE.
ACCESS_WIFI_STATE
View Wi-Fi connections Network This could be requested by any application that uses internet access. The application may check the state of your connection before trying to access the internet.
It's comparable to ACCESS_NETWORK_STATE, just for WiFi.
ACCESS_WIMAX_STATE
View WIMAX connections Network Allows the app to determine whether WiMAX is enabled and information about any WiMAX networks that are connected.
ACCOUNT_MANAGER Act as the AccountManagerService Accounts Allows applications to call into AccountAuthenticators. Only the system can get this permission.
An account-manager is the service working behind the scenes and taking care everything works as expected.
This permission is reserved for system apps.
For details, take a look at the Stack Exchange article What does permission “MANAGE_ACCOUNTS” mean?
ACTIVITY_RECOGNITION
Activity recognition Personal Information Allows an app to receive periodic updates of your activity level from Google,for example, if you are walking, driving, cycling, or stationary. This is part of Google Play Services ActivityRecognitionClient.
According to the API reference, the app doesn't receive any coordinates this way, but rather the type of the detected activity – e.g. WALKING, RUNNING, or STILL.
ADD_VOICEMAIL
Add Voicemail Voice Mailbox Allows the app to add messages to your voicemail inbox.
adm.permission.RECEIVE
Receive Amazon Device Messaging notifications Network Allows apps to accept cloud to device messages sent by the app's service (Amazon Device Messaging – like GoogleCloudMessaging). Using this service will incur data usage.
ANT Connect to ANT sensors
Network Allow to connect to ANT and ANT+ sensors. For what ANT is about, see Wikipedia and the ANT Android page.
ANT_ADMIN
Manage ANT connections Network Allow to manage connections to ANT and ANT+ sensors. For what ANT is about, see Wikipedia and the ANT Android page.
AUTHENTICATE_ACCOUNTS
Create accounts and set passwords Accounts Allows an application to act as an AccountAuthenticator for the AccountManager. This is for applications that would authenticate you to their service.
An app using this permission usually provides an interface to deal with a certain account type (which is not known by the pre-installed Android system), such as Dropbox. As shipped, Android does not know how to login to Dropbox and how to deal with a Dropbox account – so the Dropbox app provides the mechanism. Additionally, an "account authenticator" might restrict the actions an app can perform with the account (so it would e.g. be possible to administrate this via some web interface offered by the service). More details can be found e.g. in this Stack Exchange post.
BACKUP Control system backup and restore
Permits an app to manage backups of another app. This e.g. includes to tell the BackupManager that: data of that app have changed (dataChanged()), all backups of that app should be deleted (clearBackupData()), or backups for that app should be (de)activated.
BACKUP_DATA
Participate in the system backup and restore Allows the application to participate in the system's backup and restore mechanism.
Packages that do not use android.
permission.BACKUP_DATA
will neither be backed up nor restored. This seems to be an old (and possibly deprecated?) permission, as a commit message of August 2009 describes: In the future if access to the backup/restore infrastructure is made available to arbitrary 3rd party applications, the permission checks (and indeed, the permission itself) can simply be removed, and another one of February 2010 confirms: Any package can now participate in backup/restore, without requiring any manifest-declared permission.
badge.permission.READ
Read notification badges com.sec.android.provider.badge.* refer to the so called "Badge Provider", which is responsible for drawing numbers on your homescreen/lockscreen icons for e.g. missed calls or pending messages. Not clear to me is why an app must read these numbers; couldn't it simply tell the service to add/remove a given number to/from icon X?
For some details, please take a look at this Stack Exchange article.
Might be a permission specific to Samsung Touchwiz (with "sec" referring to the "seclauncher"); not sure whether other devices are affected by it.
badge.permission.WRITE Write notification badges no 0 0 Enables an app to paint numbers on icons, using the "Badge Service" described with badge.permission.READ.
BATTERY_STATS
Read battery statistics System Tools Allows an application to collect battery statistics. Battery widgets and other battery information tools use this permission.
BIND_ACCESSIBILITY_SERVICE
Bind to an Accessibility Service Accessibility Allows the holder to bind to the top-level interface of an accessibility service. Must be required by an AccessibilityService, to ensure that only the system can bind to it.
BIND_APPWIDGET
Choose Widgets Personal Information Allows an application to tell the AppWidget service which application can access AppWidget's data. The normal user flow is that a user picks an AppWidget to go into a particular host, thereby giving that host application access to the private data from the AppWidget app. An application that has this permission should honor that contract. Very few applications should need to use this permission.
BIND_DEVICE_ADMIN
Interact with device admin System Tools Allows the holder to send intents to a device administrator. Must be required by device administration receiver, to ensure that only the system can interact with it.
BIND_INPUT_METHOD
Bind to an Input Method System Tools Allows the holder to bind to the top-level interface of an input method. Must be required by an InputMethodService, to ensure that only the system can bind to it.
BIND_JOB_SERVICE
run the application's scheduled background work System Tools This permission gives access to the JobService and allows the Android system to run the application in the background when requested.
BIND_NFC_SERVICE
Bind NFC Service System Tools Must be required by a hostApduService or OffHostApduService to ensure that only the system can bind to it.
BIND_NOTIFICATION_LISTENER_SERVICE Bind Notification Listener Service System Tools Must be required by an NotificationListenerService, to ensure that only the system can bind to it.
BIND_PRINT_SERVICE
Bind Print Service System Tools Must be required by a PrintService, to ensure that only the system can bind to it.
BIND_REMOTEVIEWS
Bind to a widget service System Tools Allows the holder to bind to the top-level interface of a widget service. Must be required by a RemoteViewsService, to ensure that only the system can bind to it.
BIND_TEXT_SERVICE Bind to a Text Service System Tools Allows the holder to bind to the top-level interface of a text service (e.g. SpellCheckerService). Must be required by a TextService to ensure that only the system can bind to it.
BIND_VPN_SERVICE
Bind to a VPN service System Tools Allows the holder to bind to the top-level interface of a Vpn service. Must be required by a VpnService, to ensure that only the system can bind to it.
BIND_WALLPAPER
Bind to wallpaper System Tools Allows the holder to bind to the top-level interface of wallpaper. Must be required by a WallpaperService, to ensure that only the system can bind to it.
BLUETOOTH
Pair with Bluetooth devices Bluetooth Allows applications to connect to paired bluetooth devices.
Typical applications that would need bluetooth access include: sharing applications, file transfer apps, apps that connect to headset or wireless speakers.
BLUETOOTH_ADMIN
Access Bluetooth settings Bluetooth Allows applications to discover and pair bluetooth devices.
BLUETOOTH_PRIVILEGED
Bluetooth Privileged Bluetooth Allows applications to pair bluetooth devices without user interaction. This is not available to third party applications.
BODY_SENSORS
body sensors (like heart rate monitors) Personal Information Allows the app to access data from sensors you use to measure what's happening inside your body, such as heart rate.
BRICK (HAHAHA WOW MAY LIBRENG 500 TB TO)
Permanently disable phone System Tools si 0 5 Required to be able to disable the device (very dangerous!). Not available to 3rd party apps – and seemingly even not used anywhere, see Why do some apps request too many permissions?.
BROADCAST_DATA_MESSAGE
Broadcast data messages to apps Network Can broadcast data messages received from the Internet to apps registered to listen for them. Reserved to system apps.
BROADCAST_PACKAGE_ADDED
Send Package Added Broadcast System Tools Allows an application to broadcast a notification that an application package has been added.
BROADCAST_PACKAGE_REMOVED
Send package removed broadcast System Tools Allows an application to broadcast a notification that an application package has been removed.
BROADCAST_SMS
Send SMS-received broadcast Messages Allows an application to broadcast an SMS receipt notification.
BROADCAST_STICKY
Send Sticky Broadcasts System Tools Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast.
The permission has to do with how applications "talk" to each other using a communication method called Intents. While this permission is highly technical it is a relatively low importance. There are no know obvious malicious uses for this permission.
BROADCAST_WAP_PUSH
Send WAP-PUSH-received broadcast Messages Allows an application to broadcast a WAP PUSH receipt notification.
Not for use by third-party applications.
c2dm.permission.RECEIVE
Receive data from Internet network Allows apps to accept cloud to device messages sent by the app's service (GoogleCloudMessaging). Using this service will incur data usage. Malicious apps could cause excess data usage.
c2dm.permission.SEND
Send data to Internet network Allows apps to send cloud to device messages (GoogleCloudMessaging). Using this service will incur data usage.
CALL_PHONE
Directly call phone numbers Phone Calls Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
This permission is of high importance. This could let an application call a 1-900 number and charge you money. However, this is not as common a way to cheat people in today's world as it used to be. Legitimate applications that use this include: Google Voice and Google Maps.
Another important point to note here is that any app can launch the phone screen and pre-fill a number for you. However, in order to make the call, you would need to press "Send" or "Call" yourself. The difference with this permission is that an app could make the entire process automatic and hidden.
CALL_PRIVILEGED
Directly call any phone numbers Phone Calls Allows an application to call any phone number, including emergency numbers, without going through the Dialer user interface for the user to confirm the call being placed. For technical details, see CALL_PHONE.
CAMERA
Take pictures and videos Camera Required to be able to access the camera device.
CAPTURE_AUDIO_OUTPUT
Capture audio output Allows an application to capture audio output. Not for use by third-party applications.
Requested e.g. by Google Play Services.
CAPTURE_SECURE_VIDEO_OUTPUT
Capture Secure Video Output Allows an application to capture secure video output. Not for use by third-party applications.
Requested e.g. by Google Play Services.
CAPTURE_VIDEO_OUTPUt
Capture Video Output Allows an application to capture video output. Not for use by third-party applications.
Requested e.g. by Google Play Services
CHANGE_BACKGROUND_DATA_SETTING
Change background data usage setting Network Allows the app to change the background data usage setting.
CHANGE_COMPONENT_ENABLED_STATE
Enable or disable app components System Tools Allows an app to change whether an application component (other than its own) is enabled or not.
Malicious apps may use this to disable important device capabilities. Care must be used with this permission, as it is possible to get app components into an unusable, inconsistent, or unstable state
CHANGE_CONFIGURATION
Change system display settings Development Tools Allows an application to modify the current configuration, such as locale.
CHANGE_NETWORK_STATE
Change network connectivity Network Allows applications to change network connectivity state.
Good Cop: Enable network connection only when needed, according to the requirements of the user.
Bad Cop: Cause extra costs (especially when in roaming) just for mischievous glee; secretly transfer data (in conjunction with INTERNET)
CHANGE_WIFI_MULTICAST_STATE
Allow Wi-Fi Multicast reception Effects on Battery Life Allows applications to enter Wi-Fi Multicast mode. This allows to send data packages to multiple recipients simultaneously, without using additional bandwidth. Useful e.g. for streaming servers supporting multiple clients. It also enables to receive network packages not intended for the own device (sniffing).
Uses more power than non-multicast-mode.
CHANGE_WIFI_STATE
Connect and disconnect from Wi-Fi network Allows applications to change Wi-Fi connectivity state. Think of it as CHANGE_NETWORK_STATE for WiFi.
CHANGE_WIMAX_STATE
Change WiMAX state Network Allows the app to connect the device to and disconnect the device from WiMAX networks.
CHANGE_NETWORK_STATE for WIMAX. Also can apply changes to configured WIMAX networks.
CLEAR_APP_CACHE
Delete all app cache data System Tools Allows an application to clear the caches of all installed applications on the device.
CLEAR_APP_USER_DATA
Delete other apps data System Tools Allows an application to clear user data.
COLLECT_METRICS
Collect customer metrics Permits an app to collect customer metrics for Amazon, on how an app is used. This permission is bound to the Amazon Metrics Service Application (com.amazon.client.metrics) and thus only granted with that app installed.
CONFIGURE_SIP
Full access to SIP Accounts/Calls/Messages Phone Calls Configure SIP accounts and settings, access to SIP contents (call logs, messages...), extends and hook SIP flow.
A malicious app with this permission can cause additional costs by e.g. configuring a costly SIP service.
CONNECTIVITY_INTERNAL
Use privileged ConnectivityManager API Network Allows an internal user to use priviledged ConnectivityManager APIs.
CONTROL_LOCATION_UPDATES
Control Location Updates Location Allows enabling/disabling location update notifications from the radio. Not for use by normal.
