Mapping between Android permissions (that we defin

2019-02-01 02:38发布

问题:

Where can I find the mapping between Android permissions (that we define in the manisfest file ) to corresponding API calls /methods?

For example

GET-ACCOUNTS” is a permission type which maps to
getAccountsByType(), getDeviceId(), and getLine1Number().

Similarly I want to know, If I use permission Internet,ACCESS_COARSE_LOCATION,ACCESS_WIFI_STATE etc.. Then which all methods/API calls map to it?

Please let me know where can I find this information. Below link lists the permission http://developer.android.com/reference/android/Manifest.permission.html

But could not find the mapping.

If this is not the right forum to post this , Then please let me know where should I post this?

回答1:

The mapping is not provided by Google, but two three major research studies have been attempted to recover this information.

The first study was by done Berkeley using a dynamic analysis technique to mine the mapping from Android 2.2. They created an online tool where you can submit your app for some analysis (now offline).

The second study was done by the University of Toronto. They used a static analysis approach to mine the mappings from a few representative versions of Android (2.2.3, 2.3.6, 3.2.2, 4.0.1, and 4.1.1). Note that it appears that PScout is now being actively maintained again by the authors and there are current mappings available.

Both of these tools have some caveats as discussed by the papers and as a result the mappings produced are not perfect, but it is better than nothing.


Update: PScout is no longer being actively maintained. A group in Germany at Saarland University was able make some improvements on PScout and produce published mapping results for Android APIs 16, 17, 18, 19, 21, 22, and 23. The tool source does not appear to be available.


Link: Berkeley Paper (Android Permissions Demystified)

Link: Berkeley Stowaway Tool (tool appears to be permanently offline now, and the authors now recommend using PScout results for analysis)

Link: Toronto Paper (PScout: Analyzing the Android Permission Specification)

Link: Toronto PScout Tool

Link: PScout II on Github

Link: Saarland University Paper (axplorer: On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis)

Link: axplorer Permission Mapping Results


Update: Shameless self-promotion of my Android Essentials Toolbox open source Eclipse plugin that can be used to apply the permission mappings in the Atlas visual program analysis framework. Permission mappings are based on PScout and axplorer results and can be applied to Android source or binary projects. A UI is included for browsing the permission mappings (used permissions are highlighted red).



回答2:

Original PScout website doesn't work anymore but I extracted the mapping from original PScout and pushed it to Github. You can easily check it out and parse it if you need it.

Here you can find all methods that PScout found which require Android permissions.

PScout results- map of Android permissions and methods that require those permissions



回答3:

The last (2016) "state of the art" paper about permission mapping is Axplorer

In their github project you can find the extracted mapping (api 25).