[Roman Herasymenko] Android M Security Model

Transcript

1. Android M security model Roman Herasymenko Google Developer Expert@Yalantis

2. #dfua What do we currently have?

3. #dfua Problems - Installing applications based on trust - Unnecessary

   permissions (related functionality won’t be ever used) - Dangerous permissions (especially with paid SMS & calls) Many users won’t even download the app.

4. #dfua What is new here? - Permission groups - Normal

   permissions - Runtime permissions - Permissions can be accepted or denied in settings - We have to deal with denied permissions - User education

5. #dfua Permission groups Calendar Camera Contacts Location Microphone Phone Sensors

   SMS Storage

6. #dfua Normal permissions - Permission rating - normal - no

   risk to user’s privacy or security - 37 permissions are in this group - INTERNET, VIBRATE, WRITE_EXTERNAL_STORAGE, RECEIVE_BOOT_COMPLETED are in this group

7. –Anonymous Paranoiac “… it’s not even possible to revoke Internet

   access, even if we want to”

8. #dfua Runtime permissions Android 6.0 only

9. #dfua Permissions on settings All API versions

10. #dfua Denied permission with targetSdk < 23 - Android 6.0

    won’t crash - Functions which need permissions will return an empty state value

11. #dfua Denied permission with targetSdk >= 23 - If your

    app is not ready to work with permissions, it will crash - Implement the new permissions model before release it with targetSdk >= 23

12. #dfua Intents without permissions - We can still use Intents

    without requesting permission for certain functions - ACTION_INSERT, ACTION_IMAGE_CAPTURE, ACTION_VIDEO_CAPTURE, etc.

13. #dfua Educate your user before asking for permission Clear Critical

    Unclear Secondary

14. #dfua User education (1) Educate before asking Ask up-front Ask

    in context

15. #dfua User education (2) Educate in context Provide an immediate

    benefit Ask only relevant

16. #dfua User education (3) Feedback for denied permission Critical permissions

17. #dfua How do we need to ask for permission? if

    (checkSelfPermission(Manifest.permission.READ_CONTACTS) != PackageManager.PERMISSION_GRANTED) { // Should we show an explanation? if (shouldShowRequestPermissionRationale(thisActivity, Manifest.permission.READ_CONTACTS)) { // Show an expanation to the user *asynchronously* } // No explanation needed, we can request the permission. requestPermissions(thisActivity, new String[]{Manifest.permission.READ_CONTACTS}, MY_PERMISSIONS_REQUEST_READ_CONTACTS); } Asking for permission

18. #dfua How do we need to manage the result? @Override

    public void onRequestPermissionsResult(int requestCode, String permissions[], int[] grantResults) { switch (requestCode) { case MY_PERMISSIONS_REQUEST_READ_CONTACTS: { // If request is cancelled, the result arrays are empty. if (grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED) { // permission was granted, yay! Do the // contacts-related task you need to do. } else { // permission denied, boo! Disable the functionality that depends on this permission. } return; } // other 'case' lines to check for other // permissions this app might request } } Handling result

19. #dfua Asking for permission - Using the framework (targetSdk =

    23) - We have to check correct sdk version we’re using - Using v4 or v13 support libraries - v4 will check it internally

20. Permissions flow

21. #dfua

22. #dfua Is it easy? - Implementation is easy, but the

    flow is a mess - User education adding more difficult to it - Reusing permissions in several parts of app makes this even more difficult

23. Support-v4

24. #dfua ContextCompat.checkSelfPermission(Context context, String permission) Checking for permission ActivityCompat.requestPermissions(final Activity

    activity, final String[] permissions, final int requestCode) Requesting for permission ActivityCompat.shouldShowRequestPermissionRationale(Activity activity, String permission) Checking if permission was denied before

25. Docs & articles

26. #dfua - Best practices - Requesting permissions in runtime -

    Permission groups - Exploring new permission model - Design patterns - Handling permissions removal

27. Thank you! Questions? @Aenterhy +RomanGerasimenko www.aenterhy.co