android.permission.WRITE_SECURE_SETTINGS

Allows an application to read or write the secure system settings.

Not for use by third-party applications.

Constant Value: "android.permission.WRITE_SECURE_SETTINGS"

Added in API level 3

Use adb to grant WRITE_SECURE_SETTINGS permission

This permission is not intended for use in third-party apps. However there is a way to grant the permission for the app using adb:

1
adb shell pm grant com.sample.app android.permission.WRITE_SECURE_SETTINGS

To revoke permission:

1
adb shell pm revoke com.sample.app android.permission.WRITE_SECURE_SETTINGS

To check if permission is granted:

1
adb shell dumpsys package com.sample.app

Source: https://github.com/TilesOrganization/support/wiki/Use-adb-to-grant-WRITE_SECURE_SETTINGS-permission

This also can be done programatically (but root access is required):

1
2
3
4
5
Process p = Runtime.getRuntime().exec("su");
DataOutputStream os = new DataOutputStream(p.getOutputStream());
os.writeBytes("pm grant "+context.getPackageName()+" android.permission.WRITE_SECURE_SETTINGS \n");
os.writeBytes("exit\n");
os.flush();

FusedLocationProviderApi interface was deprecated

FusedLocationProviderApi interface was deprecated. New recommended way of interaction with fused location provider is FusedLocationProviderClient.

Please note that FusedLocationProviderClient is not completely ready for use as of now (November 2017).
Please continue using the FusedLocationProviderApi class and don’t migrate to the FusedLocationProviderClient class until Google Play services version 12.0.0 is available, which is expected to ship in early 2018. Using the FusedLocationProviderClient before version 12.0.0 causes the client app to crash when Google Play services is updated on the device. We apologize for any inconvenience this may have caused.

More information:

android.permission.BATTERY_STATS

Allows an application to collect battery statistics

Constant Value: “android.permission.BATTERY_STATS”

Added in API level 1

ProtectionLevel: signature|system

Sample code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
@Override
public void onCreate() {
BroadcastReceiver batteryReceiver = new BroadcastReceiver() {
int scale = -1;
int level = -1;
int voltage = -1;
int temp = -1;
@Override
public void onReceive(Context context, Intent intent) {
level = intent.getIntExtra(BatteryManager.EXTRA_LEVEL, -1);
scale = intent.getIntExtra(BatteryManager.EXTRA_SCALE, -1);
temp = intent.getIntExtra(BatteryManager.EXTRA_TEMPERATURE, -1);
voltage = intent.getIntExtra(BatteryManager.EXTRA_VOLTAGE, -1);
Log.e("BatteryManager", "level is "+level+"/"+scale+", temp is "+temp+", voltage is "+voltage);
}
};
IntentFilter filter = new IntentFilter(Intent.ACTION_BATTERY_CHANGED);
registerReceiver(batteryReceiver, filter);
}

More thorough example:
(Source: https://alvinalexander.com/java/jwarehouse/android/services/java/com/android/server/am/BatteryStatsService.java.shtml)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
he BatteryStatsService.java Android example source code
/*
* Copyright (C) 2006-2007 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.am;
import android.bluetooth.BluetoothHeadset;
import android.content.Context;
import android.os.Binder;
import android.os.IBinder;
import android.os.Parcel;
import android.os.Process;
import android.os.ServiceManager;
import android.telephony.SignalStrength;
import android.util.Slog;
import com.android.internal.app.IBatteryStats;
import com.android.internal.os.BatteryStatsImpl;
import com.android.internal.os.PowerProfile;
import java.io.FileDescriptor;
import java.io.PrintWriter;
/**
* All information we are collecting about things that can happen that impact
* battery life.
*/
public final class BatteryStatsService extends IBatteryStats.Stub {
static IBatteryStats sService;
final BatteryStatsImpl mStats;
Context mContext;
BatteryStatsService(String filename) {
mStats = new BatteryStatsImpl(filename);
}
public void publish(Context context) {
mContext = context;
ServiceManager.addService("batteryinfo", asBinder());
mStats.setNumSpeedSteps(new PowerProfile(mContext).getNumSpeedSteps());
mStats.setRadioScanningTimeout(mContext.getResources().getInteger(
com.android.internal.R.integer.config_radioScanningTimeout)
* 1000L);
}
public void shutdown() {
Slog.w("BatteryStats", "Writing battery stats before shutdown...");
synchronized (mStats) {
mStats.writeLocked();
}
}
public static IBatteryStats getService() {
if (sService != null) {
return sService;
}
IBinder b = ServiceManager.getService("batteryinfo");
sService = asInterface(b);
return sService;
}
/**
* @return the current statistics object, which may be modified
* to reflect events that affect battery usage. You must lock the
* stats object before doing anything with it.
*/
public BatteryStatsImpl getActiveStatistics() {
return mStats;
}
public byte[] getStatistics() {
mContext.enforceCallingPermission(
android.Manifest.permission.BATTERY_STATS, null);
//Slog.i("foo", "SENDING BATTERY INFO:");
//mStats.dumpLocked(new LogPrinter(Log.INFO, "foo", Log.LOG_ID_SYSTEM));
Parcel out = Parcel.obtain();
mStats.writeToParcel(out, 0);
byte[] data = out.marshall();
out.recycle();
return data;
}
public void noteStartWakelock(int uid, String name, int type) {
enforceCallingPermission();
synchronized (mStats) {
mStats.getUidStatsLocked(uid).noteStartWakeLocked(name, type);
}
}
public void noteStopWakelock(int uid, String name, int type) {
enforceCallingPermission();
synchronized (mStats) {
mStats.getUidStatsLocked(uid).noteStopWakeLocked(name, type);
}
}
public void noteStartSensor(int uid, int sensor) {
enforceCallingPermission();
synchronized (mStats) {
mStats.getUidStatsLocked(uid).noteStartSensor(sensor);
}
}
public void noteStopSensor(int uid, int sensor) {
enforceCallingPermission();
synchronized (mStats) {
mStats.getUidStatsLocked(uid).noteStopSensor(sensor);
}
}
public void noteStartGps(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteStartGps(uid);
}
}
public void noteStopGps(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteStopGps(uid);
}
}
public void noteScreenOn() {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteScreenOnLocked();
}
}
public void noteScreenBrightness(int brightness) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteScreenBrightnessLocked(brightness);
}
}
public void noteScreenOff() {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteScreenOffLocked();
}
}
public void noteInputEvent() {
enforceCallingPermission();
mStats.noteInputEventAtomic();
}
public void noteUserActivity(int uid, int event) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteUserActivityLocked(uid, event);
}
}
public void notePhoneOn() {
enforceCallingPermission();
synchronized (mStats) {
mStats.notePhoneOnLocked();
}
}
public void notePhoneOff() {
enforceCallingPermission();
synchronized (mStats) {
mStats.notePhoneOffLocked();
}
}
public void notePhoneSignalStrength(SignalStrength signalStrength) {
enforceCallingPermission();
synchronized (mStats) {
mStats.notePhoneSignalStrengthLocked(signalStrength);
}
}
public void notePhoneDataConnectionState(int dataType, boolean hasData) {
enforceCallingPermission();
synchronized (mStats) {
mStats.notePhoneDataConnectionStateLocked(dataType, hasData);
}
}
public void notePhoneState(int state) {
enforceCallingPermission();
synchronized (mStats) {
mStats.notePhoneStateLocked(state);
}
}
public void noteWifiOn(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteWifiOnLocked(uid);
}
}
public void noteWifiOff(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteWifiOffLocked(uid);
}
}
public void noteStartAudio(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteAudioOnLocked(uid);
}
}
public void noteStopAudio(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteAudioOffLocked(uid);
}
}
public void noteStartVideo(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteVideoOnLocked(uid);
}
}
public void noteStopVideo(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteVideoOffLocked(uid);
}
}
public void noteWifiRunning() {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteWifiRunningLocked();
}
}
public void noteWifiStopped() {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteWifiStoppedLocked();
}
}
public void noteBluetoothOn() {
enforceCallingPermission();
BluetoothHeadset headset = new BluetoothHeadset(mContext, null);
synchronized (mStats) {
mStats.noteBluetoothOnLocked();
mStats.setBtHeadset(headset);
}
}
public void noteBluetoothOff() {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteBluetoothOffLocked();
}
}
public void noteFullWifiLockAcquired(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteFullWifiLockAcquiredLocked(uid);
}
}
public void noteFullWifiLockReleased(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteFullWifiLockReleasedLocked(uid);
}
}
public void noteScanWifiLockAcquired(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteScanWifiLockAcquiredLocked(uid);
}
}
public void noteScanWifiLockReleased(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteScanWifiLockReleasedLocked(uid);
}
}
public void noteWifiMulticastEnabled(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteWifiMulticastEnabledLocked(uid);
}
}
public void noteWifiMulticastDisabled(int uid) {
enforceCallingPermission();
synchronized (mStats) {
mStats.noteWifiMulticastDisabledLocked(uid);
}
}
public boolean isOnBattery() {
return mStats.isOnBattery();
}
public void setOnBattery(boolean onBattery, int level) {
enforceCallingPermission();
mStats.setOnBattery(onBattery, level);
}
public void recordCurrentLevel(int level) {
enforceCallingPermission();
mStats.recordCurrentLevel(level);
}
public long getAwakeTimeBattery() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BATTERY_STATS, null);
return mStats.getAwakeTimeBattery();
}
public long getAwakeTimePlugged() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BATTERY_STATS, null);
return mStats.getAwakeTimePlugged();
}
public void enforceCallingPermission() {
if (Binder.getCallingPid() == Process.myPid()) {
return;
}
mContext.enforcePermission(android.Manifest.permission.UPDATE_DEVICE_STATS,
Binder.getCallingPid(), Binder.getCallingUid(), null);
}
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
synchronized (mStats) {
boolean isCheckin = false;
if (args != null) {
for (String arg : args) {
if ("--checkin".equals(arg)) {
isCheckin = true;
break;
}
}
}
if (isCheckin) mStats.dumpCheckinLocked(pw, args);
else mStats.dumpLocked(pw);
}
}
}

Earlier BATTERY_STATS had dangerous as protection level but in kitkat they have changed it to signature/system. so unless your app is running as system app or your app is signed with same certificate as system apps, your app wont be able to access battery stats !!

More information:

What is android:protectionLevel

android:protectionLevel attribute used as part of <permission> attribute to tell the system how the user is to be informed of apps requiring the permission, or who is allowed to hold that permission, as described in the linked documentation..

It is characterizes the potential risk implied in a permission and indicates the procedure the system should follow when determining whether to grant the permission to an application requesting it. Standard permissions have a predefined and permanent protectionLevel. If you are creating a custom permission in an application, you can define a protectionLevel attribute with one of the values listed below. If no protectionLevel is defined for a custom permission, the system assigns the default (“normal”).

Must be one or more (separated by ‘|’) of the following constant values.

The value can be set to one of the following strings:

normal

The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user’s explicit approval (though the user always has the option to review these permissions before installing).

dangerous

A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.

signature

A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user’s explicit approval.

signatureOrSystem

A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The “signatureOrSystem” permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

More information:

android.permission.ACCESS_MOCK_LOCATION

Create mock location sources for testing.
This allows the app to override the location and/or status returned by other location sources such as GPS or location providers.
Malicious applications can use this to override the location and/or status returned by real-location sources such as GPS or Network providers.

Usage in Manifest:

1
< uses-permission android:name="android.permission.ACCESS_MOCK_LOCATION" />

To enable mocked locations on device go to:

1
Settings -> Developer options -> Allow mock locations

Sample code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
//Initiates the method to set the phones location
private void setMockLocation() {
mLocationManager.removeTestProvider(LocationManager.GPS_PROVIDER);
mLocationManager.addTestProvider
(
LocationManager.GPS_PROVIDER,
"requiresNetwork" == "",
"requiresSatellite" == "",
"requiresCell" == "",
"hasMonetaryCost" == "",
"supportsAltitude" == "",
"supportsSpeed" == "",
"supportsBearing" == "",
android.location.Criteria.POWER_LOW,
android.location.Criteria.ACCURACY_FINE
);
Location newLocation = new Location(LocationManager.GPS_PROVIDER);
newLocation.setLatitude (55.9500);
newLocation.setLongitude(3.1833);
newLocation.setAccuracy(500);
if (Build.VERSION.SDK_INT > Build.VERSION_CODES.JELLY_BEAN) {
newLocation.setElapsedRealtimeNanos(SystemClock.elapsedRealtimeNanos());
// Elapsed time can also be set using
// mockLocation.setElapsedRealtimeNanos(System.nanoTime());
// Elapsed time can be disregarded using
// mockLocation.makeComplete();
}
mLocationManager.setTestProviderEnabled
(
LocationManager.GPS_PROVIDER,
true
);
mLocationManager.setTestProviderStatus
(
LocationManager.GPS_PROVIDER,
LocationProvider.AVAILABLE,
null,
System.currentTimeMillis()
);
mLocationManager.setTestProviderLocation
(
LocationManager.GPS_PROVIDER,
newLocation
);
}

Added in Api Level 1.
This permission constant was removed in Api Level 23 - https://developer.android.com/sdk/api_diff/23/changes/android.Manifest.permission.html

More information:

android.permission.BIND_ACCESSIBILITY_SERVICE

Added in API level 16
Must be required by an android.accessibilityservice.AccessibilityService, to ensure that only the system can bind to it.

Protection level: signature

Constant Value: "android.permission.BIND_ACCESSIBILITY_SERVICE"

Usage in the manifest:

1
2
3
4
5
6
7
8
9
<application>
<service android:name=".MyAccessibilityService"
android:label="@string/accessibility_service_label">
<intent-filter>
<action android:name="android.accessibilityservice.AccessibilityService" />
</intent-filter>
</service>
<uses-permission android:name="android.permission.BIND_ACCESSIBILITY_SERVICE" />
</application>

Sample code to launch accessibility settings page:

1
2
3
Intent openSettings = new Intent(Settings.ACTION_ACCESSIBILITY_SETTINGS);
openSettings.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_NO_HISTORY);
startActivity(openSettings);

Sample accessibility service:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package com.acb;
import android.accessibilityservice.AccessibilityServiceInfo;
import android.util.Log;
import android.view.accessibility.AccessibilityEvent;
public class AccessibilityService extends android.accessibilityservice.AccessibilityService {
private static final String TAG = "AccessibilityService";
@Override
public void onAccessibilityEvent(AccessibilityEvent event) {
Log.e(TAG, "Catch Event Package Name : " + event.getPackageName());
Log.e(TAG, "Catch Event TEXT : " + event.getText());
Log.e(TAG, "Catch Event ContentDescription : " + event.getContentDescription());
Log.e(TAG, "Catch Event getSource : " + event.getSource());
Log.e(TAG, "=========================================================================");
}
public void onServiceConnected() {
AccessibilityServiceInfo info = new AccessibilityServiceInfo();
info.eventTypes = AccessibilityEvent.TYPES_ALL_MASK;
info.feedbackType = AccessibilityServiceInfo.DEFAULT | AccessibilityServiceInfo.FEEDBACK_HAPTIC;
info.notificationTimeout = 100; // millisecond
setServiceInfo(info);
}
@Override
public void onInterrupt() {
// TODO Auto-generated method stub
Log.e("TEST", "OnInterrupt");
}
}

Cloak & Dagger

BIND_ACCESSIBILITY_SERVICE permission can used by Cloak & Dagger attack.
Cloak & Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicious app to completely control the UI feedback loop and take over the device — without giving the user a chance to notice the malicious activity. These attacks only require two permissions that, in case the app is installed from the Play Store, the user does not need to explicitly grant and for which she is not even notified.

These attacks abuse one or both of the SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”).

More information about is here: http://cloak-and-dagger.org/

See also:

android.permission.USE_CREDENTIALS

Allows an application to request authentication tokens.

This permission was removed in Api Level 23 (look in Removed Fields):
https://developer.android.com/sdk/api_diff/23/changes/android.Manifest.permission.html

Usage in the manifest:

1
<uses-permission android:name="android.permission.USE_CREDENTIALS"/>

Cases when this permission is needed when targeting your app to work on API level 22 and before and using:

AccountManager#invalidateAuthToken

When using AccountManager.html#invalidateAuthToken)

This function removes an auth token from the AccountManager’s cache. Does nothing if the auth token is not currently in the cache. Applications must call this method when the auth token is found to have expired or otherwise become invalid for authenticating requests. The AccountManager does not validate or expire cached auth tokens otherwise.

AccountManager#blockingGetAuthToken

AccountManager#blockingGetAuthToken)

This convenience helper synchronously gets an auth token with getAuthToken(Account, String, boolean, AccountManagerCallback, Handler).

AccountManager#getAuthToken

There are multiple methods with that name in AccountManager. For more details see https://developer.android.com/reference/android/accounts/AccountManager.html.