On Thu, Feb 23, 2012 at 6:57 AM, Raja Nagendra Kumar <[email protected]> wrote: > Hi, > > Looking for some inputs why Android explicitly expects all the > permissions need to be declared in Android Manifest file.. > > Can Android Run time introspect at run time or during compile time and > prepare such info based on the API used by the application... > > Can it made redundant..through automatic application introspection.. > > Basically looking for why android is designed for explicit permissions > declaration.. when it can be automatically discovered at compiler time > or at run time.. >
There are a number of reasons. The first is just simplicity. Integrating a good enough static analysis to make permissions inference technically feasible would be possible, but perhaps not that useful. Consider a situation where a programmer uses an API call which maps to some permission, but this call is in a piece of code which can never be executed. The fact that it's dead code may be highly nontrivial to ascertain. Another difficulty lies in the fact that permissions don't always map onto calls: sometimes they map to content providers, guards on intents, etc... So it's not really possible without doing some very heavy static analysis to determine the possible range of inputs to these intents is. Unfortunately static analysis may be inherently imprecise to the point that you'd have to assume that all permissions (which gate content providers) were required when someone did a query to a content provider, for instance. In other words, the idea that you can statically determine permissions is inherently incorrect: while it's probably technically possible, it's a nontrivial area of static analysis and an active topic of research.. Kris -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
