What API are you targeting in your Maifest file? If you target API < 4 it will be automatically requested.
"WRITE_EXTERNAL_STORAGE: Allows an application to write to external storage. Applications using API Level 3 and lower will be implicitly granted this permission (and this will be visible to the user); Applications using API Level 4 or higher must explicitly request this permission. " see http://developer.android.com/sdk/android-1.6.html#api Regards Dominik On 26.05.2012 10:16, Lucas Xu wrote: > I would say this is very strange and absolutely an abnormal case. Could you > post the environment variables (.i.e. device model, app, permission, api, > etc.) for your test here? > > > On Friday, May 25, 2012 9:10:25 PM UTC+8, [email protected] wrote: >> >> There is a permission (WRITE_TO_EXTERNAL_STORAGE) to access in write mode >> to the SD....and an application can access in this way without declaring >> this permission in its manifest file! >> >> I'm pretty sure of that! >> >> Cheers >> >> ----Messaggio originale---- >> Da: [email protected] >> Data: 24-mag-2012 21.37 >> A: <[email protected]> >> Ogg: [android-security-discuss] Re: mismatch between manifest permissions >> and dalvik virtual machine permissions >> >> Any application can access the external storage without any permission, >> the external memory is world readable. May I ask which tool did you use? >> Thanks >> >> Em quinta-feira, 24 de maio de 2012 06h40min33s UTC-3, >> [email protected]: >>> >>> Using a tool to make statical analysis of apk, I noticed a strange >>> behaviour. There is often a mismatch between the permission declared >>> in the manifest and the permissions required by application in dalvik >>> virtual machine. So, the application can require, for example, the >>> access to external memory without declaring permission in the >>> manifest. >>> Is it a "normal" behaviour"? I supposed the application can use only >>> the API associated to the permissions declared in the manifest, >>> instead, from real tests, it seems it is false. >>> Thanks in advance, >>> cheers >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/android-security-discuss/-/jzoG3VuVO3YJ. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> >> >> >
signature.asc
Description: OpenPGP digital signature
