App is direct-boot aware [android:directBootAware=true] This app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
Medium
Application Data can be Backed up[android:allowBackup] flag is missing. The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High
Content Provider (com.android.shell.BugreportStorageProvider) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.MANAGE_DOCUMENTS [android:exported=true] A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High
Broadcast Receiver (com.android.shell.BugreportReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.DUMP [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High
Broadcast Receiver (com.android.shell.RemoteBugreportReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.DUMP [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
The application does not store any credentials to non-volatile memory. Storage of Credentials
FCS_CKM_EXT.1.1
The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services
FDP_DEC_EXT.1.1
The application has access to ['location', 'bluetooth', 'network connectivity']. Access to Platform Resources
FDP_DEC_EXT.1.2
The application has access to ['calender', 'address book']. Access to Platform Resources
FDP_NET_EXT.1.1
The application has no network communications. Network Communications
FDP_DAR_EXT.1.1
The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1
The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit
send SMS messages Allows application to send SMS messages. Malicious applications may cost you money by sending messages without your confirmation.
High
android.permission.READ_SMS
read SMS or MMS Allows application to read SMS messages stored on your phone or SIM card. Malicious applications may read your confidential messages.
High
android.permission.CALL_PHONE
directly call phone numbers Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High
android.permission.READ_PHONE_STATE
read phone state and identity Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High
android.permission.READ_PRECISE_PHONE_STATE
Allows read only access to precise phone state. Allows reading of detailed information about phone state for special-use applications such as dialers, carrier applications, or ims applications.
High
android.permission.READ_CONTACTS
read contact data Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
High
android.permission.WRITE_CONTACTS
write contact data Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.
High
android.permission.READ_CALENDAR
read calendar events Allows an application to read all of the calendar events stored on your phone. Malicious applications can use this to send your calendar events to other people.
High
android.permission.WRITE_CALENDAR
add or modify calendar events and send emails to guests Allows an application to add or change the events on your calendar, which may send emails to guests. Malicious applications can use this to erase or modify your calendar events or to send emails to guests.
High
android.permission.READ_USER_DICTIONARY
read user-defined dictionary Allows an application to read any private words, names and phrases that the user may have stored in the user dictionary.
High
android.permission.ACCESS_FINE_LOCATION
fine (GPS) location Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High
android.permission.ACCESS_COARSE_LOCATION
coarse (network-based) location Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High
android.permission.SET_ANIMATION_SCALE
modify global animation speed Allows an application to change the global animation speed (faster or slower animations) at any time.
High
android.permission.WRITE_SETTINGS
modify global system settings Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High
android.permission.SET_DEBUG_APP
enable application debugging Allows an application to turn on debugging for another application. Malicious applications can use this to kill other applications.
High
android.permission.SET_PROCESS_LIMIT
limit number of running processes Allows an application to control the maximum number of processes that will run. Never needed for common applications.
High
android.permission.SET_ALWAYS_FINISH
make all background applications close Allows an application to control whether activities are always finished as soon as they go to the background. Never needed for common applications.
High
android.permission.SIGNAL_PERSISTENT_PROCESSES
send Linux signals to applications Allows application to request that the supplied signal be sent to all persistent processes.
High
android.permission.READ_EXTERNAL_STORAGE
read external storage contents Allows an application to read from external storage.
High
android.permission.WRITE_EXTERNAL_STORAGE
read/modify/delete external storage contents Allows an application to write to external storage.
High
android.permission.GET_ACCOUNTS
list accounts Allows access to the list of accounts in the Accounts Service.
High
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
mount and unmount file systems Allows the application to mount and unmount file systems for removable storage.
High
android.permission.MOUNT_FORMAT_FILESYSTEMS
format external storage Allows the application to format removable storage.
Low
android.permission.WRITE_USER_DICTIONARY
write to user-defined dictionary Allows an application to write new words into the user dictionary.
Low
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
access extra location provider commands Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Low
android.permission.ACCESS_NETWORK_STATE
view network status Allows an application to view the status of all networks.
Low
android.permission.ACCESS_WIFI_STATE
view Wi-Fi status Allows an application to view the information about the status of Wi-Fi.
Low
android.permission.BLUETOOTH
create Bluetooth connections Allows applications to connect to paired bluetooth devices.
Low
android.permission.EXPAND_STATUS_BAR
expand/collapse status bar Allows application to expand or collapse the status bar.
Low
android.permission.DISABLE_KEYGUARD
Allows applications to disable the keyguard if it is not secure.
Low
android.permission.FOREGROUND_SERVICE
Allows a regular application to use Service.startForeground
Low
android.permission.REORDER_TASKS
reorder applications running Allows an application to move tasks to the foreground and background. Malicious applications can force themselves to the front without your control.
Low
android.permission.BROADCAST_STICKY
send sticky broadcast Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory.
Low
android.permission.KILL_BACKGROUND_PROCESSES
kill background processes Allows an application to kill background processes of other applications, even if memory is not low.
Low
android.permission.VIBRATE
control vibrator Allows the application to control the vibrator.
Low
android.permission.CHANGE_WIFI_STATE
change Wi-Fi status Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low
android.permission.WAKE_LOCK
prevent phone from sleeping Allows an application to prevent the phone from going to sleep.
Low
android.permission.SET_WALLPAPER
set wallpaper Allows the application to set the system wallpaper.
Low
android.permission.INTERACT_ACROSS_PROFILES
Allows interaction across profiles in the same profile group.
Medium
android.permission.SET_PREFERRED_APPLICATIONS
set preferred applications Allows an application to modify your preferred applications. This can allow malicious applications to silently change the applications that are run, spoofing your existing applications to collect private data from you.
Medium
android.permission.FORCE_BACK
force application to close Allows an application to force any activity that is in the foreground to close and go back. Should never be needed for common applications.
Medium
android.permission.BATTERY_STATS
modify battery statistics Allows the modification of collected battery statistics. Not for use by common applications.
Medium
android.permission.PACKAGE_USAGE_STATS
update component usage statistics Allows the modification of collected component usage statistics. Not for use by common applications.
Medium
android.permission.INTERNAL_SYSTEM_WINDOW
display unauthorised windows Allows the creation of windows that are intended to be used by the internal system user interface. Not for use by common applications.
Medium
android.permission.INJECT_EVENTS
press keys and control buttons Allows an application to deliver its own input events (key presses, etc.) to other applications. Malicious applications can use this to take over the phone.
Medium
android.permission.SET_ACTIVITY_WATCHER
monitor and control all application launching Allows an application to monitor and control how the system launches activities. Malicious applications may compromise the system completely. This permission is needed only for development, never for common phone usage.
Medium
android.permission.READ_INPUT_STATE
record what you type and actions that you take Allows applications to watch the keys that you press even when interacting with another application (such as entering a password). Should never be needed for common applications.
Medium
android.permission.SET_ORIENTATION
change screen orientation Allows an application to change the rotation of the screen at any time. Should never be needed for common applications.
Medium
android.permission.CLEAR_APP_USER_DATA
delete other applications' data Allows an application to clear user data.
Medium
android.permission.ACCESS_SURFACE_FLINGER
access SurfaceFlinger Allows application to use SurfaceFlinger low-level features.
Medium
android.permission.READ_FRAME_BUFFER
read frame buffer Allows application to read the content of the frame buffer.
Medium
android.permission.DEVICE_POWER
turn phone on or off Allows the application to turn the phone on or off.
Medium
android.permission.FORCE_STOP_PACKAGES
force-stop other applications Allows an application to stop other applications forcibly.
Medium
android.permission.STOP_APP_SWITCHES
prevent app switches Prevents the user from switching to another application.
Medium
android.permission.STATUS_BAR_SERVICE
status bar Allows the application to be the status bar.
Medium
android.permission.CHANGE_CONFIGURATION
change your UI settings Allows an application to change the current configuration, such as the locale or overall font size.
Medium
android.permission.WRITE_SECURE_SETTINGS
modify secure system settings Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium
android.permission.DUMP
retrieve system internal status Allows application to retrieve internal status of the system. Malicious applications may retrieve a wide variety of private and secure information that they should never commonly need.
Medium
android.permission.INSTALL_PACKAGES
directly install applications Allows an application to install new or updated Android packages. Malicious applications can use this to add new applications with arbitrarily powerful permissions.
Medium
android.permission.MOVE_PACKAGE
Move application resources Allows an application to move application resources from internal to external media and vice versa.
Medium
android.permission.CLEAR_APP_CACHE
delete all application cache data Allows an application to free phone storage by deleting files in application cache directory. Access is usually very restricted to system process.
Medium
android.permission.DELETE_CACHE_FILES
delete other applications' caches Allows an application to delete cache files.
Medium
android.permission.DELETE_PACKAGES
delete applications Allows an application to delete Android packages. Malicious applications can use this to delete important applications.
Medium
android.permission.INSTALL_LOCATION_PROVIDER
permission to install a location provider Create mock location sources for testing. Malicious applications can use this to override the location and/or status returned by real-location sources such as GPS or Network providers, or monitor and report your location to an external source.
Medium
android.permission.BACKUP
control system back up and restore Allows the application to control the system's back-up and restore mechanism. Not for use by common applications.
Medium
android.permission.BIND_APPWIDGET
choose widgets Allows the application to tell the system which widgets can be used by which application. With this permission, applications can give access to personal data to other applications. Not for use by common applications.
Medium
android.permission.MODIFY_PHONE_STATE
modify phone status Allows the application to control the phone features of the device. An application with this permission can switch networks, turn the phone radio on and off and the like, without ever notifying you.
Medium
android.permission.CHANGE_COMPONENT_ENABLED_STATE
enable or disable application components Allows an application to change whether or not a component of another application is enabled. Malicious applications can use this to disable important phone capabilities. It is important to be careful with permission, as it is possible to bring application components into an unusable, inconsistent or unstable state.
Medium
android.permission.SET_TIME
set time Allows an application to change the phone's clock time.
Medium
android.permission.SET_TIME_ZONE
set time zone Allows an application to change the phone's time zone.
Medium
android.permission.STATUS_BAR
disable or modify status bar Allows application to disable the status bar or add and remove system icons.
Medium
android.permission.SET_WALLPAPER_COMPONENT
android.permission.GET_RUNTIME_PERMISSIONS
Unknown permission Unknown permission from android reference
android.permission.READ_PRIVILEGED_PHONE_STATE
Unknown permission Unknown permission from android reference
android.permission.LOCAL_MAC_ADDRESS
Unknown permission Unknown permission from android reference
android.permission.MANAGE_NETWORK_POLICY
Unknown permission Unknown permission from android reference
android.permission.MANAGE_USB
Unknown permission Unknown permission from android reference
android.permission.USE_RESERVED_DISK
Unknown permission Unknown permission from android reference
android.permission.REAL_GET_TASKS
Unknown permission Unknown permission from android reference
android.permission.REMOVE_TASKS
Unknown permission Unknown permission from android reference
android.permission.READ_DEVICE_CONFIG
Unknown permission Unknown permission from android reference
android.permission.WRITE_DEVICE_CONFIG
Unknown permission Unknown permission from android reference
android.permission.MANAGE_ACCESSIBILITY
Unknown permission Unknown permission from android reference
android.permission.RETRIEVE_WINDOW_CONTENT
Unknown permission Unknown permission from android reference
android.permission.ACCESS_INSTANT_APPS
Unknown permission Unknown permission from android reference
android.permission.MANAGE_ROLLBACKS
Unknown permission Unknown permission from android reference
android.permission.TEST_MANAGE_ROLLBACKS
Unknown permission Unknown permission from android reference
android.permission.POWER_SAVER
Unknown permission Unknown permission from android reference