App is direct-boot aware [android:directBootAware=true] This app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
Medium
Application Data can be Backed up[android:allowBackup] flag is missing. The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High
Content Provider (com.android.shell.BugreportStorageProvider) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.MANAGE_DOCUMENTS [android:exported=true] A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High
Broadcast Receiver (com.android.shell.BugreportRequestedReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.TRIGGER_SHELL_BUGREPORT [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High
Broadcast Receiver (com.android.shell.HeapDumpReceiver) is Protected by a permission, but the protection level of the permission should be checked.Permission: android.permission.DUMP [android:exported=true] A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
The application does not store any credentials to non-volatile memory. Storage of Credentials
FCS_CKM_EXT.1.1
The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services
FDP_DEC_EXT.1.1
The application has access to ['NFC', 'network connectivity', 'camera', 'location', 'bluetooth', 'microphone']. Access to Platform Resources
FDP_DEC_EXT.1.2
The application has access to ['calender', 'system logs', 'call lists', 'address book']. Access to Platform Resources
FDP_NET_EXT.1.1
The application has user/application initiated network communications. Network Communications
FDP_DAR_EXT.1.1
The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1
The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit
FCS_COP.1.1(2)
The application perform cryptographic hashing services in accordance with a specified cryptographic algorithm SHA-1/SHA-256/SHA-384/SHA-512 and message digest sizes 160/256/384/512 bits. Cryptographic Operation - Hashing
send SMS messages Allows application to send SMS messages. Malicious applications may cost you money by sending messages without your confirmation.
High
android.permission.READ_SMS
read SMS or MMS Allows application to read SMS messages stored on your phone or SIM card. Malicious applications may read your confidential messages.
High
android.permission.CALL_PHONE
directly call phone numbers Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
High
android.permission.READ_PHONE_STATE
read phone state and identity Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.
High
android.permission.READ_PRECISE_PHONE_STATE
Allows read only access to precise phone state. Allows reading of detailed information about phone state for special-use applications such as dialers, carrier applications, or ims applications.
High
android.permission.READ_CONTACTS
read contact data Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.
High
android.permission.WRITE_CONTACTS
write contact data Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.
High
android.permission.READ_CALENDAR
read calendar events Allows an application to read all of the calendar events stored on your phone. Malicious applications can use this to send your calendar events to other people.
High
android.permission.WRITE_CALENDAR
add or modify calendar events and send emails to guests Allows an application to add or change the events on your calendar, which may send emails to guests. Malicious applications can use this to erase or modify your calendar events or to send emails to guests.
High
android.permission.READ_CALL_LOG
Allows an application to read the user's call log.
High
android.permission.WRITE_CALL_LOG
Allows an application to write (but not read) the user's call log data.
High
android.permission.READ_USER_DICTIONARY
read user-defined dictionary Allows an application to read any private words, names and phrases that the user may have stored in the user dictionary.
High
android.permission.ACCESS_FINE_LOCATION
fine (GPS) location Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.
High
android.permission.ACCESS_COARSE_LOCATION
coarse (network-based) location Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High
android.permission.RECEIVE_SMS
receive SMS Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
High
android.permission.RECEIVE_WAP_PUSH
receive WAP Allows application to receive and process WAP messages. Malicious applications may monitor your messages or delete them without showing them to you.
High
android.permission.RECEIVE_MMS
receive MMS Allows application to receive and process MMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
High
android.permission.ACCESS_MEDIA_LOCATION
access any geographic locations Allows an application to access any geographic locations persisted in the user's shared collection.
High
android.permission.PROCESS_OUTGOING_CALLS
intercept outgoing calls Allows application to process outgoing calls and change the number to be dialled. Malicious applications may monitor, redirect or prevent outgoing calls.
High
android.permission.READ_PHONE_NUMBERS
Allows read access to the device's phone number(s). This is a subset of the capabilities granted by
High
android.permission.USE_SIP
make/receive Internet calls Allows an application to use the SIP service to make/receive Internet calls.
High
android.permission.ANSWER_PHONE_CALLS
Allows the app to answer an incoming phone call.
High
android.permission.ACCEPT_HANDOVER
Allows a calling app to continue a call which was started in another app. An example is a video calling app that wants to continue a voice call on the user's mobile network.
High
android.permission.ACTIVITY_RECOGNITION
allow application to recognize physical activity Allows an application to recognize physical activity.
High
android.permission.BODY_SENSORS
Allows an application to access data from sensors that the user uses to measure what is happening inside his/her body, such as heart rate.
High
android.permission.READ_LOGS
read sensitive log data Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
High
android.permission.READ_PROFILE
read the user's personal profile data Allows an application to read the user's personal profile data.
High
android.permission.WRITE_PROFILE
write the user's personal profile data Allows an application to write (but not read) the user's personal profile data.
High
android.permission.READ_SOCIAL_STREAM
read from the user's social stream Allows an application to read from the user's social stream.
High
android.permission.WRITE_SOCIAL_STREAM
write the user's social stream Allows an application to write (but not read) the user's social stream data.
High
android.permission.WRITE_SMS
edit SMS or MMS Allows application to write to SMS messages stored on your phone or SIM card. Malicious applications may delete your messages.
High
android.permission.AUTHENTICATE_ACCOUNTS
act as an account authenticator Allows an application to use the account authenticator capabilities of the Account Manager, including creating accounts as well as obtaining and setting their passwords.
High
android.permission.MANAGE_ACCOUNTS
manage the accounts list Allows an application to perform operations like adding and removing accounts and deleting their password.
High
android.permission.USE_CREDENTIALS
use the authentication credentials of an account Allows an application to request authentication tokens.
High
android.permission.SUBSCRIBED_FEEDS_WRITE
write subscribed feeds Allows an application to modify your currently synced feeds. This could allow a malicious application to change your synced feeds.
High
android.permission.GET_TASKS
retrieve running applications Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
High
android.permission.PERSISTENT_ACTIVITY
make application always run Allows an application to make parts of itself persistent, so that the system can't use it for other applications.
High
android.permission.ACCESS_BACKGROUND_LOCATION
access location in background Allows an app to access location in the background. If you're requesting this permission, you must also request either
High
android.permission.SET_ANIMATION_SCALE
modify global animation speed Allows an application to change the global animation speed (faster or slower animations) at any time.
High
android.permission.WRITE_SETTINGS
modify global system settings Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
High
android.permission.SET_DEBUG_APP
enable application debugging Allows an application to turn on debugging for another application. Malicious applications can use this to kill other applications.
High
android.permission.SET_PROCESS_LIMIT
limit number of running processes Allows an application to control the maximum number of processes that will run. Never needed for common applications.
High
android.permission.SET_ALWAYS_FINISH
make all background applications close Allows an application to control whether activities are always finished as soon as they go to the background. Never needed for common applications.
High
android.permission.SIGNAL_PERSISTENT_PROCESSES
send Linux signals to applications Allows application to request that the supplied signal be sent to all persistent processes.
High
android.permission.READ_EXTERNAL_STORAGE
read external storage contents Allows an application to read from external storage.
High
android.permission.WRITE_EXTERNAL_STORAGE
read/modify/delete external storage contents Allows an application to write to external storage.
High
android.permission.GET_ACCOUNTS
list accounts Allows access to the list of accounts in the Accounts Service.
High
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
mount and unmount file systems Allows the application to mount and unmount file systems for removable storage.
High
android.permission.MOUNT_FORMAT_FILESYSTEMS
format external storage Allows the application to format removable storage.
High
android.permission.CAMERA
take pictures and videos Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.
High
android.permission.RECORD_AUDIO
record audio Allows application to access the audio record path.
High
android.permission.MANAGE_EXTERNAL_STORAGE
Allows an application a broad access to external storage in scoped storage Allows an application a broad access to external storage in scoped storage. Intended to be used by few apps that need to manage files on behalf of the users.
High
android.permission.SYSTEM_ALERT_WINDOW
display system-level alerts Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone.
Low
android.permission.WRITE_USER_DICTIONARY
write to user-defined dictionary Allows an application to write new words into the user dictionary.
Low
android.permission.MANAGE_OWN_CALLS
Allows a calling application which manages it own calls through the self-managed
Low
android.permission.CALL_COMPANION_APP
Allows an app which implements the InCallService API to be eligible to be enabled as a calling companion app. This means that the Telecom framework will bind to the app's InCallService implementation when there are calls active. The app can use the InCallService API to view information about calls on the system and control these calls.
Low
android.permission.USE_FINGERPRINT
allow use of fingerprint This constant was deprecated in API level 28. Applications should request USE_BIOMETRIC instead
Low
android.permission.SUBSCRIBED_FEEDS_READ
read subscribed feeds Allows an application to receive details about the currently synced feeds.
Low
android.permission.FLASHLIGHT
control flashlight Allows the application to control the flashlight.
Low
android.permission.INTERNET
full Internet access Allows an application to create network sockets.
Low
android.permission.NFC
control Near-Field Communication Allows an application to communicate with Near-Field Communication (NFC) tags, cards and readers.
Low
android.permission.NFC_TRANSACTION_EVENT
Allows applications to receive NFC transaction events.
Low
android.permission.NFC_PREFERRED_PAYMENT_INFO
Allows applications to receive NFC preferred payment service information.
Low
android.permission.CHANGE_WIFI_MULTICAST_STATE
allow Wi-Fi Multicast reception Allows an application to receive packets not directly addressed to your device. This can be useful when discovering services offered nearby. It uses more power than the non-multicast mode.
Low
android.permission.TRANSMIT_IR
Allows using the device's IR transmitter, if available.
Low
android.permission.MODIFY_AUDIO_SETTINGS
change your audio settings Allows application to modify global audio settings, such as volume and routing.
Low
android.permission.REQUEST_PASSWORD_COMPLEXITY
Allows an application to request the screen lock complexity and prompt users to update the screen lock to a certain complexity level.
Low
android.permission.RESTART_PACKAGES
kill background processes Allows an application to kill background processes of other applications, even if memory is not low.
Permission an application must hold in order to use Settings.ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS.
Low
android.permission.ACCESS_NOTIFICATION_POLICY
Marker permission for applications that wish to access notification policy.
Low
android.permission.USE_FULL_SCREEN_INTENT
Required for apps targeting Build.VERSION_CODES.Q that want to use notification full screen intents.
Low
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
access extra location provider commands Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Low
android.permission.ACCESS_NETWORK_STATE
view network status Allows an application to view the status of all networks.
Low
android.permission.ACCESS_WIFI_STATE
view Wi-Fi status Allows an application to view the information about the status of Wi-Fi.
Low
android.permission.BLUETOOTH
create Bluetooth connections Allows applications to connect to paired bluetooth devices.
Low
android.permission.BLUETOOTH_ADMIN
bluetooth administration Allows applications to discover and pair bluetooth devices.
Low
android.permission.EXPAND_STATUS_BAR
expand/collapse status bar Allows application to expand or collapse the status bar.
Low
android.permission.DISABLE_KEYGUARD
Allows applications to disable the keyguard if it is not secure.
Low
android.permission.FOREGROUND_SERVICE
Allows a regular application to use Service.startForeground
Low
android.permission.REORDER_TASKS
reorder applications running Allows an application to move tasks to the foreground and background. Malicious applications can force themselves to the front without your control.
Low
android.permission.BROADCAST_STICKY
send sticky broadcast Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory.
Low
android.permission.KILL_BACKGROUND_PROCESSES
kill background processes Allows an application to kill background processes of other applications, even if memory is not low.
Low
android.permission.VIBRATE
control vibrator Allows the application to control the vibrator.
Low
android.permission.CHANGE_WIFI_STATE
change Wi-Fi status Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks.
Low
android.permission.WAKE_LOCK
prevent phone from sleeping Allows an application to prevent the phone from going to sleep.
Low
android.permission.RECEIVE_BOOT_COMPLETED
automatically start at boot Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low
android.permission.SET_WALLPAPER
set wallpaper Allows the application to set the system wallpaper.
Low
android.permission.INTERACT_ACROSS_PROFILES
Allows interaction across profiles in the same profile group.
Low
android.permission.LOCATION_HARDWARE
Allows an application to use location features in hardware, such as the geofencing api.
Low
android.permission.USE_BIOMETRIC
Allows an app to use device supported biometric modalities.
Low
android.permission.QUERY_ALL_PACKAGES
Allows query of any normal app on the device, regardless of manifest declarations.
Low
android.permission.MEDIA_CONTENT_CONTROL
Allows an application to know what content is playing and control its playback.
Medium
android.permission.SET_PREFERRED_APPLICATIONS
set preferred applications Allows an application to modify your preferred applications. This can allow malicious applications to silently change the applications that are run, spoofing your existing applications to collect private data from you.
Medium
android.permission.FORCE_BACK
force application to close Allows an application to force any activity that is in the foreground to close and go back. Should never be needed for common applications.
Medium
android.permission.BATTERY_STATS
modify battery statistics Allows the modification of collected battery statistics. Not for use by common applications.
Medium
android.permission.PACKAGE_USAGE_STATS
update component usage statistics Allows the modification of collected component usage statistics. Not for use by common applications.
Medium
android.permission.INTERNAL_SYSTEM_WINDOW
display unauthorised windows Allows the creation of windows that are intended to be used by the internal system user interface. Not for use by common applications.
Medium
android.permission.INJECT_EVENTS
press keys and control buttons Allows an application to deliver its own input events (key presses, etc.) to other applications. Malicious applications can use this to take over the phone.
Medium
android.permission.SET_ACTIVITY_WATCHER
monitor and control all application launching Allows an application to monitor and control how the system launches activities. Malicious applications may compromise the system completely. This permission is needed only for development, never for common phone usage.
Medium
android.permission.READ_INPUT_STATE
record what you type and actions that you take Allows applications to watch the keys that you press even when interacting with another application (such as entering a password). Should never be needed for common applications.
Medium
android.permission.SET_ORIENTATION
change screen orientation Allows an application to change the rotation of the screen at any time. Should never be needed for common applications.
Medium
android.permission.CLEAR_APP_USER_DATA
delete other applications' data Allows an application to clear user data.
Medium
android.permission.ACCESS_SURFACE_FLINGER
access SurfaceFlinger Allows application to use SurfaceFlinger low-level features.
Medium
android.permission.READ_FRAME_BUFFER
read frame buffer Allows application to read the content of the frame buffer.
Medium
android.permission.DEVICE_POWER
turn phone on or off Allows the application to turn the phone on or off.
Medium
android.permission.FORCE_STOP_PACKAGES
force-stop other applications Allows an application to stop other applications forcibly.
Medium
android.permission.STOP_APP_SWITCHES
prevent app switches Prevents the user from switching to another application.
Medium
android.permission.STATUS_BAR_SERVICE
status bar Allows the application to be the status bar.
Medium
android.permission.BIND_CARRIER_SERVICES
The system process that is allowed to bind to services in carrier apps will have this permission. Carrier apps should use this permission to protect their services that only the system is allowed to bind to.
Medium
android.permission.INSTANT_APP_FOREGROUND_SERVICE
Allows an instant app to create foreground services.
Medium
android.permission.CHANGE_CONFIGURATION
change your UI settings Allows an application to change the current configuration, such as the locale or overall font size.
Medium
android.permission.WRITE_SECURE_SETTINGS
modify secure system settings Allows an application to modify the system's secure settings data. Not for use by common applications.
Medium
android.permission.DUMP
retrieve system internal status Allows application to retrieve internal status of the system. Malicious applications may retrieve a wide variety of private and secure information that they should never commonly need.
Medium
android.permission.INSTALL_PACKAGES
directly install applications Allows an application to install new or updated Android packages. Malicious applications can use this to add new applications with arbitrarily powerful permissions.
Medium
android.permission.MOVE_PACKAGE
Move application resources Allows an application to move application resources from internal to external media and vice versa.
Medium
android.permission.CLEAR_APP_CACHE
delete all application cache data Allows an application to free phone storage by deleting files in application cache directory. Access is usually very restricted to system process.
Medium
android.permission.DELETE_CACHE_FILES
delete other applications' caches Allows an application to delete cache files.
Medium
android.permission.DELETE_PACKAGES
delete applications Allows an application to delete Android packages. Malicious applications can use this to delete important applications.
Medium
android.permission.REBOOT
force phone reboot Allows the application to force the phone to reboot.
Medium
android.permission.INSTALL_LOCATION_PROVIDER
permission to install a location provider Create mock location sources for testing. Malicious applications can use this to override the location and/or status returned by real-location sources such as GPS or Network providers, or monitor and report your location to an external source.
Medium
android.permission.BACKUP
control system back up and restore Allows the application to control the system's back-up and restore mechanism. Not for use by common applications.
Medium
android.permission.BIND_APPWIDGET
choose widgets Allows the application to tell the system which widgets can be used by which application. With this permission, applications can give access to personal data to other applications. Not for use by common applications.
Medium
android.permission.MODIFY_PHONE_STATE
modify phone status Allows the application to control the phone features of the device. An application with this permission can switch networks, turn the phone radio on and off and the like, without ever notifying you.
Medium
android.permission.CHANGE_COMPONENT_ENABLED_STATE
enable or disable application components Allows an application to change whether or not a component of another application is enabled. Malicious applications can use this to disable important phone capabilities. It is important to be careful with permission, as it is possible to bring application components into an unusable, inconsistent or unstable state.
Medium
android.permission.SET_TIME
set time Allows an application to change the phone's clock time.
Medium
android.permission.SET_TIME_ZONE
set time zone Allows an application to change the phone's time zone.
Medium
android.permission.STATUS_BAR
disable or modify status bar Allows application to disable the status bar or add and remove system icons.
Medium
android.permission.LOADER_USAGE_STATS
Allows a data loader to read a package's access logs. The access logs contain the set of pages referenced over time.
Medium
android.permission.SET_WALLPAPER_COMPONENT
Medium
android.permission.CAPTURE_AUDIO_OUTPUT
Allows an application to capture audio output.
Medium
android.permission.UPDATE_DEVICE_STATS
modify battery statistics Allows the modification of collected battery statistics. Not for use by common applications.
android.permission.GET_RUNTIME_PERMISSIONS
Unknown permission Unknown permission from android reference
android.permission.READ_ACTIVE_EMERGENCY_SESSION
Unknown permission Unknown permission from android reference
android.permission.READ_PRIVILEGED_PHONE_STATE
Unknown permission Unknown permission from android reference
android.permission.HIGH_SAMPLING_RATE_SENSORS
Unknown permission Unknown permission from android reference
android.permission.READ_CELL_BROADCASTS
Unknown permission Unknown permission from android reference
com.android.voicemail.permission.ADD_VOICEMAIL
Unknown permission Unknown permission from android reference
android.permission.WRITE_EMBEDDED_SUBSCRIPTIONS
Unknown permission Unknown permission from android reference