Applications can define their own permissions if
they intend other applications to have programmatic access to them. If
your application doesn’t intend for other applications to call it, you
should just not export any Activities, BroadcastReceivers, Services, or
ContentProviders you create and not worry about permissions. Using a
manifest permission allows the end user to decide which programs get
programmatic access. For example, an application that manages a
shopping list application could define a permission named
“com.isecpartners.ACCESS_SHOPPING_LIST” (let’s call it
ACCESS_SHOPPING_LIST for short). If the application defines an
exclusive ShoppingList object, then there is now precisely one instance
of ShoppingList, and the ACCESS_SHOPPING_LIST permission is needed to
access it. The ACCESS_SHOPPING_LIST permission would be required for
callers trying to see or update the shopping list, and users would be
warned prior to granting this right to a new application. Done
correctly, only the programs that declare they use this permission
could access the list, giving the user a chance to either consent or
prevent inappropriate access. When defining permissions, keep them
clear and simple. Make sure you actually have a service or some data
you want to expose, not to just interactive users but to other programs.
Adding
permissions should be avoided by using a little cleverness whenever
possible. For example, you could define an Activity that adds a new
item to the shopping list. When an application calls startActivity and
provides an Intent to add a new shopping list item, the Activity could
display the data provided and ask for confirmation from the user
instead of requiring permission enforcement. This keeps the system
simple for users and saves you development effort. A requirement for
Activities that immediately alters the list upon starting would make
the permission approach necessary.
Creating custom permissions
can also help you minimize the permission requirements for applications
that use your program programmatically. For example, if an application
needs permissions to both send SMS messages and access the user’s
location, it could define a new permission such as
“SEND_LOCATION_MESSAGE”. (Note that location determination can require
multiple permissions, depending on which scheme the particular phone
uses.) This permission is all that applications using your service
would need, thus making their installation simpler and clearer to the
user.
