Galois just announced a tool to help Android developers migrate apps to Android 6, while making the best use of the new Runtime Permissions feature. The Galois tool, Fuse Analyzer: Permissions, analyzes binary Andorid APKs to find the locations where you, as a developer, need to handle permissions more carefully in Android 6.
The new Runtime Permissions feature brings about a significant change to the way apps handle permissions–the access control mechanism that prevents apps from freely accessing private details or device capabilities. This change is likely to cause applications to crash or misbehave if they are not updated properly because user’s can, for the first time, say “no” to an application’s request for a permission.
Previously, Android apps requested all permissions when they were installed. That’s how an app would gain access to, for example, the Internet, the camera, the microphone, and so on. If users wanted to install an app, they had to approve all the permissions.
Android M will allow users to pick and choose what permissions are OK when an application actually needs access. This model is familiar to any one using iOS, and the Android user experience will probably be similar. However, this approach is entirely new for Android developers. Now, it’s not strictly required that your use the runtime permissions feature — apps can still declare the permissions in the traditional way, and require that they are approved at install time. However, either Google, or simply market expectations will eventually shift that requirement. Furthermore, users can still retroactively revoke access to so called “dangerous” permissions for apps that have already been installed. These may even be apps installed before upgrading to Android 6. When that happens, the apps get a “null” result.
Android developers need to start handling every method call that is protected by a dangerous permission very carefully. These calls must be guarded by a check to see if the application currently has access to that permission, and if not, properly ask the user for that access or behave in a reasonable way without access. If your app does not make that check or it does not have access to the permission then it must at least handle the potentially null results.
Updating an app to perform these checks would not be particularly difficult, but there is no public list of methods that require permissions. That makes it quite difficult for developers to find the places that they need to make changes — in practice, this is going to be extremely time consuming, and the Google advice is to test, test, and test:
If your app targets the M Developer Preview, you must test that it handles permissions properly. You cannot assume that your app has
any particular permissions when it runs. When the app is first launched, it is likely to have no permissions, and the user can revoke or restore permissions at any time.
You should test your app to make sure it behaves properly under all permission situations. With the M Preview SDK, we have provided new Android Debug Bridge (adb) commands to enable you to test your app with whatever permissions settings you need to try.
You try out Fuse Analyzer: Permissions for free at http://fuseanalyzer.com. It presents a list of the locations in your application that need attention. Fuse Analyzer can do a lot more than that: the Complete version can check for a couple dozen assorted security-related problems, and if you’re interested in that level of detail, we’d really like to talk with you in detail! For now, you can try out Fuse Analyzer: Permissions on three apps for
free, and buy additional scans for a few dollars each.