Permissions that can have a large impact on user privacy, marked as dangerous or "not for use by third-party applications" by Android, should be requested only if they are really necessary to implement critical features of an application.

Ask Yourself Whether

You are at risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

It is recommended to carefully review all the permissions and to use dangerous ones only if they are really necessary.

Sensitive Code Example

In AndroidManifest.xml:

<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" /> <!-- Sensitive -->
<uses-permission android:name="android.permission.ACCESS_MEDIA_LOCATION" /> <!-- Sensitive -->

Compliant Solution

<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <!-- Compliant -->

See