为什么这么多应用程序需要允许阅读电话状态和身份? -- permissions 领域 和 privacy 领域 android 相关 的问题

Why do so many applications require permission to read the phone state and identity?


简体版||繁體版
90
vote

问题

中文

为什么许多应用程序需要允许阅读电话状态和身份?具体:

  Phone calls    read phone state and identity   

例如QuickPedia是一个维基百科门户,但想要访问手机。这是什么解释?

输入图像描述

english

Why do so many applications require permission to read the phone state and identity?. Specifically:

Phone calls    read phone state and identity 

For example Quickpedia is a Wikipedia portal, but wants access to the phone. What is the explanation for this?

enter image description here

     
   
   

回答列表

18
 
vote

这个问题一直在困扰我。所以现在,最后,我决定进入问题的底部。

PlayStore有一个名为 permision.read_phone_state < / a>,该请求 READ_PHONE_STATE 作为唯一的权限,并且不做任何其他东西都没有打开它可以访问或不使用它的所有数据。我在我的 LG Optimus 4x 上安装了,扎根于Android 4.0.3,并使用LBE撤消了许可。结果非常有趣,如以下截图显示:

screenshot 1  screenshot 2 screenshot 3
app 权限收集的信息。 read_phone_state (点击图像以获得更大的变体)

如果您可以轻松地看到,甚至有些信息仍然无法访问,无权无法访问:我的邮箱号码(备注:是的,它是正确的;与我的提供商从您自己的设备拨打时,我的提供商是快捷方式,所以我可以自由地显示它;)在第一个截图的末尾你看到:

  • CALL_STATE_IDLE 所以没有电话呼叫传入,外向或正在进行中。没有应用程序需要在来电的呼叫上"背景" 自身。

甚至可以看出移动数据是否有效( DATA_DISCONNECTED ;我在wifi拍摄屏幕截图时,正如您在通知栏中看到的,您所在的哪个国家/地区提供者(包括他上的一些技术数据),无论您是有SIM卡,还是您在漫游。

not 可访问的唯一东西是识别数据:IMEI,SIMID,IMSI和您自己的电话号码。

结论:仅需要识别目的,唯一别的。

为什么这么多应用程序需要它?

  • 对于广告模块,最有可能 1
  • 因为dev 思想他需要它(如这里的一些答案所指出的) 2
  • 因为所讨论的应用程序旨在(也)在Android 1.5和下面运行(易于找出,就像在 Google Play 上那样)。

恰好在此顺序,imho。


1 注意丹在聊天中的帖子:

Google Play策略现在禁止应用您的IMEI来识别您的广告目的。现在所有的广告库都已更新以使用Google-Play服务提供的"广告ID" ,因此应该向Google报告任何仍然使用IMEI的IMEI。

因为用户难以讲述应用程序使用IMEI的内容,您应该要求开发人员首先解释。


2 另一个开发人员刚刚将我指向一个微妙的差异:虽然不需要许可对当前呼叫状态(如我所指出的),它可能需要注册侦听器,以便在更改上的通知状态(请参阅:检测在Android 上的传入和拨出电话呼叫。虽然当系统调用 onPause 时,似乎会自动处理此操作的手段,但可能并不总是适合:请考虑闹钟。您可能不希望在来电时自动停止 - 特别不是当您的配置文件设置为铃声卷"静音" 时。


3 再次a 来自Dan :你 获取默认的额外许可,如果您的应用程序的"目标" 版本为1.5。 如果您定位了以后的版本,但您的MIN版本为1.5,则无需自动添加许可。


更新

    有趣的是有一个打开问题(21504)分割 READ_PHONE_STATE 在需要的是a)检测到来电和相关(电话),以及识别细节的第二许可(IMEI,IMSI等)。开幕11/2011,仍然没有工作。明星它如果有兴趣:)
  1. 和是的,有一种方法来实现相同的(检测来电)而没有 READ_PHONE_STATE permission,如例如, 指出的是arno welzel 。由于传入的电话会触发铃声,活动可以与 onAudioFocusChange() 一起使用,这不需要任何特殊权限:如果由此触发,则该应用程序可以检查 callstate (再次无需任何特殊权限)来查看是否有呼入呼叫。

 

This question has been bothering me quite some time. So now, finally, I decided to get to the bottom of the issue.

The Playstore has an app named permission.READ_PHONE_STATE, which requests READ_PHONE_STATE as the only permission, and does nothing else than printing out all data it can access with or without using it. I've installed that on my LG Optimus 4X, being rooted on stock Android 4.0.3, and revoked the permission using LBE. Results where pretty interesting, as the following screenshots show:

Screenshot 1 Screenshot 2 Screenshot 3
Information gathered by the app permission.READ_PHONE_STATE (click images for larger variants)

As you can easily see, even some information the dev though inaccessible without the permission, was freely accessible: my mailbox number (remark: Yes, it's the correct one; with my provider that's the shortcut when dialing from your own device, so I can freely display it ;) At the end of the first screenshot you see:

  • CALL_STATE_IDLE. So no phone call incoming, outgoing, or in progress. No app needs this permission to "background" itself on incoming calls.

It's even possible to see whether mobile data are active (DATA_DISCONNECTED; I was on WiFi when taking the screenshots, as you can see in the notification bar), which country you're in, your provider (including some technical data on him), whether you're having a SIM card, or if you're in roaming.

The only things not accessible hence are identifying data: IMEI, SIMID, IMSI, and your own phone number.

Conclusion: This permission is only needed for identification purposes, nothing else.

Why do so many apps need it then?

  • For the ad modules, most likely1
  • Because the dev thought he needs it (as pointed out by some answers here)2
  • Because the app in question is designed to (also) run on Android 1.5 and below (easy to find out, as that's listed on Google Play).

Likelihoods in exactly this order, IMHO.


1 Note by Dan's post on chat:

Google Play policy now forbids apps from getting your IMEI to identify you for advertising purposes. All the ad libraries have been updated now to use the Google-Play-Services-provided "advertising ID", so any that still use the IMEI for this purpose should be reported to Google.

As it's hard for the user to tell what the app is using the IMEI for, you should ask the developer to explain first.


2 Another developer just pointed me to a subtle difference: while the permission is not needed to read the current call status (as I've pointed out), it might be needed to register a listener in order to be notified on changes of the call status (see: Detecting incoming and outgoing phone calls on Android). While there seem to be means of handling this automatically when the system calls onPause, that might not always be suitable: think of your alarm clock. You might not want to have that automatically stopped on an incoming call xe2x80x93 especially not when your profile is set to ringer volume "muted".


3 Again a correction from Dan: You only get the default extra permission if your app's "target" version is 1.5. If you target a later version but your min version is 1.5, you don't get the permission added automatically.


Updates

  1. Interesting that there's an open issue (21504) to divide READ_PHONE_STATE in what's needed to a) detect incoming calls and related (telephony), and a second permission for the identification details (IMEI, IMSI, etc). Opened 11/2011, still not worked on. Star it if interested :)
  2. And yes, there's a way to achieve the same (detecting incoming calls) without the READ_PHONE_STATE permission, as e.g. pointed out by Arno Welzel. As an incoming phone call would trigger the ringer, that event could be used with onAudioFocusChange(), which does not require any special permission: if triggered by that, the app could check the CallState (again, without any special permission required) to see whether there's an incoming call.
 
 
       
       
59
 
vote

它允许应用程序读取唯一ID(名为 imei )的电话标识符。

因此可以帮助复制保护或尝试跟踪用户数量。

 

It allows the App to read a unique ID (a phone identifier named IMEI) that's associated with your phone.

It can therefore help with copy-protection or the attempt to track the number of users.

 
 
 
 
40
 
vote

与唯一ID有另一种原因。我猜这一半的应用程序根本不会访问这些值。问题是,对于较低的版本,达到Android 1.5此权限不存在。每个人都可以访问这些值而不请求某些东西。

因此,如果您创建与1.5兼容的应用程序,则会自动添加此权限以模拟Android 1.5的较低安全性,因为您可以在大多数时候忽略此权限,因为它往往只是一个兼容性问题。

 

There is another reason for this than the unique ID. I would guess that half of the apps don't access those values at all. The problem is that for a lower version up to Android 1.5 this permission does not exist. Everybody could access these values without requesting something.

Therefore if you create an app that is compatible with 1.5 this permission will automatically be added to emulate the lower security of Android 1.5 because of that you could ignore this permission in most of the times because it tends to be just a compatibility issue.

 
 
   
   
19
 
vote

原因是Android 1.5及更早版本不要求应用程序特别请求这些权限并自动授予它们。由于Android 1.6因此,该应用程序必须具体请求这些权限。但是,如果您指定应用程序可以在具有Android 1.5的设备上运行,则默认情况下将该权限添加到应用程序中,并且市场显示应用程序所请求的权限。

所以总之,应用程序可能无法访问您的"电话状态和标识" ,但如果开发人员指定了他/她的应用程序可以在1.5或更小的设备上运行,则将显示该权限。
 

The reason is that Android 1.5 and earlier did not require the application to specifically request those permissions and automatically granted them. Since Android 1.6, those permissions have to be specifically requested by the app. However, if you specify that your application can run on devices with Android 1.5 and less, then that permission is added to the application by default and the market shows that permission as being requested by the application.

So in summary, the application may not actually be accessing your "phone state and identity" but if the developer specified that his/her application can run on devices with 1.5 or less then that permission will be shown.

 
 
     
     
10
 
vote

许多广告发布者使用此权限来获取各种跟踪目的的电话ID。还有其他方法可以获得一个唯一的身份证,但不幸的是,他们在旧的android版本中是越野车(故事更复杂,看看 https://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-d 或 http://android-developers.blogspot.com/2011/03/idendify-app-installations.html < / a>更完整的故事)。

所以如果应用程序使用广告,那么应用程序本身实际上不需要read_phone_state权限,只有广告提供程序的情况。
 

Many ad publishers use this permission to get the Phone ID for all sorts of tracking purposes. There are other ways to get a unique ID, but unfortunately they are buggy in older Android versions (the story is more complicated, see e.g. https://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id or http://android-developers.blogspot.com/2011/03/identifying-app-installations.html for a more complete story).

So if the app uses advertisements, there is a fair chance that the app itself does not actually need the READ_PHONE_STATE permission, only the ad provider does.

 
 

相关问题

9  如何加密运行CyanogenMod 12.1的设备?  ( How do you encrypt your device running cyanogenmod 12 1 ) 
cyanogenmod 12和12.1 '加密电话'设置破碎,并已相当长。有没有办法以其他方式加密手机? CM可以使用加密/数据目录侧面侧面通往电话?是否有其他方法可以保持数据安全和声音?我正在努力的设备是verizon lg g3。 ...

0  它可以为android / data文件夹保存的壁纸缓存进行黑客攻击? (没有植根)  ( It that possible for the wallpaper cache saved in android data folder being hac ) 
我的男朋友在开玩笑,将我的私人照片设置为壁纸。 我删除了照片,但壁纸仍然存在... 浏览网上的某些信息后,我发现壁纸保存到over over rooting后才能访问。 如果我更改壁纸,之前的壁纸会自动删除吗? 如果不是,因为它在一个文件夹中保存,因为它只能在rooting后访问,因为它是安全的?或者它仍然有可能被...

3  是否有可能在不访问联系人列表的情况下进行呼叫?  ( Is it possible to make a call without having access to the contacts list ) 
是否可以拨打电话而不访问手机的联系人? IE。假设我让朋友使用手机,并锁定我的联系人,以便它需要一个PIN用于访问 - 有没有办法允许呼叫不一定在联系人中的任意号码? ...

90  为什么这么多应用程序需要允许阅读电话状态和身份?  ( Why do so many applications require permission to read the phone state and ident ) 
为什么许多应用程序需要允许阅读电话状态和身份?具体: Phone calls read phone state and identity 例如QuickPedia是一个维基百科门户,但想要访问手机。这是什么解释? ...

24  什么Android Sync'd数据被加密?  ( What android syncd data is encrypted ) 
释放 firefex插件for firefox 它已成为在开放Wi-Fi网络上浏览网站浏览的微不足道被第三方听众劫持。 Android提供方便的自动同步选项。但是,我担心我的数据可能是自动同步的,而我在当地咖啡店或购物中心连接到开放的Wi-Fi网络时。 是使用SSL或类似加密机制加密的所有数据Android自动同步...

6  为什么应用程序储物柜应用需要这么多权限?我安全吗?  ( Why do app locker apps need so many permissions am i safe ) 
我一直在尝试密码保护一个应用程序,并且似乎权限在应用程序储物柜的应用程序中有所不同。 为什么他们中的许多人都需要完整的电话访问? 如果我在 https://市场上,则存在任何危险的危险。 android.com/details?id=com.morrison.applocklite ? ...

26  为什么新的Chrome更新希望许可使用我的相机和音频录制?  ( Why does the new chrome update want the permission to use my camera and audio re ) 
严重,它专门说明它可以使用相机和音频录制任何需要的时间,我是否希望它到。为什么Android上的Chrome请求这些权限? 我应该担心吗? (强调我自己的。) ...

2  App Ops可以在4.4.4上运行吗?  ( Can app ops run on 4 4 4 ) 
我已安装并尝试了几个" app ops " 从Google Play商店的Starter Apps。当我运行它们中的任何一个时,一个对话框弹出说"不幸的是,设置已经停止了" 。我唯一的选择是点击"确定" 。所以,我仍然无法进入App Ops设置。 但是, 这个app 声称工作4.4.4。 我正在运行在股票Moto ...

2  如何从Android 10上从“最近的文件”中删除文件?  ( How to remove file from recent files on android 10 ) 
在股票Android 10(像素2 xl)的文件应用程序中,有一个"近期" 类别。出于隐私原因,我想删除此类别中的文件。据我所知,文件名搜索此文件,但我的系统似乎没有存在,但仍然显示在列表中。我尝试清除"文件" 应用程序的缓存/存储,但仍然存在。如何从最近的列表中删除此项目,清除整个列表,或获取文件的文件夹位置,以便...

2  我的联系人是否在我的Android上加密?  ( Are my contacts encrypted on my android ) 
是我的android加密的联系人,它们在哪里? 如何访问它们?任何公共API? (来自PC) ...




© 2022 it.wenda123.org All Rights Reserved. 问答之家 版权所有