为什么许多应用程序需要允许阅读电话状态和身份?具体:
Phone calls read phone state and identity
例如QuickPedia是一个维基百科门户,但想要访问手机。这是什么解释?
为什么许多应用程序需要允许阅读电话状态和身份?具体:
Phone calls read phone state and identity
例如QuickPedia是一个维基百科门户,但想要访问手机。这是什么解释?
Why do so many applications require permission to read the phone state and identity?. Specifically:
Phone calls read phone state and identity
For example Quickpedia is a Wikipedia portal, but wants access to the phone. What is the explanation for this?
这个问题一直在困扰我。所以现在,最后,我决定进入问题的底部。
PlayStore有一个名为 permision.read_phone_state < / a>,该请求 READ_PHONE_STATE
作为唯一的权限,并且不做任何其他东西都没有打开它可以访问或不使用它的所有数据。我在我的 LG Optimus 4x 上安装了,扎根于Android 4.0.3,并使用LBE撤消了许可。结果非常有趣,如以下截图显示:
app 权限收集的信息。 read_phone_state (点击图像以获得更大的变体)
如果您可以轻松地看到,甚至有些信息仍然无法访问,无权无法访问:我的邮箱号码(备注:是的,它是正确的;与我的提供商从您自己的设备拨打时,我的提供商是快捷方式,所以我可以自由地显示它;)在第一个截图的末尾你看到:
CALL_STATE_IDLE
。所以没有电话呼叫传入,外向或正在进行中。没有应用程序需要在来电的呼叫上"背景" 自身。甚至可以看出移动数据是否有效( DATA_DISCONNECTED
;我在wifi拍摄屏幕截图时,正如您在通知栏中看到的,您所在的哪个国家/地区提供者(包括他上的一些技术数据),无论您是有SIM卡,还是您在漫游。
not 可访问的唯一东西是识别数据:IMEI,SIMID,IMSI和您自己的电话号码。
结论:仅需要识别目的,唯一别的。
为什么这么多应用程序需要它?
恰好在此顺序,imho。
1 注意丹在聊天中的帖子:
Google Play策略现在禁止应用您的IMEI来识别您的广告目的。现在所有的广告库都已更新以使用Google-Play服务提供的"广告ID" ,因此应该向Google报告任何仍然使用IMEI的IMEI。
因为用户难以讲述应用程序使用IMEI的内容,您应该要求开发人员首先解释。
2 另一个开发人员刚刚将我指向一个微妙的差异:虽然不需要许可对读当前呼叫状态(如我所指出的),它可能需要注册侦听器,以便在更改上的通知状态(请参阅:检测在Android 上的传入和拨出电话呼叫。虽然当系统调用 onPause
时,似乎会自动处理此操作的手段,但可能并不总是适合:请考虑闹钟。您可能不希望在来电时自动停止 - 特别不是当您的配置文件设置为铃声卷"静音" 时。
3 再次a 来自Dan :你 获取默认的额外许可,如果您的应用程序的"目标" 版本为1.5。 如果您定位了以后的版本,但您的MIN版本为1.5,则无需自动添加许可。
READ_PHONE_STATE
在需要的是a)检测到来电和相关(电话),以及识别细节的第二许可(IMEI,IMSI等)。开幕11/2011,仍然没有工作。明星它如果有兴趣:) READ_PHONE_STATE
permission,如例如, 指出的是arno welzel 。由于传入的电话会触发铃声,活动可以与 onAudioFocusChange()
一起使用,这不需要任何特殊权限:如果由此触发,则该应用程序可以检查 callstate (再次无需任何特殊权限)来查看是否有呼入呼叫。This question has been bothering me quite some time. So now, finally, I decided to get to the bottom of the issue.
The Playstore has an app named permission.READ_PHONE_STATE, which requests READ_PHONE_STATE
as the only permission, and does nothing else than printing out all data it can access with or without using it. I've installed that on my LG Optimus 4X, being rooted on stock Android 4.0.3, and revoked the permission using LBE. Results where pretty interesting, as the following screenshots show:
Information gathered by the app permission.READ_PHONE_STATE (click images for larger variants)
As you can easily see, even some information the dev though inaccessible without the permission, was freely accessible: my mailbox number (remark: Yes, it's the correct one; with my provider that's the shortcut when dialing from your own device, so I can freely display it ;) At the end of the first screenshot you see:
CALL_STATE_IDLE
. So no phone call incoming, outgoing, or in progress. No app needs this permission to "background" itself on incoming calls.It's even possible to see whether mobile data are active (DATA_DISCONNECTED
; I was on WiFi when taking the screenshots, as you can see in the notification bar), which country you're in, your provider (including some technical data on him), whether you're having a SIM card, or if you're in roaming.
The only things not accessible hence are identifying data: IMEI, SIMID, IMSI, and your own phone number.
Conclusion: This permission is only needed for identification purposes, nothing else.
Why do so many apps need it then?
Likelihoods in exactly this order, IMHO.
1 Note by Dan's post on chat:
Google Play policy now forbids apps from getting your IMEI to identify you for advertising purposes. All the ad libraries have been updated now to use the Google-Play-Services-provided "advertising ID", so any that still use the IMEI for this purpose should be reported to Google.
As it's hard for the user to tell what the app is using the IMEI for, you should ask the developer to explain first.
2 Another developer just pointed me to a subtle difference: while the permission is not needed to read the current call status (as I've pointed out), it might be needed to register a listener in order to be notified on changes of the call status (see: Detecting incoming and outgoing phone calls on Android). While there seem to be means of handling this automatically when the system calls onPause
, that might not always be suitable: think of your alarm clock. You might not want to have that automatically stopped on an incoming call xe2x80x93 especially not when your profile is set to ringer volume "muted".
3 Again a correction from Dan: You only get the default extra permission if your app's "target" version is 1.5. If you target a later version but your min version is 1.5, you don't get the permission added automatically.
READ_PHONE_STATE
in what's needed to a) detect incoming calls and related (telephony), and a second permission for the identification details (IMEI, IMSI, etc). Opened 11/2011, still not worked on. Star it if interested :)READ_PHONE_STATE
permission, as e.g. pointed out by Arno Welzel. As an incoming phone call would trigger the ringer, that event could be used with onAudioFocusChange()
, which does not require any special permission: if triggered by that, the app could check the CallState (again, without any special permission required) to see whether there's an incoming call.它允许应用程序读取唯一ID(名为 imei )的电话标识符。
因此可以帮助复制保护或尝试跟踪用户数量。
It allows the App to read a unique ID (a phone identifier named IMEI) that's associated with your phone.
It can therefore help with copy-protection or the attempt to track the number of users.
与唯一ID有另一种原因。我猜这一半的应用程序根本不会访问这些值。问题是,对于较低的版本,达到Android 1.5此权限不存在。每个人都可以访问这些值而不请求某些东西。
因此,如果您创建与1.5兼容的应用程序,则会自动添加此权限以模拟Android 1.5的较低安全性,因为您可以在大多数时候忽略此权限,因为它往往只是一个兼容性问题。
There is another reason for this than the unique ID. I would guess that half of the apps don't access those values at all. The problem is that for a lower version up to Android 1.5 this permission does not exist. Everybody could access these values without requesting something.
Therefore if you create an app that is compatible with 1.5 this permission will automatically be added to emulate the lower security of Android 1.5 because of that you could ignore this permission in most of the times because it tends to be just a compatibility issue.
原因是Android 1.5及更早版本不要求应用程序特别请求这些权限并自动授予它们。由于Android 1.6因此,该应用程序必须具体请求这些权限。但是,如果您指定应用程序可以在具有Android 1.5的设备上运行,则默认情况下将该权限添加到应用程序中,并且市场显示应用程序所请求的权限。
所以总之,应用程序可能无法访问您的"电话状态和标识" ,但如果开发人员指定了他/她的应用程序可以在1.5或更小的设备上运行,则将显示该权限。The reason is that Android 1.5 and earlier did not require the application to specifically request those permissions and automatically granted them. Since Android 1.6, those permissions have to be specifically requested by the app. However, if you specify that your application can run on devices with Android 1.5 and less, then that permission is added to the application by default and the market shows that permission as being requested by the application.
So in summary, the application may not actually be accessing your "phone state and identity" but if the developer specified that his/her application can run on devices with 1.5 or less then that permission will be shown.
许多广告发布者使用此权限来获取各种跟踪目的的电话ID。还有其他方法可以获得一个唯一的身份证,但不幸的是,他们在旧的android版本中是越野车(故事更复杂,看看 https://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-d 或 http://android-developers.blogspot.com/2011/03/idendify-app-installations.html < / a>更完整的故事)。
所以如果应用程序使用广告,那么应用程序本身实际上不需要read_phone_state权限,只有广告提供程序的情况。Many ad publishers use this permission to get the Phone ID for all sorts of tracking purposes. There are other ways to get a unique ID, but unfortunately they are buggy in older Android versions (the story is more complicated, see e.g. https://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id or http://android-developers.blogspot.com/2011/03/identifying-app-installations.html for a more complete story).
So if the app uses advertisements, there is a fair chance that the app itself does not actually need the READ_PHONE_STATE permission, only the ad provider does.
© 2022 it.wenda123.org All Rights Reserved. 问答之家 版权所有