Check your Android application's permission changes
MIT License
Check your Android application's permission changes
Permission matters! That's what the users care the most. Users are always suspicious of why on earth an application needs any of the permissions, they hate every permission from the bottom of heart. It's a good practice to check if there is any new permission added to your Android application by any means (e.g. updating 3rd party library could also bring some new permissions). When it happens, the adoption of application's new version will be affected.
This script could help warn developers of any permission change by setting up a CI job.
apkanalyzer
) is installedANDROID_HOME
environment variable is set (or at least pass in command: export ANDROID_HOME=<PATH_TO_YOUR_ANDROID_SDK>
)scripts/build.sh
# => GOPATH: <YOUR_CLONED_PATH>/PermissionMatters/src
# => GOBIN: <YOUR_CLONED_PATH>/PermissionMatters/bin
# => Binary file is generated to: <YOUR_CLONED_PATH>/PermissionMatters/bin/permissionguard
Or simply grab the built binary here.
permissionguard <take|scan> -apk <apk> [-snapshot <your_snapshot_file_of_permissions>]
Subject Description
------- -----------
take Take snapshot of the given APK's permissions (for the first time or after any permission change)
scan Scan the given APK file, compare its permissions with the snapshot
Option Description
------ -----------
apk The APK file to analyze
snapshot The permission snapshot file (default "./permissions.json")
There are 4 possible cases (++
, --
, ++ & --
, ==
), and the result examples are like below:
======================================================================
Failure!
4 new permission(s) added:
android.permission.CAMERA
android.permission.FLASHLIGHT
android.permission.SEND_SMS
com.me.app.myapp.permission.DEADLY_ACTIVITY
======================================================================
======================================================================
Failure!
4 new permission(s) added:
android.permission.WRITE_EXTERNAL_STORAGE
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
2 old permission(s) removed:
android.permission.CAMERA
android.permission.FLASHLIGHT
======================================================================
======================================================================
Warning!
3 old permission(s) removed:
android.permission.CAMERA
android.permission.FLASHLIGHT
com.me.app.myapp.permission.DEADLY_ACTIVITY
A new snapshot needs to be taken.
======================================================================
======================================================================
No permission is changed.
======================================================================
Copyright (c) 2018 Jing Li. See the LICENSE file for license rights and limitations (MIT).