READ_LOGS是正常的还是危险的Android权限? [英] Is READ_LOGS a normal or dangerous Android permission?
问题描述
我收到有关使用android.permission.READ_LOGS Android权限的非常矛盾的信息.首先,Android文档网站未指定此权限的保护级别.它既不属于正常类别,也不属于危险类别.他们确实指定了以下内容:
I am getting very conflicting information regarding the use of android.permission.READ_LOGS Android permission. Firstly, the Android Documentation website does not specify the protection level of this permission. It is neither classified as normal, nor dangerous. They do specify the following:
不适用于第三方应用程序,因为日志条目可以 包含用户的私人信息."
"Not for use by third-party applications, because Log entries can contain the user's private information."
某些网站表示,出于相同的隐私考虑,请勿使用它. 但是我对此有一些疑问:
Some websites say not to use it for the same privacy concerns. However I have some issue with that:
- 当我在Android 7.1.1(Nexus 5X)和Android 4.4.2(旧的Samsung 8平板电脑)上的应用中测试此权限时,他们俩都没有提示我该应用需要此权限.请求没有特殊权限".只有在该权限被视为普通"权限时才会发生,在这种情况下会自动授予该权限.
- 第二,使用此权限,我只能从logcat查看与我的应用程序有关的日志,而不会记录任何个人信息.因此,我也不侵犯任何隐私权.我认为此权限可能会让我查看其他应用程序的日志,从而导致隐私问题.
那么,如果是这种情况,那么在该应用的正式版中使用此权限是否被认为安全?如果他们可以通过按一下按钮向我发送日志记录,那么它将帮助我调试用户遇到的奇怪错误.
So, if this is the case, then is it deemed safe to use this permission in a production version of the app? It would help me a lot in debugging strange bugs users face if they can send me a logcat by the press of a button.
好的,现在我很困惑.看来我也不需要在清单中明确指定此权限.
Ok, now I am quite confused. It appears that I don't need to explicitly specify this permission in the manifest either.
推荐答案
READ_LOGS是正常的还是危险的Android权限?
Is READ_LOGS a normal or dangerous Android permission?
都不是.从Android 7.1开始,它是signature|privileged|development.从根本上讲,这意味着作为固件版本的一部分签名或安装在特权分区上的应用程序可以持有该许可,但是其他任何内容都不能.
Neither. As of Android 7.1, it is signature|privileged|development. That basically means that apps signed as part of the firmware build or installed on the privileged partition can hold the permission, but nothing else can.
Android文档网站未指定此权限的保护级别
the Android Documentation website does not specify the protection level of this permission
正确.由于向后兼容的原因,READ_LOGS仍在SDK中,但普通应用程序自Android 4.1(自
Correct. READ_LOGS is still in the SDK, for backwards-compatibility reasons, but ordinary apps have not been able to hold it since Android 4.1, which came out five years ago.
仅当许可被视为正常"时才会发生,在这种情况下会自动授予该许可.
This only happens if the permission is deemed "normal", in which case it is automatically granted.
否.
我认为此权限可能允许我查看其他应用程序的日志,从而导致隐私问题.
I thought this permission may allow me to see other app's logs, causing privacy issues.
在Android 4.0及更早版本上确实如此.
It did, on Android 4.0 and earlier.
那么在该应用的正式版中使用此权限被认为安全吗?
then is it deemed safe to use this permission in a production version of the app?
请记住,从未有任何记录和受支持的方法来让应用访问LogCat内容.最有可能的是,您正在使用已发布的一种脚本式解决方案,例如运行logcat命令并捕获其输出.因此,现在或将来很可能存在不支持您使用特定方法访问LogCat的设备.因此,许可不是您的问题;缺少用于LogCat访问的受支持API是您的问题.
Well, bear in mind that there has never been a documented and supported way for apps to access LogCat contents. Most likely, you're using one of the script-kiddie solutions that have been posted, such as running the logcat command and capturing its output. So, it is entirely possible that there are devices, now or in the future, that will not support your particular approach towards accessing LogCat. So, the permission is not your problem; the lack of a supported API for LogCat access is your problem.
就我个人而言,我将使用日志记录库将内容记录到文件和LogCat中,无论您的应用程序需要它使用什么文件.
Personally, I'd use a logging library to log the content to both a file and to LogCat, using the file for whatever your app needs it for.
这篇关于READ_LOGS是正常的还是危险的Android权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
