An application’s required permissions will be declared and contained in the AndroidManifest.xml file, and up until Android version 6, users accepted/or denied an application based on their overall blanketed application permission approach. Many applications often declared access to permissions which overextend the scope of the application itself.

In Android 6 (Marshmallow) a new permission management model established different categories of permissions, including those deemed dangerous and normal. An application can be installed without an overarching consent to agree to all of the requested permissions, but a user is asked to grant permission to the application when launched if “dangerous permission” is requested. By going into the Settings menu, changes to granted and denied permissions can be altered. Only applications written to take advantage of API 23 or later will be afforded this level of user scrutiny. Think of “dangerous” permissions as those that grant access to user-created data generated and maintained on the device.¹

Android researcher, Josh Hickman along with Magnet’s, Chris Vance did a nice job of specifically highlighting those “dangerous permissions and their implications in a blog post referenced below.²

References:

[1] https://for585.com/androidpermissionlevels

[2] https://thebinaryhick.blog/2021/01/26/androids-dangerous-permissions/