Friday, January 1, 2010

The Vertex Vortex: Visualizing Android's Permissions


The Android platform offers a set of security mechanisms to protect apps from one-another. Since apps can communicate with each-other and access each-others' data, there needs to be a way to protect that data from apps that shouldn't have access to it. The "permissions" system is one way this is accomplished.
The user sees this when they download an app and it warns them that the app wants to access the Internet, or read their contacts, or dial 911 or what-have-you. That's a pretty nice feature.

Android is made up of a number of communicating components. I wanted to visualize all of the applications on the system and how they interact via permissions. Let's look at the permissions system from this global point of view. Read on, or just view the big pretty picture.

I wrote a little app that allows a user to browse through the packages and permissions on an Android device, and as part of the process, it can generate a system map (using GraphViz) of all of the app and how they inter-relate.

I can run this app on the Android emulator, but when I run it on a real phone like my G1, the resulting image is very big, and I can't render an image with labels for the entire system.
Read on for the whole article and several pictures :)