IzzyOnDroid

• Intro
• App-Lists
• Articles
• Books
• Downloads
• App-Repo
• Imprint

Permissions

Usually you see only a short description of the permission (e.g. when you install an app). The permissions technical name is rarely visible to the user. Unless he casts a glance at the Manifest, where they are stated in plain-text.

An mostly up-to-date (but far from being complete) overview can be found in the Developers Manual. There's also a Community Wiki on this topic at Stack Exchange – where you can participate, and which also holds some more details. Another good overview with additional hints can be found at OWASP. If you don't mind German, you might also wish to take a look at MaTT's article at Go2Android.

Permission Groups

First, permissions are organized in "permission groups". When installing an app, you see those as captions to the permissions. An up-to-date listing again can be found in the API Reference. Below is an extract with some explanations added – which will not reflect the latest „version“ as those groups and what they contain seems to be changing over time. But the relevant stuff to pay the real attention to is found with the permissions themselves.

Name	Designation	Description
ACCESSIBILITY_FEATURES	Accessibility	Used for permissions that allow requesting certain accessibility features.
ACCOUNTS	Accounts	Permissions for direct access to the accounts managed by the Account Manager.
AFFECTS_BATTERY	Effects on Battery Life	Permissions that provide direct access to the hardware on the device that has an effect on battery life. This includes vibrator, flashlight, etc.
APP_INFO	App Information	Permissions that are related to the other applications installed on the system. Examples include such as listing running apps, or killing background processes.
AUDIO_SETTINGS	Audio Settings	Permissions that provide direct access to speaker settings the device.
BLUETOOTH_NETWORK	Bluetooth	Permissions that provide access to other devices through Bluetooth.
BOOKMARKS	Bookmarks	Permissions that provide access to the user bookmarks and browser history.
CALENDAR	Calendar	Permissions that provide access to the device calendar to create / view events.
CAMERA	Camera	Permissions that are associated with accessing camera or capturing images/video from the device. Includes Barcode Readers and more.
COST_MONEY	Cause costs	Permissions that can be used to make the user spend money without their direct involvement – e.g. by sending SMS or initiating calls.
DEVELOPMENT_TOOLS	Development Tools	Group of permissions that are related to development features. These are not permissions that should appear in third-party applications; they protect APIs that are intended only to be used for development purposes. But they might also enable access to features not explicitly requested by the app.
DEVICE_ALARMS	Device Alarms	Set alarms and timers to wake up the system, e.g. to schedule tasks
DISPLAY	Display	Permissions that allow manipulation of how another application displays UI to the user.
HARDWARE_CONTROLS	Hardware Controls	Permissions that provide direct access to the hardware on the device. This includes audio, the camera, vibrator, etc.
LOCATION	Location	Permissions that allow access to the user's current location.
MESSAGES	Messages	Permissions that allow an application to send messages on behalf of the user or intercept messages being received by the user. This is primarily intended for SMS/MMS messaging, such as receiving or reading an MMS.
MICROPHONE	Microphone	Permissions that are associated with accessing microphone audio from the device. Note that phone calls also capture audio but are in a separate (more visible) permission group.
NETWORK	Network	Permissions that provide access to networking services. The main permission here is internet access, but this is also an appropriate group for accessing or modifying any network configuration or other related network operations.
PERSONAL_INFO	Personal Information	Permissions that provide access to information about the device user such as profile information. This includes both reading and writing of this data (which should generally be expressed as two distinct permissions).
PHONE	Phone Calls	Permissions that are associated with accessing and modifying telephony state: placing calls, intercepting outgoing calls, reading and modifying the phone state.
SCREENLOCK	Screenlock	Permissions that are related to the screenlock.
SENSORS	Sensors	Accessing sensors, sampling sensor data
SOCIAL_INFO	Social Information	Permissions that provide access to the user's social connections, such as contacts, call logs, social stream, etc. This includes both reading and writing of this data (which should generally be expressed as two distinct permissions).
STATUS_BAR	Status bar	Permissions that change the status bar.
STORAGE	Storage	Permissions that are related to SD card access.
SYNC_SETTINGS	Sync settings	Permissions that access the sync settings or sync related information.
SYSTEM_CLOCK	System clock	Permissions that are related to system clock.
SYSTEM_TOOLS	System Tools	Permissions that are related to system APIs. Many of these are not permissions the user will be expected to understand, and such permissions should generally be marked as "normal" protection level so they don't get displayed. This can also, however, be used for miscellaneous features that provide access to the operating system, such as writing the global system settings.
USER_DICTIONARY	User Dictionary	(Reading?) Access to user dictionaries. Keyboard apps use this e.g. for auto-correction.
VOICEMAIL	Voice Mailbox	Permissions that provide access to the user voicemail box.
WALLPAPER	Wallpaper	Assign/configure wallpapers and background images.
WRITE_USER_DICTIONARY	Write User Dictionaries	Write access to user dictionaries. Keyboard apps need this to add new terms.

Protection Level

Another classification is done with protection levels (see Developers Reference on Permission Element and protectionLevel). Five levels regulate how permissions are dealt with (the "tokens" are for reference in the real permission table below).

Level	Abbrev.	Description
normal	no	Low risk or "Standard". These permissions are not presented to the user on app-install, but tacitly accepted.
dangerous	da	Higher risk: access to personal data, or device-control with potential negativ impact to the user. These permissions have to be explicitly approved by the user on app-install.
signature	si	The app must be signed with the same certificate as the ROM itself. Usually this means: app and ROM come from the same development team/company. In most cases, these apps already come pre-installed.
signatureOrSystem	sy	Like "signature"; but it also can be a "normal system-app". As such can only be installed with root powers, it's rather of low interest to "normal users".
development	dv	The ROM must be signed with a development key. These permissions are only intended for developers, and seem to be meant as "developmentOrSignatureOrSystem".

In addition to the protection levels, there are additional flags used. These are not „assigned“ on this page. A selection of most relevant flags:

Flag	Description
appop	this permission is closely associated with an app op for controlling access.
installer	this permission can be automatically granted to system apps that install packages.
instant	this permission can be granted to instant apps.
pre23	this permission can be automatically granted to apps that target API levels below Build.VERSION_CODES.M (before runtime permissions were introduced).
preinstalled	this permission can be automatically granted any application pre-installed on the system image (not just privileged apps).
privileged	this permission can also be granted to any applications installed as privileged apps on the system image. This permission flag is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are being built together.
runtime	this permission can only be granted to apps that target runtime permissions (Android 6 and above)
vendorPrivileged	this permission can be granted to privileged apps in vendor partition.

For a full list, please refer to the reference on protectionLevel.

Permissions

Again a short extract of the relevant candidates. In below table, "Lv" stands for the protection level, "Risk" (if filled) for the possible risks involved with the given permission:

• 0 = none
• 1 = low
• 2 = medium
• 3 = high
• 4 = critical
• 5 = astronomical

But the risk has to be seen in connection with the protection level: installing an app with a "critical" permission of a protection level "signature" or "system", that permission has close to no effect on the "normal" user with a "stock device" (no root) (as that permission will not be granted to a "user app"). Still, some care needs to be taken, as the mapping from permission to protection level might change between Android versions (like READ_LOGS went from "dangerous" to "system" with Android 4.1). Source for the "risk classes" was the already mentioned page at OWASP (values with a range are my personal estimates for permissions not mentioned there), most protection levels can be found in this Blog article.

Another thing is the „Google Glue Level“ (Ǥ), which is explained in more detail on the help pages. In short it describes how a permission reveals the requesting app as being dependent on Google services (or the existence of the Google Apps on the device): not at all (0), limited functionality (1), or even refusal to work at all (2).

Name	Designation	Group	Lv	Ǥ	Risk	Description
ACCESS_ALL_DOWNLOADS	access all system downloads	Network	si	0		Allows an app to access all downloads in the system via the /all_downloads/ URIs. The protection level could be relaxed in the future to support third-party download managers.
ACCESS_ALL_EXTERNAL_STORAGE	access external storage of all users	Development Tools	da	0		Allows the app to access external storage for all users.
ACCESS_BACKGROUND_LOCATION	access location in the background	Location	da	0	3	Allows an app to access location in the background. An app requesting this permission must also request either ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION. Requesting this permission by itself doesn't give any location access. This permission is needed on Android 10 or higher if an app wants to receive location updates while running in the background. It must also ask the user's permission then – who can decide to deny, grant only when in foreground or always grant access. When granted, you'll see a notification when the app is accessing this in background, which permits you to revoke that again.
ACCESS_CHECKIN_PROPERTIES	Access check-in properties	Location	sy	0		Allows read/write access to the "properties" table in the (Unix security) checkin database, to change values that get uploaded.
ACCESS_COARSE_LOCATION	Approximate location (network-based)	Location	da	0	2	Apps with this permission can access location information determined by WLANs and cell towers. For this, the „Location Services“ function must be activated on the smartphone. Also see: ACCESS_FINE_LOCATION. Starting with Android 10, an app can only query the location when it is running in the foreground – unless you also explicitly grant it the ACCESS_BACKGROUND_LOCATION permission.
ACCESS_DOWNLOAD_MANAGER	Access download manager.	Network	sy	0		Allows the app to access the download manager and to use it to download files. Malicious apps can use this to disrupt downloads and access private information. Only accessible by system apps.
ACCESS_DOWNLOAD_MANAGER_ADVANCED	Advanced download manager functions.	Network	sy	0		Allows the app to access the download manager's advanced functions. Malicious apps can use this to disrupt downloads and access private information.
ACCESS_DRM	Access DRM content			0		Allows application to access DRM-protected content.
ACCESS_FINE_LOCATION	Precise location (GPS and network-based)	Location	da	0	3	Apps with this permission can access the exact location data that the device determines using GPS, cell towers and WLANs. For this, the „Location Services“ function and GPS must be activated on the smartphone. Primarily intended for apps for navigation, for providing photos with location data (where was the photo taken?), etc., access is also frequently used to display location-based advertising from providers such as Admob (Google). Likewise, an app equipped with this permission can also create motion profiles and potentially upload them "to the cloud". Starting with Android 10, an app can only query the location when it is running in the foreground – unless you also explicitly grant it the ACCESS_BACKGROUND_LOCATION permission. Up to Android 12, this permission is also needed to create a local WiFi hotspot.
ACCESS_LOCATION_EXTRA_COMMANDS	Access extra location provider commands	Location	no	0	2-3	A good example for poor documentation, as even books on Android application development state: The Android documentation doesn’t tell us which location commands are “extra,” so we’ll ask for all of them. The documentation of Locus Map gives a hint, though: allows disabling the A-GPS data status and forcing system to load new. Which means an app with this permission could interfere with the functioning of GPS or other location sources.
ACCESS_MEDIA_LOCATION	read locations from your media collection	Storage	da	0	2	Allows an application to access any geographic locations persisted in the user's shared collection („Exif Data“ in images). This is not a „runtime permission“, you won't be asked to accept or deny – in my check, Play Store didn't even mention it on an app I new requesting it. So at least as of Android 10, any app requesting this will get it granted; hence make sure to check before install (eg. via my lists or via Appbrain).
ACCESS_MOCK_LOCATION	Mock location sources for testing	Location	da	0	2	Allows an application to create mock location providers for testing, and is intended for development use in e.g. the Android Emulator (to save the dev from having to run around to check if positions are displayed correctly). Cases where this is needed in an app ready for endusers should be rare. Requires "Allow mock locations" to be enabled in developer options.
ACCESS_NETWORK_STATE	View network connections	Network	no	0	0	Allows applications to access information about networks, including if a network is available (or just connecting), what type of network the device is connected to, if any (WiFi, 3G, LTE), if it's in Roaming, and also reasons for a failed connection attempt (if any). Good use: The application may check the state of your connection before trying to access the internet, and e.g. restrict itself to WiFi for some actions. Bad use: Only in combination with other permissions (e.g. data collection for profiling). Can also be used to guess the coarse location (e.g. based on the IP address) without requesting location permissions.
ACCESS_NOTIFICATION_POLICY	access Do Not Disturb		no	0	0	Marker permission for applications that wish to access notification policy. Enables an app to toggle your notification policy, e.g. Do Not Disturb. Runtime Permission; i.e. user must at least confirm this once.
ACCESS_NOTIFICATIONS	Access notifications	System Tools	sy	0	2	Allows the app to retrieve, examine, and clear notifications, including those posted by other apps. This permission is reserved for system apps. It was introduced with Android 4.3 as part of the new Notification Service.
ACCESS_SUPERUSER	Use root privileges	System Tools	da	0		An app with this permission obviously wants to use "root powers". This permission requested or not, no app automatically gets granted those "root powers"; but some "SuperUser apps" can be configured to ignore requests by all apps not having it. For all (other) apps, the user has to acknowledge their legitimity at least on the first request. Thus an app with this permission does not automatically have root permission – but only obtains them when the user explicitely approves that to the "SuperUser app". Warning: an app with root-powers can do pretty much anything to your system. So better be sure you trust its developer (and your installation source) that far.
ACCESS_SURFACE_FLINGER	Access SurfaceFlinger	System Tools	sy	0		Allows an application to use SurfaceFlinger's low level features. SurfaceFlinger is part of Android's media framework. It provides a compositor which takes care for rendering in frame buffers (so this has to do with graphics).
ACCESS_WEATHERCLOCK_PROVIDER	Access Huawei WeatherClock data		no	0		This permission allows accessing data of the Huawei Content Provider for WeatherClock. For details, please see Android.SE.
ACCESS_WIFI_STATE	View Wi-Fi connections	Network	no	0	3	This could be requested by any application that uses internet access. The application may check the state of your connection before trying to access the internet. It's comparable to ACCESS_NETWORK_STATE, just for WiFi. Apps with this permission can e.g. see what WiFi networks are available, whether a connection exists and where to (incl. MAC address and IP). Apps can use this to offer the option to „download only on WiFi“, to save your mobile data plan.
ACCESS_WIMAX_STATE	View WIMAX connections	Network	no	0		Allows the app to determine whether WiMAX is enabled and information about any WiMAX networks that are connected.
ACCOUNT_MANAGER	Act as the AccountManagerService	Accounts	sy	0		Allows applications to call into AccountAuthenticators. Only the system can get this permission. An account-manager is the service working behind the scenes and taking care everything works as expected. This permission is reserved for system apps. For details, take a look at the Stack Exchange article What does permission “MANAGE_ACCOUNTS” mean?
ACTIVITY_RECOGNITION	Activity recognition	Personal Information	no	1		Allows an app to receive periodic updates of your activity level from Google, for example, if you are walking, driving, cycling, or stationary. This is part of Google Play Services ActivityRecognitionClient. According to the API reference, the app doesn't receive any coordinates this way, but rather the type of the detected activity – e.g. WALKING, RUNNING, or STILL.
AD_ID	Access the Google advertising ID	Personal Information	no	1		The advertising ID is a unique, user-resettable ID for advertising, provided by Google Play services. As part of the Google Play services update in late 2021, the advertising ID will be removed when a user opts out of personalisation using advertising ID in Android settings. Requesting this permission allows developers to get notified if a user opted out.
ADD_VOICEMAIL	Add Voicemail	Voice Mailbox	da	0		Allows the app to add messages to your voicemail inbox.
adm.permission.RECEIVE	Receive Amazon Device Messaging notifications	Network		0		Allows apps to accept cloud to device messages sent by the app's service (Amazon Device Messaging – like GoogleCloudMessaging). Using this service will incur data usage.
ANSWER_PHONE_CALLS	Allows the app to answer an incoming phone call.	Phone Calls	da	0		Allows the app to automatically answer an incoming phone call, i.e. without user interaction. Intended e.g. for apps which want to show a special screen on incoming calls. This is a runtime permission, so no app does get it granted automatically.
ANT	Connect to ANT sensors	Network		0		Allow to connect to ANT and ANT+ sensors. For what ANT is about, see Wikipedia and the ANT Android page.
ANT_ADMIN	Manage ANT connections	Network		0		Allow to manage connections to ANT and ANT+ sensors. For what ANT is about, see Wikipedia and the ANT Android page.
AUTHENTICATE_ACCOUNTS	Create accounts and set passwords	Accounts	da	0		Allows an application to act as an AccountAuthenticator for the AccountManager. This is for applications that would authenticate you to their service. An app using this permission usually provides an interface to deal with a certain account type (which is not known by the pre-installed Android system), such as Dropbox. As shipped, Android does not know how to login to Dropbox and how to deal with a Dropbox account – so the Dropbox app provides the mechanism. Additionally, an "account authenticator" might restrict the actions an app can perform with the account (so it would e.g. be possible to administrate this via some web interface offered by the service). More details can be found e.g. in this Stack Exchange post.
BACKUP	Control system backup and restore		sy	0		Permits an app to manage backups of another app. This e.g. includes to tell the BackupManager that: data of that app have changed (dataChanged()), all backups of that app should be deleted (clearBackupData()), or backups for that app should be (de)activated.
BACKUP_DATA	Participate in the system backup and restore		sy	0		Allows the application to participate in the system's backup and restore mechanism. Packages that do not use android.permission.BACKUP_DATA will neither be backed up nor restored. This seems to be an old (and possibly deprecated?) permission, as a commit message of August 2009 describes: In the future if access to the backup/restore infrastructure is made available to arbitrary 3rd party applications, the permission checks (and indeed, the permission itself) can simply be removed, and another one of February 2010 confirms: Any package can now participate in backup/restore, without requiring any manifest-declared permission.
badge.permission.READ	Read notification badges		no	0		The com.sec.android.provider.badge.* refer to the so called "Badge Provider", which is responsible for drawing numbers on your homescreen/lockscreen icons for e.g. missed calls or pending messages. Not clear to me is why an app must read these numbers; couldn't it simply tell the service to add/remove a given number to/from icon X? For some details, please take a look at this Stack Exchange article. Might be a permission specific to Samsung Touchwiz (with "sec" referring to the "seclauncher"); not sure whether other devices are affected by it.
badge.permission.WRITE	Write notification badges		no	0		Enables an app to paint numbers on icons, using the "Badge Service" described with badge.permission.READ.
BATTERY_STATS	Read battery statistics	System Tools	sy	0		Allows an application to collect battery statistics. Battery widgets and other battery information tools use this permission.
BIND_ACCESSIBILITY_SERVICE	Bind to an Accessibility Service	Accessibility	si	0	3	Allows the holder to bind to the top-level interface of an accessibility service. Must be required by an AccessibilityService, to ensure that only the system can bind to it. This is achieved using a dialog window where the access must be confirmed (once). A so privileged app then can see the current screen window and make inputs in other apps. This function is actually used for accessibility, for example, to read out what is currently on the screen or to make entries via voice command. However, spy apps, parental controls and malware also use this feature to read out the contents of open windows.
BIND_APPWIDGET	Choose Widgets	Personal Information	sy	0		Allows an application to tell the AppWidget service which application can access AppWidget's data. The normal user flow is that a user picks an AppWidget to go into a particular host, thereby giving that host application access to the private data from the AppWidget app. An application that has this permission should honor that contract. Very few applications should need to use this permission.
BIND_DEVICE_ADMIN	Interact with device admin	System Tools	si	0		Allows the holder to send intents to a device administrator. Must be required by device administration receiver, to ensure that only the system can interact with it. For further details, also see: What permissions are granted to an app with device administration privileges? Apps with this permission can lock the screen, change patterns or password, and remotely reset the device to factory settings. As long as an app has the status „device administrator“, it cannot be uninstalled. Security apps, for example, need this access to remotely wipe the device in case of loss. Parental control apps also ask for permission to lock the screen after a set time. Malicious apps can lock you out of the device with this permission and protect themselves from uninstallation. Was split starting with Android 10 and no longer exists in this form.
BIND_GET_INSTALL_REFERRER_SERVICE	Get Install Referrer Service	App Information	no	0		Lets a developer see who recommended the installation of the app – if some other website referred you to the app's page on Google Play Store and you followed that link and used the „Install“ button there.
BIND_INPUT_METHOD	Bind to an Input Method	System Tools	si	0		Allows the holder to bind to the top-level interface of an input method. Must be required by an InputMethodService, to ensure that only the system can bind to it.
BIND_JOB_SERVICE	run the application's scheduled background work	System Tools	si	0		This permission gives access to the JobService and allows the Android system to run the application in the background when requested.
BIND_NFC_SERVICE	Bind NFC Service	System Tools	si	0		Must be required by a HostApduService or OffHostApduService to ensure that only the system can bind to it.
BIND_NOTIFICATION_LISTENER_SERVICE	Bind Notification Listener Service	System Tools	si	0		Must be required by an NotificationListenerService, to ensure that only the system can bind to it.
BIND_PRINT_SERVICE	Bind Print Service	System Tools	si	0		Must be required by a PrintService, to ensure that only the system can bind to it.
BIND_REMOTEVIEWS	Bind to a widget service	System Tools	sy	0		Allows the holder to bind to the top-level interface of a widget service. Must be required by a RemoteViewsService, to ensure that only the system can bind to it.
BIND_TEXT_SERVICE	Bind to a Text Service	System Tools	si	0		Allows the holder to bind to the top-level interface of a text service (e.g. SpellCheckerService). Must be required by a TextService to ensure that only the system can bind to it.
BIND_VPN_SERVICE	Bind to a VPN service	System Tools	si	0		Allows the holder to bind to the top-level interface of a Vpn service. Must be required by a VpnService, to ensure that only the system can bind to it.
BIND_WALLPAPER	Bind to wallpaper	System Tools	sy	0		Allows the holder to bind to the top-level interface of wallpaper. Must be required by a WallpaperService, to ensure that only the system can bind to it.
BLUETOOTH	Pair with Bluetooth devices	Bluetooth	da	0	1	Allows applications to connect to paired bluetooth devices. Typical applications that would need bluetooth access include: sharing applications, file transfer apps, apps that connect to headset, smartwatch or wireless speakers.
BLUETOOTH_ADMIN	Access Bluetooth settings	Bluetooth	da	0	2	Allows applications to discover and pair bluetooth devices.
BLUETOOTH_ADVERTISE	advertise to nearby Bluetooth devices	Bluetooth	da	0		Allows the app to advertise to nearby Bluetooth devices, i.e. to offer content to them. This is a runtime permission and thus must be explicitly confirmed by the user.
BLUETOOTH_CONNECT	connect to paired Bluetooth devices	Bluetooth	da	0		Allows the app to connect to paired Bluetooth devices. This is a runtime permission, and thus must explicitly be confirmed by the user.
BLUETOOTH_PRIVILEGED	Bluetooth Privileged	Bluetooth	sy	0	2	Allows applications to pair bluetooth devices without user interaction. This is not available to third party applications.
BLUETOOTH_SCAN	discover and pair nearby Bluetooth devices	Bluetooth	da	0		Allows the app to discover and pair nearby Bluetooth devices. This is a runtime permission and thus must be explicitly approved by the user. For potential privacy implications, also see NEARBY_WIFI_DEVICES.
BODY_SENSORS	body sensors (like heart rate monitors)	Personal Information	no	0	2	Allows the app to access data from additional sensors connected to the phone (not the sensors permanently installed in the phone) to determine what is happening in the body. An example would be heart rate monitors.
BRICK	Permanently disable phone	System Tools	si	0		Required to be able to disable the device (very dangerous!). Not available to 3rd party apps – and seemingly even not used anywhere, see Why do some apps request too many permissions?.
BROADCAST_CLOSE_SYSTEM_DIALOGS	Broadcast to close system dialogs	System Tools	sy	0		Allows an application to broadcast the intent ACTION_CLOSE_SYSTEM_DIALOGS. Not for use by third-party applications. Up to Android 11, this was often used to close a potentially open notification area. Was deprecated with Android 12.
BROADCAST_DATA_MESSAGE	Broadcast data messages to apps	Network	sy	0		Can broadcast data messages received from the Internet to apps registered to listen for them. Reserved to system apps.
BROADCAST_PACKAGE_ADDED	Send Package Added Broadcast	System Tools	si	0		Allows an application to broadcast a notification that an application package has been added.
BROADCAST_PACKAGE_REMOVED	Send package removed broadcast	System Tools	si	0		Allows an application to broadcast a notification that an application package has been removed.
BROADCAST_SMS	Send SMS-received broadcast	Messages	si	0		Allows an application to broadcast an SMS receipt notification.
BROADCAST_STICKY	Send Sticky Broadcasts	System Tools	no	0		Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast. The permission has to do with how applications "talk" to each other using a communication method called Intents. While this permission is highly technical it is a relatively low importance. There are no know obvious malicious uses for this permission.
BROADCAST_WAP_PUSH	Send WAP-PUSH-received broadcast	Messages	si	0		Allows an application to broadcast a WAP PUSH receipt notification. Not for use by third-party applications.
c2dm.permission.RECEIVE	Receive data from Internet	Network		1		Allows apps to accept cloud to device messages sent by the app's service (GoogleCloudMessaging). Using this service will incur data usage. Malicious apps could cause excess data usage.
c2dm.permission.SEND	Send data to Internet	Network		1		Allows apps to send cloud to device messages (GoogleCloudMessaging). Using this service will incur data usage.
CALL_COMPANION_APP	see and control calls through the system.	Phone Calls	no	0		a call companion app is one which provides no user interface itself, but exposes call information to another display surface, such as a wearable device. The user may choose multiple apps to fill this role. Such apps can access call details and also control calls.
CALL_PHONE	Directly call phone numbers	Phone Calls	da	0	3	Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed. This permission is of high importance. This could let an application call expensive premium numbers (even abroad or satellite) and charge you money. However, this is not as common a way to cheat people in today's world as it used to be. Legitimate applications that use this include: Google Voice and Google Maps. Another important point to note here is that any app can launch the phone screen and pre-fill a number for you. However, in order to make the call, you would need to press „Send“ or „Call“ yourself. The difference with this permission is that an app could make the entire process automatic and hidden.
CALL_PRIVILEGED	Directly call any phone numbers	Phone Calls	sy	0		Allows an application to call any phone number, including emergency numbers, without going through the Dialer user interface for the user to confirm the call being placed. For technical details, see CALL_PHONE.
CAMERA	Take pictures and videos	Camera	da	0	4	Required to be able to access the camera device. This permission is of moderate importance. As it states, it lets an app control the camera function on your phone. In theory this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras. Legit uses include a.o. camera apps and barcode readers.
CAPTURE_AUDIO_OUTPUT	Capture audio output		sy	0	3	Allows an application to capture audio output. Not for use by third-party applications. Requested e.g. by Google Play Services.
CAPTURE_SECURE_VIDEO_OUTPUT	Capture Secure Video Output		sy	0		Allows an application to capture secure video output. Not for use by third-party applications. Requested e.g. by Google Play Services.
CAPTURE_VIDEO_OUTPUT	Capture Video Output		sy	0		Allows an application to capture video output. Not for use by third-party applications. Requested e.g. by Google Play Services.
CHANGE_BACKGROUND_DATA_SETTING	Change background data usage setting	Network	si	0		Allows the app to change the background data usage setting.
CHANGE_COMPONENT_ENABLED_STATE	Enable or disable app components	System Tools	sy	0	2	Allows an app to change whether an application component (other than its own) is enabled or not. Malicious apps may use this to disable important device capabilities. Care must be used with this permission, as it is possible to get app components into an unusable, inconsistent, or unstable state.
CHANGE_CONFIGURATION	Change system display settings	Development Tools	dv	0	2-3	Allows an application to modify the current configuration, such as locale. This is a permission that generally should not be granted to regular apps. Other than changing the locale (i.e. regional settings) and font size, it is unclear what configuration changes this permission allows. As such, it should be treated with considerable caution.
CHANGE_NETWORK_STATE	Change network connectivity	Network	da	0		Allows applications to change network connectivity state. Good Cop: Enable network connection only when needed, according to the requirements of the user. Bad Cop: Cause extra costs (especially when in roaming) just for mischievous glee; secretly transfer data (in conjunction with INTERNET).
CHANGE_WIFI_MULTICAST_STATE	Allow Wi-Fi Multicast reception	Effects on Battery Life	da	0		Allows applications to enter Wi-Fi Multicast mode. This allows to send data packages to multiple recipients simultaneously, without using additional bandwidth. Useful e.g. for streaming servers supporting multiple clients. It also enables to receive network packages not intended for the own device (sniffing). Uses more power than non-multicast-mode.
CHANGE_WIFI_STATE	Connect and disconnect from Wi-Fi	Network	da	0		Allows applications to change Wi-Fi connectivity state. Think of it as CHANGE_NETWORK_STATE for WiFi.
CHANGE_WIMAX_STATE	Change WiMAX state	Network	da	0		Allows the app to connect the device to and disconnect the device from WiMAX networks. CHANGE_NETWORK_STATE for WIMAX. Also can apply changes to configured WIMAX networks.
CLEAR_APP_CACHE	Delete all app cache data	System Tools	da	0	0	Allows an application to clear the caches of all installed applications on the device. This permission is of low importance. It allows an app to clear the cache of apps on the phone or tablet. The cache is a place that an app stores recently used data for faster access. Clearing the cache can sometimes (very rarely) fix bugs related to those files. Clearing these files generally presents no risk other than to slow the performance of the phone or tablet (as apps will need to re-create the caches when used).
CLEAR_APP_USER_DATA	Delete other apps´ data	System Tools	si	0		Allows an application to clear user data. Similar to what the "Clear Data" button in Settings → Apps does for each app. Restricted to apps signed by the manufacturer.
COLLECT_METRICS	Collect customer metrics		sy	0		Permits an app to collect customer metrics for Amazon, on how an app is used. This permission is bound to the Amazon Metrics Service Application (com.amazon.client.metrics) and thus only granted with that app installed.
CONFIGURE_SIP	Full access to SIP Accounts/Calls/Messages	Phone Calls	da	0	3	Configure SIP accounts and settings, access to SIP contents (call logs, messages...), extends and hook SIP flow. A malicious app with this permission can cause additional costs by e.g. configuring a costly SIP service.
CONNECTIVITY_INTERNAL	Use privileged ConnectivityManager API	Network	sy	0	2	Allows an internal user to use priviledged ConnectivityManager APIs.
CONTROL_LOCATION_UPDATES	Control Location Updates	Location	sy	0		Allows enabling/disabling location update notifications from the radio. Not for use by normal applications.
dashclock.permission.READ_EXTENSION_DATA	request DashClock extension data		si	0		Allows requesting DashClock extension data.
DELETE_CACHE_FILES	Delete other apps´ caches	System Tools	sy	0		Allows an application to delete cache files. Not for use by third-party applications.
DELETE_PACKAGES	Delete apps	System Tools	sy	0	1	Allows an application to delete packages. Not for use by third-party applications.
DEVICE_POWER	Device Power Management	System Tools	si	0	1	Allows low-level access to power management. Not for use by third-party applications.
DIAGNOSTIC	Read/write to resources owned by diag	System Tools	si	0		Allows the app to read and write to any resource owned by the diag group; for example, files in /dev. This could potentially affect system stability and security. This should be ONLY be used for hardware-specific diagnostics by the manufacturer or operator. It's not intended for use by third-party applications.
DISABLE_KEYGUARD	Disable your screen lock	Screenlock	da	0	2-3	Allows applications to disable the keyguard. This permission is of medium-high importance. It allows an app to disable the "lock screen" that most phones go into after going to sleep and been turned on again. This lockscreen can sometimes be a password screen, or a PIN screen, or just a "slide to unlock" screen.
DOWNLOAD_WITHOUT_NOTIFICATION	Download files without notification	Network	no	0	1	Allows to queue downloads without a notification shown while the download runs. Good Cop: A PodCast player could use this to preload content without "spamming" the notification area. Bad Cop: Download malware modules in background without the user´s notice.
DUMP	Retrieve system internal state	Development Tools	dv	0	4	Allows an application to retrieve state dump information from system services. Not for use by third-party applications. The information accessible with this permission is most likely comparable of that retrieved by the dumpsys command-line tool. Evil apps could theoretically use this to access private and protected data.
DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION	app only accepts its own intents		si	0	0	This is not a real permission, but rather a quirk. It is used with API level 33 and above (Android 13+), simply meaning that the application intends to send intents – but only to itself, while rejecting them from elsewhere. So you can safely ignore it. For details, e.g. see here.
email.ACCESS_PROVIDER	Access email provider data	Messages	si	0		Allows this application to access your email database, including received messages, sent messages, usernames and passwords. Not available to third-party apps.
EXPAND_STATUS_BAR	Expand/collapse status bar	Status bar	no	0	2-3	Allows an application to expand or collapse the status bar. This appears to be a system permission – not for use by regular applications. By collapsing the status bar, an app might have a full-screen mode; an evil app might as well use it to hide the appearance of certain status icons from the user.
FACTORY_TEST	Factory Test	System Tools	si	0		Run as a manufacturer test application, running as the root user. Only available when the device is running in manufacturer test mode.
FLASHLIGHT	Control flashlight	Effects on Battery Life	no	0	0	Allows access to the flashlight. This allows apps to turn on or off the LED "flash" light used by the camera. This is a handy tool but usually of no risk itself – except, maybe, for battery consumption.
FORCE_BACK	Force app to close	System Tools	si	0		Allows the app to force any activity that is in the foreground to close and go back.
FORCE_STOP_PACKAGES	Force stop other apps	System Tools	si	0		Allows the app to forcibly stop other apps. Should be reserved for system apps. Malicious apps could use this to disable security apps.
FOREGROUND_SERVICE	Foreground Service	System Tools	no	0		Required by apps targeting Android P or higher which want to run a foreground service. (A foreground service performs some operation that is noticeable to the user (like playing a sound track). Foreground services continue running even when the user isn't interacting with the app, but must display a Notification.)
FOREGROUND_SERVICE_SPECIAL_USE	Convey type of Foreground Service	System Tools	no	0		Allows an app to convey to the system the type of foreground Service that the app uses.
FREEZE_SCREEN	freeze screen	System Tools	si	0		Allows the application to temporarily freeze the screen for a full-screen transition. This permission is provided by the Android OS itself, and is not available to third-party-apps.
GALLERY_PROVIDER	GALLERY_PROVIDER		da	0		Due to lack of documentation, I can only guess here from apps using it and what they have in common that this permission is required to access multimedia data via the gallery content provider.
GET_ACCOUNTS	Find accounts on the device	Accounts	no	0		Allows access to the list of accounts in the Accounts Service. Applications that require some type of authentication from accounts that are "connected" to the device. A list of the accounts are ususally displayed so you can choose the account to use with the application. To really use those credentials, the USE_CREDENTIALS permission is required. An evil app could use this permission to spy on you (what are you using?).
GET_APP_OPS_STATS	Retrieve app ops statistics	System Tools	dv	0		Allows the app to retrieve collected application operation statistics (e.g. how often and how long an app was being used). Not for use by normal apps. APP_OPS is a module of the Android permission system allowing for retroactive adjustment of app permissions. It was not made officially available before (and including) Android 4.4 Kitkat.
GET_PACKAGE_SIZE	Measure app storage space	System Tools	no	0	1	Allows an application to find out the space used by any package. This permission does not seem to have any risk associated with it.
GET_TASKS	Retrieve running apps	App Information	da	0	1-3	Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc. This permission is of moderate importance. It will allow an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets. Other than that however, most apps should not need this permission.
GET_TOP_ACTIVITY_INFO	Get Top Activity Info	App Information	si	0		Allows an application to retrieve private information about the current top activity, such as any assist context it can provide. Not for use by third-party applications.
GLOBAL_SEARCH	Global Search	System Tools	sy	0		This permission can be used on content providers to allow the global search system to access their data. Typically it used when the provider has some permissions protecting it (which global search would not be expected to hold), and added as a read-only permission to the path in the provider where global search queries are performed. This permission can not be held by regular applications; it is used by applications to protect themselves from everyone else besides global search.
GLOBAL_SEARCH_CONTROL	Global search control	System Tools	si	0		Allows the application to control the global search. Not available to third party apps.
GOOGLE_AUTH	View configured accounts	Accounts	no	0		Allows apps to see the usernames (email addresses) of the Google account(s) you have configured. Good Cop: List accounts for the user to chose from when using a Google service Bad Cop: Sniff and snoop, find "valid mail adresses" to abuse for other purposes (e.g. spamming)
GOOGLE_AUTH.mail	Google mail	Accounts	da	1		Allows apps to sign in to Google mail services using the account(s) stored on this Android device. Good Cop: Automatic sign-in to use Google Services in the interest of the user Bad Cop: Secretly sign-in without the user´s notice to e.g. send spam or spying on personal data
GOOGLE_AUTH.wise	Google Spreadsheets	Accounts	da	1		Allows apps to sign in to Google Spreadsheets using the account(s) stored on this Android device. Good Cop: Automatic sign-in to use Google Services in the interest of the user Bad Cop: Secretly sign-in without the user´s notice to e.g. spy on personal data
GOOGLE_AUTH.writely	Google Docs	Accounts	da	1		Allows apps to sign in to Google Docs using the account(s) stored on this Android device. Good Cop: Automatic sign-in to use Google Services in the interest of the user Bad Cop: Secretly sign-in without the user´s notice to e.g. spy on personal data
GOOGLE_PHOTOS	handle photos backed up to G+			1		This permission is required to access photos backed up to G+ (see this XDA post) by the Google Photos app.
google.MAPS_RECEIVE	Receive map material from Google Maps	Network		2		If an app wants to integrate maps from Google Maps, it needs this permission (along with READ_GSERVICES, INTERNET and WRITE_EXTERNAL_STORAGE). The permission must start with the app´s package name, as only apps registered with the Google Service get access. At installation time, this permission is not presented to the user, so you will only see it in the app´s Manifest file.
GTALK_SERVICE	Google Talk Service	Messages	da	1		I couldn´t find any documentation on this permission, which is connected to Google Talk resp. Google Hangouts. The protection level assigned seems to differ between devices.
HARDWARE_TEST	Test Hardware	Hardware Controls	si	0		Allows access to hardware peripherals. Intended only for hardware testing.
HIGH_SAMPLING_RATE_SENSORS	access sensor data with a sampling rate greater than 200 Hz.	Sensors	no	0		Allows an app to collect sensor data with a frequency higher than 200 Hz, i.e. more than 200 data sets per second.
im.permission.READ_ONLY	read instant messages	Messages	da	0	3	This is a permission realated to reading instant messages, such as those on GoogleTalk.
INJECT_EVENTS	Press keys and control buttons	System Tools	sy	0		Allows an application to inject user events (keys, touch, trackball) into the event stream and deliver them to ANY window. Without this permission, you can only deliver events to windows in your own process. Very few applications should need to use this permission. Malicious apps may use this to take over the device.
INSTALL_DRM	Install DRM content	System Tools	no	0	1-3	Allows app to install DRM-protected content. DRM stands for Digital Rights Management, sometimes also called "Digital Restriction Management". It is used to control (and restrict) access to media – e.g. by Google Books, Google Movies, or Amazon‘s Kindle.
INSTALL_LOCATION_PROVIDER	Install Location Provider	Location	sy	0		Create mock location sources for testing or install a new location provider into the Location Manager. This allows the app to override the location and/or status returned by other location sources such as GPS or location providers. Reserved to system apps.
INSTALL_PACKAGES	Directly install apps	System Tools	sy	0	5	Allows the app to install new or updated Android packages. Malicious apps may use this to add new apps with arbitrarily powerful permissions. Not for use by third-party applications.
INSTALL_SHORTCUT	Install Shortcuts		da	0	1-3	Allows an application to install a shortcut in Launcher (Homescreen). This is a custom permission for the default Android Laucher (the home screen). It would allow an app to put an icon or shortcut there. While not dangerous, this can sometimes be a sign of a potentially malicious or adware app, which could e.g. create a shortcut that looks like Google Play, but of course launches something completely different.
INTERACT_ACROSS_USERS	Interact Across Users	System Tools	sy	0	2	Allows an application to call APIs that allow it to do interactions across the users on the device, using singleton services and user-targeted broadcasts. This permission is not available to third party applications. Such an app can e.g. access its data of all users, not only the one currently running it. An example would be the lockscreen app, which needs to access the profile pictures of all users in order to show the "switch users" GUI (see here).
INTERACT_ACROSS_USERS_FULL	Full license to interact across users	System Tools	si	0	3	Fuller form of INTERACT_ACROSS_USERS that removes restrictions on where broadcasts can be sent and allows other types of interactions.
INTERNAL_SYSTEM_WINDOW	Internal System Window	System Tools	si	0	3	Allows an application to open windows that are for use by parts of the system user interface. Not for use by third party apps.
INTERNET	Full network access	Network	da	0		Apps with this permission can use an existing Internet connection (WLAN or cellular) to transfer data. The WLAN MAC address can also be read out with it. All apps that contact a server via the Internet without your intervention need this permission. It is also used for advertising purposes. However, special caution is recommended in connection with other permissions that grant access to personal data (contacts, calendar, etc.), for example – as it can also be used to spy on personal data. However, the Internet connection itself must already be established. (This requires the CHANGE_WIFI_STATE or CHANGE_NETWORK_STATE permission). But even without this permission, apps can send data over the Internet. For example, if they use interfaces to the email app, the browser app or the Google Play store – though this usually only works with small amounts of data.
k9.permission.DELETE_MESSAGES	Delete messages from K-9 Mail	Messages		0	3	Enables an app to delete mails stored in K-9 Mail.
k9.permission.READ_ATTACHMENT	Read K-9 Mail attachments	Messages		0	2-3	This is a custom permission for the K-9 Mail app. See also READ_ATTACHMENT.
k9.permission.READ_MESSAGES	Read mails stored in K-9 Mail	Messages		0	2-3	Enables an app to read mails stored with the K-9 Mail app. Be aware mails can contain sensible personal information!
KILL_BACKGROUND_PROCESSES	Close other apps	System Tools	no	0	2-4	Allows an application to call killBackgroundProcesses(String). This permission is a bit of a tricky one. Often this is used by what are called "task killers". Conversely this permission has some potential to maliciously close anti-virus or other security related apps. This should be treat caution. Few users should ever need an app with this permission. Rather, it could be an indicator of malicious intent (especially if not requested by a task killer or system performance tuning app).
launcher.permission.UPDATE_COUNT	Updating Notification Counts		no	0	0	Access the notification API of Apex Launcher, see XDA Developers. This permission just enables an app to provide counter information to the launcher. Usually this is done by mail apps. No risks known so far.
launcher.READ_SETTINGS	read Home settings and shortcuts	System Tools	no	0		The permissions allow an application to read configuration settings of Android’s Launcher, including that of icons.
launcher.WRITE_SETTINGS	write Home settings and shortcuts	System Tools	no	0		The permissions allow an application to modify configuration settings of Android’s Launcher, including that of icons. Malicious apps could use this to place (misleading) icons on your homescreen – e.g. one looking like the Playstore – to lure you into actions you otherwise wouldn´t perform.
LOCATION_HARDWARE	Access Location hardware		sy	0	3	Allows an application to use location features in hardware, such as the geofencing api. Not for use by third-party applications.
MANAGE_ACCOUNTS	Add or remove accounts	Accounts	da	0		Allows an application to manage the list of accounts in the AccountManager. This permission allows an application to add/remove accounts in the account manager. Like when you log in to facebook, it adds your account to the Account Manager accounts. For further details, see e.g. this Stack Exchange post, and also the AccountManager Documentation on the Android Developers site.
MANAGE_APP_TOKENS	Manage App Tokens	Accounts	si	0		Allows an application to manage (create, destroy, Z-order) application tokens in the window manager. This is only for use by the system.
MANAGE_DEVICE_ADMINS	add or remove a device admin	System Tools	sy	0		Allows the holder to add or remove active device administrators. Should never be needed for normal apps.
MANAGE_DOCUMENTS	Manage Documents	Storage	sy	0		Allows an application to manage access to documents, usually as part of a document picker.
MANAGE_EXTERNAL_STORAGE	Manage external storage	Storage	sy	0	2-3	Allows an application a broad access to external storage in scoped storage (Android 10+). Intended to be used by few apps that need to manage files on behalf of the users, like file managers. This permission needs to be granted by the user explicitly („appops“), unless the app comes preinstalled or is signed with the same key as the ROM.
MANAGE_MTP	Manage MTP	Hardware Controls	sy	0		Allows an application to access the MTP USB kernel driver. For use only by the device side MTP implementation.
MANAGE_OWN_CALLS	route calls through the system	Phone Calls	no	0		Allows a calling application which manages it own calls through the self-managed ConnectionService APIs. Intended for use with standalone calling apps which do not wish to use the default phone app for Connection UX, but which want to leverage the call and audio routing capabilities of the Telecom framework. Android 8+.
MANAGE_USB	Manage preferences and permissions for USB devices	Hardware Controls	sy	0		Allows an application to manage preferences and permissions for USB devices. Restricted to system apps.
MANAGE_USERS	manage users	System Tools	sy	0	2	Allows apps to manage users on the device, including query, creation and deletion. This permission is not available to third party applications.
MASTER_CLEAR	Master Clear		sy	0	1	Allows an app to perform a "master clear" (i.e. factory reset) of the device. Restricted to system apps. Restricted to system apps.
MEDIA_CONTENT_CONTROL	control media playback and metadata access		sy	0		Allows an application to know what content is playing and control its playback. Not for use by third-party applications due to privacy of media consumption.
MMS_SEND_OUTBOX_MSG	MMS Wakeup	Messages	sy	0		Sends out all MMSs from the outbox to the network. Restricted to system apps and those signed with the same key as the ROM.
MODIFY_AUDIO_SETTINGS	Change your audio settings	Hardware Controls	da	0	0	Allows an application to modify global audio settings.
MODIFY_PHONE_STATE	Modify Phone State	Phone Calls	sy	0	2-4	Modify the status of phone functionality: power, MMI codes (call forwarding, Caller ID) – not to initiate calls. But the network could be switched (to a different carrier, roaming) or the radio (de)activated, without informing the user. The permission can also be used to intercept incoming calls.
MOUNT_FORMAT_FILESYSTEMS	Erase USB storage	System Tools	sy	0	1-3	Allows formatting file systems for removable storage. The primary danger with this permission is that it could be used to erase data from an SD card or other similar storage in your phone. This is also not a permission any normal app should need.
MOUNT_UNMOUNT_FILESYSTEMS	Access USB storage filesystem	System Tools	sy	0	4	Allows mounting and unmounting file systems for removable storage. This permission just allows for connecting to SD cards for reading and writing. While not a risk itself, this is also not a permission any normal app should need.
MOVE_PACKAGE	Move app resources	System Tools	sy	0		Allows an application to move application resources from internal to external media and vice versa. In other words: App2SD.
NEARBY_WIFI_DEVICES	Required to be able to advertise and connect to nearby devices via Wi-Fi.	Network	da	0		This permission is required to be able to advertise and connect to nearby devices via Wi-Fi. Privacy implication example: You grant an app (say Facebook) this permission, but not access to your location. Someone next to you granted it location access. So the service behind the app on your device can correlate your location based on the data of your neighbors device.
NFC	Control Near Field Communication	Network	da	0	2	Allows applications to perform I/O operations over NFC. The distance which NFC is able to work is only a few centimeters so that devices (or a device and a tag) must effectively be touching each other to communicate. Due to the distance, this technology is not particularly dangerous. However it does present a small risk and it is something that should used with caution.
PACKAGE_USAGE_STATS	Update component usage statistics	System Tools	si	0	1	Allows the modification of collected component usage statistics. Not for use by normal applications. Most likely refers to app statistics, e.g. how often an app was started.
PERFORM_CDMA_PROVISIONING	Start CDMA phone settings		sy	0		Allow applications to launch CDMA services (a telephony functionality). Reserved to system apps.
PERSISTENT_ACTIVITY	Make app always run	App Information	no	0		Allow an application to make its activities persistent. Deprecated at API level 9 (Gingerbread).
POST_NOTIFICATIONS	post notifications	System Tools	da	0		This is a runtime permission introduced with Android 13, allowing an app to send non-exempt notifications. If you deny this permission, the app cannot send notifications. This effects all apps targeting Android 13 o higher.
PREVENT_POWER_KEY	Change behaviour of the power key	Hardware Controls	da	0		Allows an application to override the default behaviour for the power key.
PROCESS_OUTGOING_CALLS	Reroute outgoing calls	Phone Calls	da	0	2-4	Allows an application to monitor, modify, or abort outgoing calls. This permission is of high importance. This would allow an app to see what numbers are called and other personal info. Generally this permission should only be seen on apps for VOIP (Voice Over Internet Protocol) like Google Voice or dialer replacement type apps. For incoming calls, see MODIFY_PHONE_STATE.
QUERY_ALL_PACKAGES	query apps on the device	System Tools	no	0	1-3	Allows query of any normal app on the device, regardless of manifest declarations. This permission was added with Android 11; apps targeting this or a higher version will require this permission to list all installed packages. Some more details on this are explained at StackOverflow: What does QUERY_ALL_PACKAGES permission do? In short: Apps now must declare which other apps they want to look for – other apps will be filtered by the system unless this permission was requested. A package manager will certainly need this – a Flaslight app not. Note: It seems Google Play does not point out whether an app requests this permission.
RAISED_THREAD_PRIORITY	Raised thread priority	System Tools		0		Allows the application procedures to obtain the priority of the an elevated the thread. This might be required for e.g. real-time audio/video playback. Malicious apps could however use this to slow down the system.
READ_APP_BADGE	read notification badges		no	0		Allows an app to read the notification badges displayed on icons in the launcher.
READ_ATTACHMENT	Read email attachments	Personal Information	da	0	2-3	This is a custom permission for the default Android email app (i.e. not Gmail). This permission should be treated with great caution. Many email attachments contain highly sensitive and personal or financial information.
READ_CALENDAR	Read calendar events plus confidential information	Personal Information	da	0	2	Allows an application to read the user's calendar data. This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access. Additionally, it's good to keep in mind that calendar events can, and often do contain contact information.
READ_CALL_LOG	Read Call Logs	Personal Information	da	0	2	Allows an application to read the user's call log. This permission is used by apps that need or want to show your call log, like phone apps. The content of your call log allows many conclusions to be drawn about users. Implicitly granted with READ_CONTACTS when both minimum and targeted SDK level are 15 (ICS) or lower.
READ_CLIPBOARD	Read clipboard contents	System Tools		0	2-3	An app with this permission can read clipboard contents – that is, everything you copy into the clipboard (including passwords, if you copy them). Some more detailed background and preventive measures can be found in the following XDA article: How to Stop Apps from Reading the Android Clipboard to Protect your Privacy (dated 8/2017).
READ_CONTACTS	Read your contacts	Personal Information	da	0	2	Allows an application to read the user's contacts data. This not only includes existing contacts and their data, but also how often you called them, mailed them etc. This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps. Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps. But some apps (such as Facebook and WhatsApp) also upload your data to their servers.
READ_CONTENT_PROVIDER	Access mail information	Messages	da	0		This is primarily for access to information on Mails in Gmail. Developers can use this content provider to display label information to the user.
READ_EXTERNAL_STORAGE	Read the contents of your usb storage	Storage	no	0	0	Allows an application to read from external storage. This permission was granted to all apps by default up to Android 4.3. This changed with Android 4.4 (API level 19), which now requires that applications explicitly request read access using this permission. If an application already requests write access, it will automatically get read access as well. Up to Android 9 this permission is still needed if an app wants to read media files (e.g. photos in DCIM/). Good/Bad Cop: An MP3 player of course should have access to your music files stored there – but along with that, it could also access all other data stored on the card. Which means, you should never store sensible data (unencrypted) on your SDCard.
READ_FRAME_BUFFER	Read Frame Buffer	System Tools	sy	0	4	Allows an application to take screen shots and more generally get access to the frame buffer data.
READ_GMAIL	Read Gmail	Messages	si	1		Protection level switched from "dangerous" to "signature" about the time Gingerbread was released (with Gmail 2.3.5), see Android Census – so it's not available to third-party apps (anymore).
READ_GMAIL_PROVIDER	Read Gmail	Messages		1		Also see: READ_GMAIL. Checking the full permission name, both of them are named READ_GMAIL, and the stores mostly label them both only "Read Gmail" (so they are hard to tell apart – and some apps probably have them mis-tagged here as well, or having requested both of them). Not being able to find any documentation (Gmail is, after all, closed source), I can neither tell the difference nor what they expose.
READ_GSERVICES	read Google service configuration	Accounts	no	1	1	Allows an app to read the Google services map. Not for use by normal apps. The protection level assigned to this permission varies between devices (normal/dangerous) – but generally seems to contradict the "not for normal apps" description. Applying some deduction to related permissions and their discussions, this post on Android.StackExchange.COM concludes the Google Service Map must be an index of Google Services available on the device, and READ_GSERVICES probably comparable to GET_ACCOUNTS – to find out what Google Services are available to be used.
READ_HISTORY_BOOKMARKS	Read your Web bookmarks and history	Personal Information	da	0	2-3	Allows an application to read (but not write) the user's browsing history and bookmarks. Browsing habits are often tracked through regular computers, but with this permission you‘d be giving access to more than just browsing habits. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps.
READ_INPUT_STATE	Record what you type and actions that you take	System Tools	sy	0	3-4	Allows an application to retrieve the current state of keys and switches, including to watch the keys that you press even when interacting with another app (such as typing a password). This is only for use by the system.
READ_LOGS	Read sensitive log data	Development Tools	dv	0	3	Allows an application to read the low-level system log files. This allows the application to read what any other applications have logged, which might contain sensitive (and even personal) data. Since Android 4.1 this permission is only available to system apps; with Android 7.1 it is covered by protection level signature|privileged|development.
READ_MEDIA_AUDIO	read audio files from shared storage	Storage	da	0		Allows an application to read audio files from external storage. A runtime permission the user needs to confirm so the app can use it. An app which targets Android 13 or higher and needs to read audio files from external storage must hold this permission; READ_EXTERNAL_STORAGE is not required. For apps targeting Android 12.1 or lower, READ_EXTERNAL_STORAGE is required, instead, to read audio files.
READ_MEDIA_IMAGES	read image files from shared storage	Storage	da	0		Allows an application to read image files from external storage. An app which targets Android 13 or higher and needs to read image files from external storage must hold this permission; READ_EXTERNAL_STORAGE is not required. For apps targeting Android 12.1 or lower, READ_EXTERNAL_STORAGE is required, instead, to read image files.
READ_MEDIA_STORAGE	Read internal media storage contents	Storage		0		Like READ_EXTERNAL_STORAGE, but for "internal storage".
READ_MEDIA_VIDEO	read video files from shared storage	Storage	da	0		Allows an application to read video files from external storage. An app which targets Android 13 or higher and needs to read audio files from external storage must hold this permission; READ_EXTERNAL_STORAGE is not required. For apps targeting Android 12.1 or lower, READ_EXTERNAL_STORAGE is required, instead, to read video files.
READ_MEDIA_VISUAL_USER_SELECTED	read user selected image and video files from shared storage	Storage	da	0		Allows the app to read image and video files that you select from your shared storage – the grant therefore only applies to the selected files and not to entire directories. This permission allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. Apps can check this permission to verify that a user has decided to use the photo picker, instead of granting access to READ_MEDIA_IMAGES or READ_MEDIA_VIDEO. It does not prevent apps from accessing the standard photo picker manually. This permission should be requested alongside READ_MEDIA_IMAGES and/or READ_MEDIA_VIDEO, depending on which type of media is desired. This permission will be automatically added to an app's manifest if the app requests READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, or ACCESS_MEDIA_LOCATION regardless of target SDK. If an app does not request this permission, then the grant dialog will return PERMISSION_GRANTED for READ_MEDIA_IMAGES and/or READ_MEDIA_VIDEO, but the app will only have access to the media selected by the user. This false grant state will persist until the app goes into the background.
READ_OWNER_DATA	Read owner data	Personal Information	da	0		Read access to owner data saved on the device. Lacking documentation, I again can guess here only; it seems to be bound to the "Me" contact in your address book.
READ_PHONE_NUMBERS	Allows read access to the device's phone number(s).	Phone Calls	da	0		Allows read access to the device's phone number(s). This is a subset of the capabilities granted by READ_PHONE_STATE but is exposed to instant applications. As it's named a subset of READ_PHONE_STATE, the numbers accessed are the ones belonging to you, i.e. assigned to your SIM card (and not your contacts list).
READ_PHONE_STATE	Read phone status and identity	Phone Calls	da	0		Allows read only access to phone state. This permission gives access to your device's identifiers (IMEI/IMSI, SIM ID, voice mailbox number, your phone number and, if a call is in progress, the remote number. It‘s not necessarily required for things like call state (whether a call is in progress/pending), network operator, or the network provider used – according to the app permission.READ_PHONE_STATE (no longer listed on Google Play), which shows what this permission is needed for (and what not); also see here. This permission is automatically granted to apps targeted at Android 1.6 or before.
READ_PRIVILEGED_PHONE_STATE	access the device	Phone Calls	sy	0	3	Starting in Android 10, apps must have the this privileged permission in order to access the device's non-resettable identifiers, which include both IMEI and serial number. Third-party apps installed from the Google Play Store cannot declare privileged permissions.
READ_PROFILE	Read your own contact card	Personal Information	da	0	2-3	Allows an application to read the user's personal profile data (usually includes name, email-address and phone number; it's not identical to e.g. the Google Account). This is a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile. Messenger apps might want to pick the profile picture from here.
READ_SECURE_SETTINGS	Read Secure Settings	Hardware Controls		0		Allows an application to read the secure system settings. No documentation found, hints welcome!
READ_SMS	Read your text messages (SMS or MMS)	Messages	da	0	3	Allows an application to read SMS messages. This permission is mostly a privacy concern. Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS replacment" apps (such as Handcent) and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device. This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen. Check the app permission.READ_SMS (no longer available at Google Play) to see what information can be obtained with this permission.
READ_SOCIAL_STREAM	Read your social stream	Social Information	da	0	2-3	Allows an application to read from the user's social stream. This is a new permission introduced with Android 4.0 (Ice Cream Sandwhich). It would allow an app to read updates from social networking apps like Google+, Twitter, and Facebook. By granting this permission you are giving an app the ability to read not only your information, but any updates posted by people in your social circles.
READ_SYNC_SETTINGS	Read sync settings	Sync settings	no	0		Allows applications to read the sync settings. This permission mostly allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off. Might be a indicator that the app wants to adjust its behavior accordingly and respect your wishes concerning when to sync and when not. Note that this only allows access to the sync settings – not to synchronized data.
READ_SYNC_STATS	Read sync statistics	Sync settings	no	0		Allows applications to read the sync stats for an account, including the history of sync events and how much data is synced. This permission is related to READ_SYNC_SETTINGS but not particularly dangerous itself. There is a minor risk that some personal information could be gleaned from the sync stats, but the information is unlikely to be valuble. Sync in this case relates to syncing of contacts and other types of media on the phone. However, apps can also synchronize without this function. It merely provides a tool in which typical requirements like time control are already predefined. Apps that work with the sync function need this permission to see the history of already performed synchronizations.
READ_USER_DICTIONARY	Read terms you added to the dictionary	User Dictionary	da	0		Allows an application to read the user dictionary. This should really only be required by an IME, or a dictionary editor like the Settings app. This would allow an app to read words added to your custom dictionary. Oftentimes this is abbreviations like "brb" that you might add for typing text messages. Unless you save personal information in your dictionary, this permission is of almost no risk.
REAL_GET_TASKS	Retrieve running tasks	App Information	sy	0		Get running tasks/apps. Replaces GET_TASKS with API level 21+ (Lollipop)
REBOOT	Reboot	System Tools	sy	0		Required to be able to reboot the device. Not for use by third-party applications.
RECEIVE_BOOT_COMPLETED	Run at startup	App Information	no	0	0	Allows an application to receive the [ACTION_BOOT_COMPLETED](http://developer.android.com/reference/android/content/Intent.html#ACTION_BOOT_COMPLETED) that is broadcast after the system finishes booting. This permission will allow an application to tell Android to run the application every time you start your phone. While not a danger in and of itself, it can point to an applications intent. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, the use of this facility should be explicitly declared to make that visible to the user.
RECEIVE_EMERGENCY_BROADCAST	Receive Emergency Broadcast	Messages	sy	0		Allows an application to receive emergency cell broadcast messages, to record or display them to the user. Reserved for system apps.
RECEIVE_MMS	Receive text messages (MMS)	Messages	da	0	3	Allows an application to monitor incoming MMS messages, to record or perform processing on them. This permission is mostly a privacy concern. Any app that can read your MMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS/MMS replacment" apps (such as Handcent) and would naturally need this permission to function. See also RECEIVE_SMS.
RECEIVE_SENSITIVE_NOTIFICATIONS	Receive sensitive notifications	Personal Information	si	0	4	Sensitive notifications are e.g. those containing 2FA codes. From Android 15 onwards, apps need this permission if they should be able to see them. The permission is tied to protection level role|signature, and thus not easily available to non-system apps.
RECEIVE_SMS	Receive text messages (SMS)	Messages	da	0	3	Allows an application to monitor incoming SMS messages, to record or perform processing on them. This permission is mostly a privacy concern. Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply „SMS replacment“ apps (such as Handcent) and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device. This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen. More details on this permission can be found a.o. in this post on StackExchange.
RECEIVE_USER_PRESENT	receive USER_PRESENT broadcast			0		I couldn't find any documentation on this permission – so I cannot even tell if it really exists. However, there seems to be a broadcast intent android.intent.action.USER_PRESENT which is issued once the user begins interacting with the device (obviously after having paused to do so), e.g. when unlocking the screen – and this permission might be intended to permit registering a receiver to it (i.e. the app can get notified in those cases).
RECEIVE_WAP_PUSH	Receive text messages (WAP)	Messages	da	0		Allows an application to monitor incoming WAP push messages. Sending and receiving MMS is based on WAP. The information that there‘s a MMS message available for download, is sent as WAP Push to the device.
RECORD_AUDIO	Record audio	Microphone	da	0	3	Allows an application to record audio. While this permission is not typically dangerous, it is a potential tool for eavesdropping. However recording audio has legitimate uses such as note taking apps or voice search apps. As a side note recording audio is typically a significant drain on the battery. Bad Cop: In conjunction with the INTERNET permission, this could be used to eavesdrop on the user.
REORDER_TASKS	Reorder running apps	System Tools	no	0		Allows an application to change the Z-order of tasks. Malware could use this to push some ads o.a. into foreground to be displayed to the user.
REQUEST_DELETE_PACKAGES	Allows an application to request deleting packages.	System Tools	no	0		Allows an application to request deleting packages. Apps targeting APIs Build.VERSION_CODES.P or greater must hold this permission in order to use Intent.ACTION_UNINSTALL_PACKAGE or PackageInstaller.uninstall (VersionedPackage, IntentSender)). As this action should launch the application installer, the user should be asked to confirm each install.
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	Request exclusion from battery optimizations	Effects on Battery Life	no	0		Grants an app the permission to request being excluded from battery optimizations (aka Doze mode). The user has to approve this.
REQUEST_INSTALL_PACKAGES	Allows an application to request installing packages.	System Tools	si	0		Allows an application to request installing packages. Apps targeting APIs greater than 25 (Android 7/Nougat) must hold this permission in order to use ACTION_INSTALL_PACKAGE. As this action launches the application installer, the user should be asked to confirm each install.
REQUEST_PASSWORD_COMPLEXITY	request screen lock complexity	System Tools	no	0		Allows the app to learn the screen lock complexity level (high, medium, low or none), which indicates the possible range of length and type of the screen lock. The app can also suggest to users that they update the screen lock to a certain level but users can freely ignore and navigate away. Note that the screen lock is not stored in plain text so the app does not know the exact password.
RESTART_PACKAGES	Restart other applications	System Tools	no	0	2-3	Stop and restart other apps. This permission is deprecated, and should no longer be used. It will allow an application to tell Android to 'kill' the process of another application. However, any app that is killed will likely get restarted by the Android OS itself.
SCHEDULE_EXACT_ALARM	Schedule precisely timed actions	Device Alarms	no	0		Allows applications to use exact alarm APIs. An app holding this permission can schedule work to happen at a desired time in the future. This also means that the app can run when you’re not actively using the device. The system invokes an exact alarm at a precise moment in the future. Apps who hold this permission and target API level 31 (Android 12) or above, always stay in the WORKING_SET or lower standby bucket. Applications targeting API level 30 (Android 11) or below do not need this permission to use exact alarm APIs. Exact alarms should only be used for user-facing features. This is intended for things like alarm clocks and calendar events. Details can be found in the developer documentation. Usage of exact alarms might have affects on battery consumption. Other than with USE_EXACT_ALARM, the user can revoke this permission anytime – but that will also cancel alarms set this way.
SEND_DOWNLOAD_COMPLETED_INTENTS	Benachrichtigungen zu Ladevorgängen senden	Network	si	0		Allows the app to send notifications about completed downloads. Malicious apps can use this to confuse other apps that download files. Only available to system apps.
SEND_RESPOND_VIA_MESSAGE	Send respond-via-message events	Messages	sy	0		Allows an application (Phone) to send a request to other applications to handle the respond-via-message action during incoming calls. Not for use by third-party applications. This most likely refers to the possibility to reject incoming calls with an SMS.
SEND_SMS	Send SMS messages	Messages	da	0		Allows an application to send SMS messages. This could let an application send an SMS on your behalf, and much like the phone call permission, it could cost you money by sending SMS to for-pay numbers. Certain SMS numbers work much like 1-900 numbers and automatically charge your phone company money when you send them an SMS.
SEND_SMS_NO_CONFIRMATION	Send SMS with no confirmation	Messages	sy	0	3	Allows an application to send SMS messages via the Messaging app with no user input or confirmation (which can get quite expensive in case of a malicious app). Related to SEND_SMS, but restricted to system apps.
SET_ACTIVITY_WATCHER	Monitor and control all app launching	System Tools	sy	0		Allows an application to watch and control how activities are started globally in the system. Malicious apps may completely compromise the system. Normally used for debugging purposes only. Should not be requested by third-party apps.
SET_ALARM	Set an alarm	Device Alarms	no	0	0	Allows an application to broadcast an Intent to set an alarm for the user. This permission seems to be of low risk because it doesnt allow the setting of the alarm directly. Rather it allows the opening of the alarm app on the phone.
SET_ALWAYS_FINISH	Force background apps to close	Development Tools	da	0		Allows an application to control whether activities are immediately finished when put in the background.
SET_ANIMATION_SCALE	Modify global animation speed	System Tools	dv	0		Modify the global animation scaling factor (faster or slower animations). Not for use by third-party applications.
SET_DEBUG_APP	Enable app debugging	Development Tools	dv	0		Configure an application for debugging. Not for use by third-party applications. Gives an app the opportunity to enable debugging for other apps. Malicious code could thus delete other apps.
SET_ORIENTATION	Change screen orientation	System Tools	sy	0		Allows low-level access to setting the orientation (actually rotation) of the screen. Not for use by normal applications.
SET_POINTER_SPEED	Change pointer speed	System Tools	sy	0		Allows the app to change the mouse or touch pad pointer speed at any time. Not for use by normal applications.
SET_PREFERRED_APPLICATIONS	Set preferred Apps	System Tools	da	0	1-2	Assign default apps. No longer useful. Deprecated with API level 7, it no longer has any effect.
SET_PROCESS_LIMIT	Limit number of running processes	Development Tools	dv	0		Allows an application to set the maximum number of (not needed) application processes that can be running. Not for use by third-party applications.
SET_TIME	Set Time	System clock	sy	0		Allows applications to set the system time. Not for use by third-party apps.
SET_TIME_ZONE	Set time zone	System clock	da	0		Allows applications to set the system time zone. Should pose no risk (except you maybe late to work).
SET_WALLPAPER	Set Wallpaper	Wallpaper	no	0		Allows applications to set the wallpaper. Low risk, if any (except for shocking background images, maybe).
SET_WALLPAPER_COMPONENT	Setting live wallpapers	System Tools	sy	0
SET_WALLPAPER_HINTS	Adjust your wallpaper size	Wallpaper	no	0		Allows applications to set the wallpaper hints. Lacking documentation, the best guess is this is about settings for size and position.
SHUTDOWN	Partial shutdown	System Tools	sy	0		Allows an app to put the activity manager into the closed state; does not perform a complete shutdown. Reserved to system apps.
SIGNAL_PERSISTENT_PROCESSES	Send Linux signals to apps	Development Tools	dv	0		Allow an application to request that a signal be sent to all persistent processes. Not for use by third-party applications.
STATUS_BAR	Enable/Disable status bar	Status bar	sy	0		Allows an application to open, close, or disable the status bar and its icons. Not for use by third-party applications.
STATUS_BAR_SERVICE	Status bar	Status bar	si	0		Allows an application to be the status bar. Reserved for system apps. According to StackOverflow: The STATUS_BAR_SERVICE permission is used for apps that what to be the actual status bar. This is a protected permission so unless you're building your own ROM that includes replacing the status bar then I don't think this is the permission you want.
STOP_APP_SWITCHES	Prevent app switches	System Tools	sy	0		Prevent users from switching to another application. Reserved to system apps.
SUBSCRIBED_FEEDS_READ	Read subscribed feeds	System Tools	no	0	2	Allows an application to allow access the subscribed feeds ContentProvider. This would give an app access to RSS feeds that you have subscribed to. If you don´t subscribe to any RSS feeds this permission is of little risk. If you do, this permission is akin to letting an app have access to your browser history. It could glean interests and preferences and other semi-personal information.
SUBSCRIBED_FEEDS_WRITE	Write subscribed feeds	System Tools	da	0	0-2	This would give an app write access to RSS feed that you have subscribed to. See also SUBSCRIBED_FEEDS_READ.
SYSTEM_ALERT_WINDOW	Draw over other apps	Display	da	0	3	Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications. This permission allows an app to show a "popup" window above all other apps, even if the app is not in the foreground. A malicious developer/advertiser could use it to show very obnoxious advertising. Almost no apps should require this permission unless they are part of the Android operating system. An example of a system alert would be the alert you are shown when your phone or tablet is out of battery and is about to shut down. Also see: Android.SE "Drawing over other apps" In addition, this permission is needed when an app shall be started at boot but not in background, without the need of clicking/tapping a notification.
tasker.PERMISSION_RUN_TASKS	Run Tasker tasks			0		Permits an app to call pre-defined and user-created Tasker tasks, and (where applyable) pass it parameters. For details, please see the corresponding page on the project site.
TRANSMIT_IR	Use IR Transmitter	Effects on Battery Life	no	0		Allows using the device's IR transmitter, if available. Useful for infrared remote controls.
UNINSTALL_SHORTCUT	Uninstall shortcuts		no	0		Allows an application to uninstall a shortcut in Launcher (Homescreen). See INSTALL_SHORTCUT.
UPDATE_APP_OPS_STATS	modify app ops statistics	System Tools	sy	0		Enables an app to change collected application operation statistics. Not for use by normal apps. Also see: GET_APP_OPS_STATS.
UPDATE_DEVICE_STATS	Update device statistics	System Tools	sy	0		Allows an application to update device statistics. Not for use by third party apps.
USE_BIOMETRIC	Allows an app to use device supported biometric modalities.	Sensors	no	0		Starting with Android 9, this replaces USE_FINGERPRINT. Apart from supporting additional sensors (if the device has them, e.g. face or iris scanners), the corresponding API also comes with the corresponding graphical dialogs.
USE_CREDENTIALS	Use accounts on the device	Accounts	da	0		Allows an application to request authtokens from the AccountManager. This app may use the "credentials" to log into an account. In most cases, "credentials" just means the corresponding authenticator creates a fitting token and hands that over (though, how to deal with that is left to the authenticator). When using an account for the first time, the Account Manager should make sure the user is asked whether he permits this. For details, see e.g. this Stack Exchange post.
USE_EXACT_ALARM	Schedule alarms or event reminders	Device Alarms	no	0		Allows apps to use exact alarms just like with SCHEDULE_EXACT_ALARM but without needing to request this permission from the user. This is only intended for use by apps that rely on exact alarms for their core functionality. Other apps should continue using SCHEDULE_EXACT_ALARM if they need exact alarms for a secondary feature that users may or may not use within the app. Available since Android 13.
USE_FINGERPRINT	Allows an app to use fingerprint hardware.	Sensors	no	0		Allows an app to use fingerprint hardware, but does not give the requesting app access to the enrollment/fingerprint administration flow.
USE_FULL_SCREEN_INTENT	use full screen intents	Display	no	0		Starting with Android 10, apps should now longer „go fullscreen“ without asking the user’s permission – which is done via a notification the user is free to ignore. If an app that targets Android 10 or higher attempts to create such a notification with a fullscreen intent without requesting this permission, the system ignores the fullscreen intent entirely (except for producing an error message in the logs).
USE_SIP	Make/receive Internet calls	Phone Calls	da	0	2-3	Use SIP for internet telephony.
USES_POLICY_FORCE_LOCK	Immediately lock the screen	Screenlock		0		Make the device lock immediately, as if the lock screen timeout has expired – but also limit the maximum lock timeout for the device. The "POLICY" part suggests a device manager.
vending.BILLING	In-app billing	Cause costs	da	1		This permission is of very high importance. It allows an application to directly bill you for services through Google Play. Users will be required to confirm any purchase made however this is potentially costly. Users should beware of games and other free apps with in-app billing. As long as you´ve applied secure settings for purchases (e.g. asking for your password on each and every purchase), there should be no danger applied to this permission.
vending.CHECK_LICENSE	Google Play License check	Network	no	2	0	Needed to verify the validity of the app's license against Google services. Should only be found with paid apps, but poses no risk with others either. Is not provided by Android itself but by the Google Play Store App.
VIBRATE	Control vibration	Effects on Battery Life	no	0	0	Allows access to the vibrator. As it states, this permission lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
WAKE_LOCK	Prevent device from sleeping	Effects on Battery Life	no	0	0	Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming. Useful e.g. for navigation apps, to keep device and screen on without the user needing to tap it every minute. Of course this has strong effects on battery endurance, especially when used frequently.
WRITE_APN_SETTINGS	Change/intercept network settings and traffic	System Tools	sy	0		Allows an application to change network settings and to intercept and inspect all network traffic, for example to change the proxy and port of any APN. Malicious applications could monitor, redirect or modify network packets without your knowledge. Used by apps like APNDroid to change the name of the APN in order to (temporarily) prevent the device using it. A malicious app theoretically could use it to connect you to a different carrier. Not for use by third-party applications.
WRITE_CALENDAR	Add or modify calendar events and send email to guests without owners	Personal Information	da	0	2	Allows an application to write (but not read) the user's calendar data. Apps using this permission can add calendar events, but not read them. So as long as the READ_CALENDAR permission is not requested along, risk should be moderate. However, a malicious app can cause a lot of confusion if you suddenly find a lot of calendar alerts in your notification bar.
WRITE_CALL_LOG	Write call log	Personal Information	da	0	2	Allows the app to modify your phone's call log, including data about incoming and outgoing calls. Malicious apps may use this to erase or modify your call log. This permission is not much of a danger by itself, but rather could be used to hide other malicious behavoir (e.g. by hiding „secret calls“ to premium numbers). However it has a legitimate purpose for dialer replacements or voice over IP apps (like Google Voice).
WRITE_CONTACTS	Modify your contacts	Personal Information	da	0	2	Allows an application to write (but not read) the user's contacts data. This includes the possibility to change data related to contacts, like how often a contact was called or sent mails to. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps. Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps. See also WRITE_CALENDAR.
WRITE_EXTERNAL_STORAGE	Modify or delete the contents of your USB storage	Storage	da	0	2	Allows an application to write to external storage. This will allow applications to read, write, and delete anything stored on your phone's SD card. This includes pictures, videos, mp3s, documents and even data written to your SD card by other applications. However, there are many legitimate uses for this permission. Many people want their applications to store data on the SD card, and any application that stores information on the SD card will need this permission unless they restrict themselves to their app specific directory provided by the system. Applications that typically need this permission include (but are not limited to) camera applications, audio/video applications, document applications. Warning: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT and you may not even be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column. Note: while later Android versions introduced WRITE_MEDIA_STORAGE, up to Android 9 this permission is still needed if an app wants to write media files (e.g. photos in DCIM/).
WRITE_GMAIL	Modify Gmail	Messages	da	1		Permits an app to change your E-Mails in Google Mail. This includes sending and deleting. Assigned protection level differs between devices (dangerous/signature)
WRITE_GSERVICES	Modify Google service configuration	Accounts	sy	1		Allows an application to modify the Google service map. Not for use by third-party applications. See also: READ_GSERVICES.
WRITE_HISTORY_BOOKMARKS	Write web bookmarks and history	Personal Information	da	0	2-3	Allows an application to write (but not read) the user's browsing history and bookmarks. Browsing habits are often tracked through regular computers, but with this permission you'd be giving access to more than just browsing habits. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps.
WRITE_MEDIA_STORAGE	Modify/delete internal media storage contents	Storage	sy	0	0	Allows an application to modify the contents of the internal media storage.
WRITE_OWNER_DATA	Write Owner data	Personal Information	da	0		Write/change owner data. The API reference not only gives no closer information, but not even mentions the permission at all. A guess is it refers to the owner data one can place on the lock screen.
WRITE_PROFILE	Modify your own contact card	Personal Information	da	0	1-3	This a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile. It's the counter-part to READ_PROFILE.
WRITE_SECURE_SETTINGS	Modify secure system settings	Development Tools	dv	0	4	Allows an application to read or write the secure system settings. This permission should only be seen on Android system apps (and possibly wireless carriers or hardware manufacturer pre-installed apps).
WRITE_SETTINGS	Modify system settings	System Tools	sy	0	1-3	Allows an application to read or write the system settings. Global settings are pretty much anything you would find under Android's main 'settings' window. However, a lot of these settings may be perfectly reasonable for an application to change. Typical applications that use this include: volume control widgets, notification widgets, settings widgets, Wi-Fi utilities, or GPS utilities. Most apps needing this permission will fall under the "widget" or "utility" categories/types.
WRITE_SMS	Edit your text messages (SMS or MMS)	Messages	da	0	3	Allows an application to write SMS messages. This permission appears to be an offshoot from the "send SMS" permission. This should allow an app to write, but not send an SMS message. Users should still be cautious of this permission however. Many kinds of malware lure users into sending SMS to special for-pay numbers costing them money.
WRITE_SOCIAL_STREAM	Write to your social stream	Social Information	da	0		Allows an application to write (but not read) the user's social stream data. Malware could use this to spread messages on behalf of the user.
WRITE_SYNC_SETTINGS	Toggle sync on and off	Sync settings	da	0	1-2	Allows applications to write the sync settings. This permission relates to backup and sync of certain types of information like contacts. It allows an app to write settings for how that account and the data are sync and backed up. This is a common permission for social services or contact managers or any other type of app with an account associated with it. Alone, this permission doesn't allow an app access to contacts or other sensitive data. Rather, it just relates to how that data is backed up. Nevertheless, care should be taken as always.
WRITE_USER_DICTIONARY	Add words to user-defined dictionary	User Dictionary	no	0		Allows an application to write to the user dictionary. This alows an app to add custom words to your user dictionary, so auto-correction will consider it the next time you type it. See also READ_USER_DICTIONARY.

Sources: Android Developers, OWASP, Github, Stack Exchange, RuperTrawnsley's Blog, Android Cross Reference, AndroidPermissions.COM, AOSP Perms & PermDescs, MobilSicher

Further Readings on this topic:

• Use Permissions to Secure Your Private Data from Android Apps (7/2010, update 10/2019)
  explains permissions, including example usages and risks
• What Can a Zero-Permissions Android App Do? (4/2012)
• A sum-up at Stack Exchange (4/2013)
• Android 4.1.1r1 Manifest
  (XML of the Manifest file from Android 4.1.1r1, with definitions for known permissions)
• API-Level 16 strings.xml
  (Android 4.1/4.1.1; see API-Levels)
• strings.xml der jeweils aktuellen Android-Version: DE | EN