Namespaces act as a container for grouping together permissions with a common theme or purpose. They also prevent conflicts when multiple apps want
to use the same permission name.
The android.permission namespace holds all of the permissions defined by the Android operating system. It is not intended to be a
general use container for all permissions.
Defining permissions in the android.permission namespace increases the risk of a permission name collision. The collision could be due
to a new Android system permission, or it could be due to another app using the same permission name.
What is the potential impact?
Below are some examples of the problems caused by a collision of Android permission names.
App installations may fail
Android will not allow multiple apps to define the same permission unless they are signed with the same key. This will be checked during when an
app is installed or upgraded, and can cause the installation to fail with an INSTALL_FAILED_DUPLICATE_PERMISSION error.
If the permission name collision is with an Android system permission, your app will no longer be allowed to install or upgrade.
If the permission name collision is with another app, only one of the apps can be installed at a time. The presence of either app on the device
will prevent the other app from being installed.
Unexpected permission grants
Permissions can be restricted so that they are only granted to apps signed with the same key. This allows apps from the same developer to work
together but doesn’t expose that functionality to other apps.
When an app is granted a permission, that grant exists for as long as the app is installed. It remains in place even if the app that defined the
permission is removed.
If your app reuses a permission that had previously been defined, any apps that retain the that permission will be able to bypass the signing key
check.
