Android 6.0（Marshmallow）正式發布，怎樣解讀 API 的新變化？

01-08

鏈接: Behavior Changes | Android Developers

轉個帖，裡面都是乾貨：

http://commonsware.com/blog/2015/08/17/random-musings-android-6p0-sdk.html

看了一下許可權管理（https://developer.android.com/preview/features/runtime-permissions.html）：

For example, suppose an app lists in its manifest that it needs the SEND_SMS and RECEIVE_SMS permissions, which both belong to android.permission-group.SMS. When the app needs to send a message, it requests the SEND_SMS permission. The system shows the user a dialog box asking if the app can have access to SMS. If the user agrees, the system grants the app the SEND_SMS permission it requested. Later, the app requestsRECEIVE_SMS. The system automatically grants this permission, since the user had already approved a permission in the same permission group.

要允許app發簡訊，就得自動允許它收簡訊。感覺不太對吧...

android.permission-group.STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.WRITE_EXTERNAL_STORAGE

讀寫sd卡也在一組。要想用某個app查看sd卡上一個文件，就必須允許它讀你全部的照片，修改你sd卡上任何文件...

總的來說，Android許可權系統的設計者要麼沒怎麼讀過capability-based security的文獻，要麼基本無視了最小許可權原則（principle of least privilege）。就像是boss只吩咐了一句「要使用capability-based security」，然後下面的人搞了個徒具其形，有所有的麻煩而基本沒有獲得安全的許可權系統。

If an app does not target the M Developer Preview, the app continues to use the old permissions model even on M Preview devices. When the user installs the app, the system asks the user to grant all permissions listed in the app"s manifest.

國產流氓app們估計永遠不會target 6.0吧...

Note: On devices running the M Developer Preview, a user can turn off permissions for any app (including legacy apps) from the app"s Settings screen. If a user turns off permissions for a legacy app, the system silently disables the appropriate functionality. When the app attempts to perform an operation that requires that permission, the operation will not necessarily cause an exception. Instead, it might return an empty data set, signal an error, or otherwise exhibit unexpected behavior. For example, if you query a calendar without permission, the method returns an empty data set.

對於舊app，關閉許可權的效果與各種國產ROM，各種管家，Xposed XPrivacy相同。這也是兼容性比較好的方式。

我們再看看系統自動授權的PROTECTION_NORMAL級別有哪些許可權：

android.permission.INTERNET
android.permission.RECEIVE_BOOT_COMPLETED

android.permission.WAKE_LOCK

和後台啟動/廣告相關的許可權不允許用戶關閉（第三方工具一般可以關閉）。這也是Google一貫的態度。

能不能基於最新的MIUI7開發，6都發布一年了。強烈建議添加應用安裝數量許可權，不然怎麼實現1GB流暢。

然而並沒有什麼用，MIUI都7.0了，android還是落後一個版本

作為消費者，最期待的就是更加精確的許可權管理了。

現在的安卓，什麼阿貓阿狗都要你的通訊錄。

Apache的HttpClient去掉了

OpenSSL去掉了

幀動畫不能用了為啥？

android6.0版本的廣播不能用，不知為什麼，求指教啊

作為6.0的測試人員，在初次使用時會無比痛苦煩躁。

5.0都沒用上就6.0了