[Q] Android Permissions - Protection Level
I am analysing Apps and their permission usage. I'm only interested in the permissions defined by the Android OS itself. I want to define following trust level to apps using permissions.
Trust level 0 - normal permissions
Trust level 1 - dangerous permissions
Trust level 2 - signature|system permissions
Trust level 3 - signature permissions
A high trust level means more dangerous permission usage. But I think there is a problem:
Only apps which are signed with the same key as the android os can use signature-level permissions.So one might develop a malware app which uses a signature permission but the app cannot use this permission. For an app using signature|system-level permissions it is easier to cause damage because a user might use this app while his smartphone is rooted.
So what do you think. Does my Trust level rating make sense? Or does someone propose another metric?