Permissions
The Android sandboxing system alienates applications from each other. This means that the applications must explicitly share resources through the use of permissions. In order to access the additional capabilities, we need to declare the permissions that we require in our manifest, and these permissions must be accepted by the user after installation.
If our application does not have access to many permissions, it reduces the vulnerabilities that may affect our application. When developing the application, we should always try to request as few permissions as possible. For example, try to store data locally instead of asking for a permission for external storage. If it is not possible, we can obviously request permissions but we should address the vulnerabilities that these permissions can lead to.
If the system-defined permissions are not enough, we can create our own permission to use, which will be defined and will require other entities to ask for permission when required....