As shown in the following screenshot, any Android application must be granted permissions to access sensitive functionality—such as the internet, dialer, and so on—by the user. This provides an opportunity for the user to know in advance which functionality on the device is being accessed by the application. Simply put, it requires the user's permission to perform any kind of malicious activity (stealing data, compromising the system, and so on).

This model helps the user to prevent attacks, but if the user is unaware and gives away a lot of permissions, it leaves them in trouble (remember—when it comes to installing malware on any device, the weakest link is always the user).

Until Android ...