...
Granting ReflectPermission on the target suppressAccessChecks suppresses all standard Java language access checks when the permitted class attempts to operate on package-private, protected, or private members of another class. Consequently, the permitted class can obtain permissions to examine any field or invoke any method belonging to an arbitrary class [Reflect 2006]. As a result, ReflectPermission must never be granted with target suppressAccessChecks.
According to the technical note Permissions in the Java SE 6 Development Kit [Permissions 2008], Section ReflectPermission, target suppressAccessChecks:
...
Permissions in the Java SE 6 Development Kit [Permissions 2008] states:
This is an extremely dangerous permission to grant. Malicious applications that can instantiate their own class loaders could then load their own rogue classes into the system. These newly loaded classes could be placed into any protection domain by the class loader, thereby automatically granting the classes the permissions for that domain.
...
The java.security package exists on Android for compatibility purposes only and it should not be used. Android uses another permission mechanism for security purposes.
Bibliography
[API 2006] | |
| |
Section 2.5, Reflection | |
Section | |
Security Architecture, Section |
...