Android - Permission

> Android

1 - About

Applications statically declare the permissions they require, and the Android system prompts the user for consent.

By default, applications in Android are sandboxed. This means they have their own username, run on their own instance of the virtual machine, and manage their own personal and private files and memory. Therefore, to have applications interact with other applications or the phone, you must request permission to do so.

Permissions are declared in the AndroidManifest.xml and are needed for your app to do things like:

  • access the internet,
  • send an SMS
  • or look at the phone’s contacts.
Advertising

3 - Management

To make use of protected features of the device, you must include one or more <uses-permission> tags in your app manifest.

SMS, Internet Example

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.android.app.myapp" >
    <uses-permission android:name="android.permission.RECEIVE_SMS" />
    <uses-permission android:name="android.permission.INTERNET" />
    ...
</manifest>

4 - Model

In Android M (Marshmallow), Google introduced a new model of permissions. The big difference is the introduction of runtime permissions. With Android M, the user doesn't choose to grant permissions at install time. Instead, the user is prompted for the permission when the application needs to use it. The application can choose to prompt the user for multiple permissions at once, and can add a justification for why the permission is needed.

In order to avoid overloading the user with permission choices, Android has added Permission Groups. With permission groups, users say yes or no to a group of permissions, rather than individual permissions. For instance, rather than prompting the user for both the ability to send a text message and the ability to receive a text message, when we ask for the SEND_SMS permission, the user is prompted to give our app access to SMS generally.

A user could say no. It will be your job to check whether the user granted the permission so you can gracefully handle the case where they did not. In the new system, your app is not notified when a permission is revoked, so you'll always need to check with the system, using the Context.checkSelfPermission() method.

5 - Documentation / Reference