Ever notice when installing an app from the Google Play Store, a dialog box pops up showing the various permissions that need to be granted by the user for the app to function?
These dialogs can prove to be a little frightening at times as users can be left scratching their heads as to why a simple flashlight app requires access to their contacts, microphone and camera.
Many apps request permissions in an honest manner, i.e. they require these permissions to do their jobs and would otherwise not function properly without them. Some apps however have a far more nefarious purpose by requesting permissions they don’t actually need. This usually stems from an intent by the app’s developer to data mine the user’s contacts, location data and even activate the phone’s microphone or GPS.
With Android 6.0 Marshmallow, Google has completely revamped the permissions system and brought it much more in line with what currently exists on Apple’s iOS. The new Android permissions system does not request for permissions to be granted when the app is installed, instead it requests permissions as and when they are required by the app at runtime. This is fantastic news for Android users from a security standpoint!
As noted by the Android Developers blog,
“Runtime permissions give your app the ability to control when and with what context you’ll ask for permissions. This means that users installing your app from Google Play will not be required to accept a list of permissions before installing your app, making it easy for users to get directly into your app. It also means that if your app adds new permissions, app updates will not be blocked until the user accepts the new permissions. Instead, your app can ask for the newly added runtime permissions as needed.”
Here’s an example of Google Hangouts asking for permission to send/view SMS messages
This change is a massive win for Android users. Users can now be confident knowing what their apps are actually doing and whether they are attempting to do something shady. For instance, an app that finds nearby pubs will now request the GPS permission when the user chooses to search for pubs. As a user, one can either approve or deny this request and have Android remember this choice. Alternatively, users can allow/deny permissions on a case by case basis without using the ‘never ask again’ feature.
The update to the permissions system requires mindfulness from developers to ensure apps function correctly. Apps using targetSDKVersion 23 or higher will need to contain code to handle the new runtime permissions system.
For example, apps must now handle instances where a permission required for a certain app is not granted at runtime or denied after being initially granted. Developers must also ensure they have code in place to present a dialog box to either allow or deny the permission. In such a case, the app must handle the user’s response appropriately to avoid throwing an exception and causing the app to crash.
The new runtime permissions system is a big win for Android users. It’s up to developers to ensure their apps are updated and work with the new system appropriately and implement graceful degradation when a permission is not granted by the user.
Despite requiring a little more effort from developers to implement properly, the new runtime permissions system can build more trust between developers and users. There is much more transparency when an app requests a permission to be granted at runtime than there was with the previous permissions system.
For more technical information on the new permissions system, refer to the Android Developer documentation found here.
BUILD YOUR APP THE RIGHT WAY!
Most businesses make the SAME MISTAKES again and again... when building their apps.
They end up wasting HUGE amounts of TIME and MONEY!
We've identified 5 key factors that will give you the greatest chance of SUCCESS with your app. This is the advice we give our clients before starting work on their app.
Download our FREE report and lets get started!
We promise to not use your email for spam!