iDifferent types of permissions in android
2 min readApr 8, 2024
1. Normal Permissions
- Granted at Installation: Users grant these permissions during app installation.
- Relatively Low Risk: These permissions generally don’t pose a significant risk to the user’s privacy or the device’s operation.
- Examples:
ACCESS_NETWORK_STATE
(view network connections)INTERNET
(access the internet)READ_EXTERNAL_STORAGE
(read from external storage)
2. Dangerous Permissions
- User Authorization at Runtime: Users must explicitly grant these permissions when the app requests them at runtime (Android 6.0 and above).
- Potential Privacy/Security Impacts: Dangerous permissions could allow access to sensitive data or system functionalities.
- Examples:
ACCESS_FINE_LOCATION
(get precise location)READ_CONTACTS
(read user's contacts)RECORD_AUDIO
(record audio)CAMERA
(access the camera)
3. Special Permissions
- Higher Restriction Level: These permissions have stricter requirements and may not be granted to all apps.
- Examples:
SYSTEM_ALERT_WINDOW
(Draw over other apps)BIND_NOTIFICATION_LISTENER_SERVICE
(Access to notifications)
4. Signature Permissions
- Granted to Apps Signed with the Same Key: Apps signed with the same digital certificate can share signature-level permissions.
- Custom Permissions Defined by the Developer: You can create your own signature permissions to enforce access control between your apps.
5. SignatureOrSystem Permissions
- Similar to Signature Permissions: Apps signed with the same key grant the permission.
- Exception for System Apps: Additionally, apps signed with the platform key (system apps) are also granted the permission.
Important Things to Note
- Manifest Declaration: Apps must declare the permissions they need in their
AndroidManifest.xml
file. - Runtime Requests: For dangerous permissions (Android 6.0 or higher), apps must request them from the user at runtime, even if declared in the manifest.
- Permission Groups: Some dangerous permissions are grouped together. Requesting one permission in a group may implicitly grant the others in that group.
- Checking Permissions: Use
ContextCompat.checkSelfPermission()
to check if your app has already been granted a specific permission.
Best Practices
- Request the Minimum: Only request the permissions essential for your app’s core functionality.
- Provide Transparency: Explain to users why your app requires specific permissions.
- Handle Permission Denial Gracefully: Your app should function (with perhaps limited features) even if a user denies certain permissions.
Resources
- Official Android Documentation: https://developer.android.com/guide/topics/permissions/overview