iDifferent types of permissions in android

Sandeep Kella
2 min readApr 8, 2024

--

1. Normal Permissions

  • Granted at Installation: Users grant these permissions during app installation.
  • Relatively Low Risk: These permissions generally don’t pose a significant risk to the user’s privacy or the device’s operation.
  • Examples:
  • ACCESS_NETWORK_STATE (view network connections)
  • INTERNET (access the internet)
  • READ_EXTERNAL_STORAGE (read from external storage)

2. Dangerous Permissions

  • User Authorization at Runtime: Users must explicitly grant these permissions when the app requests them at runtime (Android 6.0 and above).
  • Potential Privacy/Security Impacts: Dangerous permissions could allow access to sensitive data or system functionalities.
  • Examples:
  • ACCESS_FINE_LOCATION (get precise location)
  • READ_CONTACTS (read user's contacts)
  • RECORD_AUDIO (record audio)
  • CAMERA (access the camera)

3. Special Permissions

  • Higher Restriction Level: These permissions have stricter requirements and may not be granted to all apps.
  • Examples:
  • SYSTEM_ALERT_WINDOW (Draw over other apps)
  • BIND_NOTIFICATION_LISTENER_SERVICE (Access to notifications)

4. Signature Permissions

  • Granted to Apps Signed with the Same Key: Apps signed with the same digital certificate can share signature-level permissions.
  • Custom Permissions Defined by the Developer: You can create your own signature permissions to enforce access control between your apps.

5. SignatureOrSystem Permissions

  • Similar to Signature Permissions: Apps signed with the same key grant the permission.
  • Exception for System Apps: Additionally, apps signed with the platform key (system apps) are also granted the permission.

Important Things to Note

  • Manifest Declaration: Apps must declare the permissions they need in their AndroidManifest.xml file.
  • Runtime Requests: For dangerous permissions (Android 6.0 or higher), apps must request them from the user at runtime, even if declared in the manifest.
  • Permission Groups: Some dangerous permissions are grouped together. Requesting one permission in a group may implicitly grant the others in that group.
  • Checking Permissions: Use ContextCompat.checkSelfPermission() to check if your app has already been granted a specific permission.

Best Practices

  • Request the Minimum: Only request the permissions essential for your app’s core functionality.
  • Provide Transparency: Explain to users why your app requires specific permissions.
  • Handle Permission Denial Gracefully: Your app should function (with perhaps limited features) even if a user denies certain permissions.

Resources

--

--

Sandeep Kella

Android developer @PhonePe, writes about Android development and productivity.