Android 6.0
multiple permissions
app security
Android development
user privacy

Android 6.0 multiple permissions

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

Introduction

Android 6.0, known colloquially as Android Marshmallow, introduced a significant upgrade in application security and user control with its revamped permissions model. Before Marshmallow, users had to grant all requested permissions at the time of app installation. However, this all-or-nothing approach often led to users either blindly accepting all permissions or refusing to install apps altogether. Marshmallow's permission model ushered in an era of granular control, allowing users to manage permissions individually and dynamically.

Granular Permissions Model

Runtime Permissions

Android 6.0 shifted from install-time permissions to runtime permissions. This means that apps now request permissions dynamically at runtime, enabling users to make more informed decisions based on the app's context of use. For instance, a camera app will only ask for camera access when the user tries to take a picture.

Categories of Permissions

The permissions in Android are categorized into two types:

  1. Normal Permissions: These permissions have minimal risk to the user's privacy or operation of other apps. Examples include setting the time zone and connecting to paired Bluetooth devices. They are granted by default during installation.
  2. Dangerous Permissions: These permissions have more significant implications on a user's privacy and could potentially affect system data or other apps. Examples include access to the internet, contacts, or microphone. They are not granted by default and must be requested at runtime.

Handling Permission Requests

  • Requesting Permissions: Developers request permissions by using the requestPermissions() method. For example:
java
  ActivityCompat.requestPermissions(this,
        new String[]{Manifest.permission.READ_CONTACTS},
        REQUEST_CODE_READ_CONTACTS);
  • Checking Permissions: Before requesting a permission, it's prudent to check whether it’s already been granted using checkSelfPermission(). This helps in avoiding unnecessary requests:
java
1  if (ContextCompat.checkSelfPermission(this,
2        Manifest.permission.READ_CONTACTS)
3        != PackageManager.PERMISSION_GRANTED) {
4        
5      // Permission is not granted
6  }
  • Handling Permission Results: Override onRequestPermissionsResult() to handle the user's response:
java
1  @Override
2  public void onRequestPermissionsResult(int requestCode,
3                                         String permissions[], int[] grantResults) {
4      switch (requestCode) {
5          case REQUEST_CODE_READ_CONTACTS: {
6              if (grantResults.length > 0
7                  && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
8                  // Permission granted
9              } else {
10                  // Permission denied
11              }
12              return;
13          }
14      }
15  }

Advantages of the New Model

  • User Trust: By allowing users to grant permissions on a needed basis rather than up-front, the new model empowers users and helps in building trust.
  • Security: Minimizing granted permissions reduces the attack surface of the app, improving security.
  • Compatibility: Since the model is part of Android Support Library, existing apps targeting older Android versions can benefit without altering their minimum API level.

Key Changes Overview

FeaturePre-Android 6.0Android 6.0 and Above
Permission Granting ModelInstall-timeRuntime
Request TimingAt installationDynamic, as needed
User ControlLimitedGranular
Permission ClassificationNot Clearly CategorizedNormal, Dangerous
Backwards CompatibilityNot AvailableAvailable through Support Library
FlexibilityInflexibleFlexible

Additional Considerations

Permission Groups

Android clusters permissions into groups, which allows users to overview similar permission requests at once. Granting permission to a group allows access to all permissions within that group. However, revoking once granted permission affects entire group permissions as well.

Auto-Grant for Target APIs Below 23

For apps targeting API levels below 23, Android grants all permissions at install time for compatibility. However, once the targetSdkVersion is set to 23 or higher, runtime permissions apply.

Recommendations for Developers

  • Educate Users: Provide clear explanations for why permissions are needed using rationale dialogs.
  • Graceful Handling: Prepare for cases when permissions are not granted. The app should inform users of the limited functionality gracefully.

Conclusion

Android 6.0's permission model represents a pivotal change in how users interact with applications concerning their privacy and security. This model gives users much-needed control while also pushing developers to adopt best practices that consider user privacy as paramount. The shift to runtime permissions is undoubtedly a step forward in the evolution of mobile platforms, prioritizing user autonomy and security.


Course illustration
Course illustration

All Rights Reserved.