Android 6.0 multiple permissions
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
Android 6.0, known colloquially as Android Marshmallow, introduced a significant upgrade in application security and user control with its revamped permissions model. Before Marshmallow, users had to grant all requested permissions at the time of app installation. However, this all-or-nothing approach often led to users either blindly accepting all permissions or refusing to install apps altogether. Marshmallow's permission model ushered in an era of granular control, allowing users to manage permissions individually and dynamically.
Granular Permissions Model
Runtime Permissions
Android 6.0 shifted from install-time permissions to runtime permissions. This means that apps now request permissions dynamically at runtime, enabling users to make more informed decisions based on the app's context of use. For instance, a camera app will only ask for camera access when the user tries to take a picture.
Categories of Permissions
The permissions in Android are categorized into two types:
- Normal Permissions: These permissions have minimal risk to the user's privacy or operation of other apps. Examples include setting the time zone and connecting to paired Bluetooth devices. They are granted by default during installation.
- Dangerous Permissions: These permissions have more significant implications on a user's privacy and could potentially affect system data or other apps. Examples include access to the internet, contacts, or microphone. They are not granted by default and must be requested at runtime.
Handling Permission Requests
- Requesting Permissions: Developers request permissions by using the
requestPermissions()method. For example:
- Checking Permissions: Before requesting a permission, it's prudent to check whether it’s already been granted using
checkSelfPermission(). This helps in avoiding unnecessary requests:
- Handling Permission Results: Override
onRequestPermissionsResult()to handle the user's response:
Advantages of the New Model
- User Trust: By allowing users to grant permissions on a needed basis rather than up-front, the new model empowers users and helps in building trust.
- Security: Minimizing granted permissions reduces the attack surface of the app, improving security.
- Compatibility: Since the model is part of Android Support Library, existing apps targeting older Android versions can benefit without altering their minimum API level.
Key Changes Overview
| Feature | Pre-Android 6.0 | Android 6.0 and Above |
| Permission Granting Model | Install-time | Runtime |
| Request Timing | At installation | Dynamic, as needed |
| User Control | Limited | Granular |
| Permission Classification | Not Clearly Categorized | Normal, Dangerous |
| Backwards Compatibility | Not Available | Available through Support Library |
| Flexibility | Inflexible | Flexible |
Additional Considerations
Permission Groups
Android clusters permissions into groups, which allows users to overview similar permission requests at once. Granting permission to a group allows access to all permissions within that group. However, revoking once granted permission affects entire group permissions as well.
Auto-Grant for Target APIs Below 23
For apps targeting API levels below 23, Android grants all permissions at install time for compatibility. However, once the targetSdkVersion is set to 23 or higher, runtime permissions apply.
Recommendations for Developers
- Educate Users: Provide clear explanations for why permissions are needed using rationale dialogs.
- Graceful Handling: Prepare for cases when permissions are not granted. The app should inform users of the limited functionality gracefully.
Conclusion
Android 6.0's permission model represents a pivotal change in how users interact with applications concerning their privacy and security. This model gives users much-needed control while also pushing developers to adopt best practices that consider user privacy as paramount. The shift to runtime permissions is undoubtedly a step forward in the evolution of mobile platforms, prioritizing user autonomy and security.

