Android SDK version 23 onwards, we have to handle runtime permissions in android to access some of the protected features or modules for the purpose of privacy.
Let’s understand the types of permissions in Android App.
1. Normal Permissions:
Such permissions are not a risk to the user’s privacy, so we don’t have to ask users to approve it. Just declaring the permission in the Manifest file is enough. For example, Internet Permission.
2. Signature Permissions:
Signature permissions are permissions with the protection level of “signature”. For more information, please refer to the official documentation.
3. Runtime Permissions:
These permissions allow android apps to access restricted features or content. Moreover, it risks the user’s privacy, so for such permissions, the application has to ask for the user’s permission at runtime.
We will be focusing more on Runtime Permissions.
Tech Stack, We’re Using: Android, Kotlin
Tools We’re Using: Android Studio
Why it is important?
- Runtime Permission is a way to curtail the privacy issues faced by users in recent years.
- It is mandatory for accessing some of the core features of Android, for example, taking a picture using the device camera, for which the “camera permission” is required from the user.
- Using some feature for which “runtime permission” is required, the application might crash if the permission is not handled in the proper way.
- Provides User Privacy.
- The standard way to tell users the device features we are accessing.
- Its UI is device-specific and managed by OS.
How Does it Work?
1. Declare Permission in the Manifest File:
Firstly, we should declare the permissions we want to take in the Manifest file. For Example, if our application wants to use the Camera, then “android.permission.CAMERA” permission should be declared in the manifest file as shown below.
<?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" package="com.test"> <uses-permission android:name="android.permission.CAMERA" /> <!-- Some other code--> </manifest>
2. Checking for the permission in App:
After declaring the permission in Manifest, we can check and ask for that permission in our app code.
The below code snippet checks if the permission is granted or not.
ContextCompat.checkSelfPermission( context, permission )
Here, context is a Context instance. Permission in static final string ex. Manifest.permission.CAMERA
If this method returns false, then we need to check if the user has denied the permission.
The below code snippet checks if the permission is denied or not.
Here, the parameters are the same as in the previous method.
If this method returns true, then we should show some dialog to the user that he/she had denied some permission and navigate the user to app settings.
On the other hand, if the method returns false, then it means that the permission is not requested yet. In this case, we should ask the permission of the user.
3. Requesting permission in App:
The below snippet is used for requesting the permission of the user.
ActivityCompat.requestPermissions( context, permissions.toTypedArray(), permissionsRequestCode )
context -Context instance.
permissions -ArrayList of Permissions.
permissionRequestCode – Request Code which is required for requesting permissions.
Done. This is all code required for asking runtime permissions in Android.
4. Special Cases:
i. Access background location permission:
For accessing the user’s location information in the background, we have to ask for ACCESS_BACKGROUND_LOCATION permission. This permission was introduced in Android 10.
This permission is also required for scanning BLE devices when the app is in the background or killed.
Getting this permission is a little tricky. For asking this permission, first we have to ask for ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION. Once a user allows these two permissions, then only the app can request ACCESS_BACKGROUND_LOCATION permission.
i. Not showing the user information Dialog:
You must show the user why you are accessing the background location. It should follow google standards. If you don’t do this, then Google will reject your application. For more on this, kindly check the link here. – Reference
ii. Asking for all location permissions at once.
If you will ask all 3 location permissions at once then background permission will not be asked.
First ask ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION is one array.
When a user grants these two permissions, which you can check from onRequestPermissionsResult, then you can request for ACCESS_BACKGROUND_LOCATION permission.
iii. shouldShowRequestPermissionRationale method returning false for background permission even on the first time.
In some devices, the shouldShowRequestPermissionRationale method will return false even the first time asking the ACCESS_BACKGROUND_LOCATION permission. So for that, we should show the permission denied dialog and navigate the user to the Settings screen for approving background location permission.
Moreover, you have to make a video of your application to show the usage of background location permission. Also, you have to submit the youtube URL for the same video in the play console(Sensitive permissions and APIs).
Runtime permission is a way to access restricted features of Android devices. Though it seems like a lot, it is better for the user’s privacy and security.
In that case, no dialog will be shown to the user. Also, there will be no error message or any crash. Nothing will happen on requesting permission.
Yes, but this is not the right approach. If some permission is not used by your application then you should not ask the user. This can lead to more negative reviews about your application.
No. This is only required for the permissions falling in the category of runtime permissions. For example, although we have to declare <uses-permission android:name=”android.permission.INTERNET” /> to access the internet, we don’t have to check or ask for it.