How to Handle Runtime Permissions in Android Application?

Introduction

Android SDK version 23 onwards, we have to handle runtime permissions in android to access some of the protected features or modules for the purpose of privacy.

Let’s understand the types of permissions in Android App.

1. Normal Permissions: 

Such permissions are not a risk to the user’s privacy, so we don’t have to ask users to approve it. Just declaring the permission in the Manifest file is enough. For example, Internet Permission.

2. Signature Permissions:

Signature permissions are permissions with the protection level of “signature”. For more information, please refer to the official documentation.

3. Runtime Permissions: 

These permissions allow android apps to access restricted features or content. Moreover, it risks the user’s privacy, so for such permissions, the application has to ask for the user’s permission at runtime.

We will be focusing more on Runtime Permissions.

Tech Stack, We’re Using:  Android, Kotlin

Tools We’re Using:  Android Studio

Why it is important?

• Runtime Permission is a way to curtail the privacy issues faced by users in recent years. 
• It is mandatory for accessing some of the core features of Android, for example, taking a picture using the device camera, for which the “camera permission” is required from the user. 
• Using some feature for which “runtime permission” is required, the application might crash if the permission is not handled in the proper way.

Features

• Provides User Privacy.
• The standard way to tell users the device features we are accessing.
• Its UI is device-specific and managed by OS.

How Does it Work?

1. Declare Permission in the Manifest File:

Firstly, we should declare the permissions we want to take in the Manifest file. For Example, if our application wants to use the Camera, then “android.permission.CAMERA” permission should be declared in the manifest file as shown below.

Code Snippet:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
   xmlns:tools="http://schemas.android.com/tools"
   package="com.test">

   <uses-permission android:name="android.permission.CAMERA" />
   <!--    Some other code-->
</manifest>

2. Checking for the permission in App:

After declaring the permission in Manifest, we can check and ask for that permission in our app code.

The below code snippet checks if the permission is granted or not.

Code Snippet:

ContextCompat.checkSelfPermission(
   context,
   permission
)

Here, context is a Context instance. Permission in static final string ex. Manifest.permission.CAMERA

If this method returns false, then we need to check if the user has denied the permission.

The below code snippet checks if the permission is denied or not.

Code Snippet:

ActivityCompat.shouldShowRequestPermissionRationale(context, permission)

Here, the parameters are the same as in the previous method.

If this method returns true, then we should show some dialog to the user that he/she had denied some permission and navigate the user to app settings.

On the other hand, if the method returns false, then it means that the permission is not requested yet. In this case, we should ask the permission of the user.

3. Requesting permission in App:

The below snippet is used for requesting the permission of the user.

Code Snippet:

ActivityCompat.requestPermissions(
   context,
   permissions.toTypedArray(),
   permissionsRequestCode
)

Here,
context -Context instance.
permissions -ArrayList of Permissions.
permissionRequestCode – Request Code which is required for requesting permissions.

Done. This is all code required for asking runtime permissions in Android.

4. Special Cases:

i. Access background location permission:

For accessing the user’s location information in the background, we have to ask for ACCESS_BACKGROUND_LOCATION permission. This permission was introduced in Android 10.

This permission is also required for scanning BLE devices when the app is in the background or killed.

Getting this permission is a little tricky. For asking this permission, first we have to ask for ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION. Once a user allows these two permissions, then only the app can request ACCESS_BACKGROUND_LOCATION permission.

Common Mistakes:

i. Not showing the user information Dialog:

You must show the user why you are accessing the background location. It should follow google standards. If you don’t do this, then Google will reject your application. For more on this, kindly check the link here. – Reference

ii. Asking for all location permissions at once.

If you will ask all 3 location permissions at once then background permission will not be asked.

Right Approach:

First ask ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION is one array.

When a user grants these two permissions, which you can check from onRequestPermissionsResult, then you can request for ACCESS_BACKGROUND_LOCATION permission.

iii. shouldShowRequestPermissionRationale method returning false for background permission even on the first time.

In some devices, the shouldShowRequestPermissionRationale method will return false even the first time asking the ACCESS_BACKGROUND_LOCATION permission. So for that, we should show the permission denied dialog and navigate the user to the Settings screen for approving background location permission.

Moreover, you have to make a video of your application to show the usage of background location permission. Also, you have to submit the youtube URL for the same video in the play console(Sensitive permissions and APIs).

Conclusion

Runtime permission is a way to access restricted features of Android devices. Though it seems like a lot, it is better for the user’s privacy and security.

FAQs