Android Permissions
To protect the system’s integrity and the user’s privacy, Android runs each app in a limited access sandbox. If the app wants to use resources or information outside of its sandbox, the app has to explicitly request permission. Depending on the type of permission the app requests, the system may grant the permission automatically, or the system may ask the user to grant the permission.
Declaring Permissions
Declare that your app needs permission by listing the permission in the App Manifest.
Depending on how sensitive the permission is, the system might grant the permission automatically, or the device user might have to grant the request.
For example, if your app requests permission to turn on the device’s flashlight, the system grants that permission automatically. But if your app needs to read the user’s contacts, the system asks the user to approve that permission.
Depending on the platform version, the user grants the permission either when they install the app (on Android 5.1 and lower) or while running the app (on Android 6.0 and higher).
| <manifest xmlns:android=“http://schemas.android.com/apk/res/android“ | |
| package=“com.example.myapp“> | |
| <uses-permission android:name=“android.permission.WRITE_EXTERNAL_STORAGE“ /> | |
| <uses-permission android:name=“android.permission.ACCESS_FINE_LOCATION“/> | |
| <uses-permission android:name=“android.permission.ACCESS_COARSE_LOCATION“/> | |
| <application …> | |
| … | |
| </application> | |
| </manifest> |
Requesting Permissions
Beginning in Android 6.0 (API level 23), users grant permissions to apps while the app is running, not when they install the app.
It gives the user more control over the app’s functionality; for example, a user could choose to give a camera app access to the camera but not to the device location. The user can revoke the permissions at any time, by going to the app’s Settings screen.
System permissions are divided into two categories
- Normal permissions do not directly risk the user’s privacy. If an app lists normal permission in its manifest, the system grants the permission automatically. The complete list of normal permissions can be found here.
- Dangerous permissions can give the app access to the user’s confidential data. For these permissions, the user has to explicitly give approval to the app. The complete list of dangerous permissions can be found here.
Handling Permissions at Runtime
For applications to support new Runtime Permissions, in `grade.build` file set `compileSdkVersion` and `targetSdkVersion` to 23.
| apply plugin: ‘com.android.application‘ | |
| android { | |
| compileSdkVersion 23 | |
| buildToolsVersion “23.0.3“ | |
| defaultConfig { | |
| applicationId “com.example.myapp“ | |
| minSdkVersion 10 | |
| targetSdkVersion 23 | |
| versionCode 1 | |
| versionName “1.0“ | |
| } | |
| buildTypes { | |
| release { | |
| minifyEnabled false | |
| proguardFiles getDefaultProguardFile(‘proguard-android.txt‘), ‘proguard-rules.pro‘ | |
| } | |
| } | |
| } | |
| dependencies { | |
| compile fileTree(dir: ‘libs‘, include: [‘*.jar‘]) | |
| compile ‘com.android.support:support-v4:23.3.0‘ | |
| compile ‘com.github.bumptech.glide:glide:3.7.0‘ | |
| compile ‘com.google.android.gms:play-services-location:9.2.0‘ | |
| testCompile ‘junit:junit:4.12‘ | |
| compile ‘com.android.support:appcompat-v7:23.3.0‘ | |
| } |
Moving forward, in <ActivityClass>.java, before accessing any restricted content we will need to check for appropriate permission at runtime. This is to be done using Android `checkSelfPermission` API.
`int hasWriteContactsPermission = checkSelfPermission(Manifest.permission.WRITE_CONTACTS)`
If permission is granted, we are good to go else we need to request permission.
We will need to explicitly call `requestPermissions` API to show the request permission dialog box, Android will not do this for us.
| private final int WRITE_EXTERNAL_STORAGE_REQUEST_CODE = 123 | |
| private void takePhoto() { | |
| //Make sure we have permission to write to external storage | |
| int hasWriteExternalStoragePermission = checkSelfPermission(Manifest.permission.WRITE_EXTERNAL_STORAGE); | |
| if (hasWriteExternalStoragePermission == PackageManager.PERMISSION_GRANTED) | |
| captureImage() | |
| else | |
| requestPermissionWriteToLocalStorage(); | |
| } | |
| private void captureImage(){ | |
| //Code to capture image from camera | |
| } | |
| private void requestPermissionWriteToLocalStorage(){ | |
| requestPermissions(new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, WRITE_EXTERNAL_STORAGE_REQUEST_CODE); | |
| } |
In line 5, we get current status for permission. If permission is granted, we continue with our action else we request the user for permission.
Handling Permission Results
Permission results are communicated to the app via onRequestPermissionsResult callback method. Override this to handle the result.
| @Override | |
| public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions, @NonNull int[] grantResults) { | |
| if (requestCode == WRITE_EXTERNAL_STORAGE_REQUEST_CODE){ | |
| if (grantResults[0] == PackageManager.PERMISSION_GRANTED) | |
| captureImage(); | |
| else{ | |
| if (shouldShowRequestPermissionRationale(Manifest.permission.WRITE_EXTERNAL_STORAGE)) | |
| showRationaleDialog(); | |
| else | |
| Toast.makeText(MainActivity.this, “You need to allow permission to Write to External Storage“, Toast.LENGTH_LONG).show(); | |
| } | |
| } | |
| super.onRequestPermissionsResult(requestCode, permissions, grantResults); | |
| } | |
| private void showRationaleDialog(){ | |
| new AlertDialog.Builder(MainActivity.this) | |
| .setMessage(“Application needs access to READ/WRITE LocalStorage to store images.“) | |
| .setPositiveButton(“OK“, new DialogInterface.OnClickListener() { | |
| @Override | |
| public void onClick(DialogInterface dialog, int which) { | |
| requestPermissionWriteToLocalStorage(); | |
| } | |
| }) | |
| .setNegativeButton(“Cancel“, null) | |
| .create() | |
| .show(); | |
| } |
If permission is granted, we continue with our intended actions.
In case, the permission is denied, check with Android if we should show a permission rationale. `shouldShowRequestPermissionRationale` allows us to communicate the purpose of the permission to the user.
`shouldShowRequestPermissionRationale` returns `false` if the user has denied permission with option `Never ask again`. In this case, we can not invoke the Android permission dialog via `requestPermissions` API and user will have to enable permission via app settings. It makes sense to let the user know of the missing permission.
`shouldShowRequestPermissionRationale` Gets whether you should show UI with rationale for requesting permission. You should do this only if you do not have the permission and the context in which the permission is requested does not clearly communicate to the user what would be the benefit of granting this permission.
Gotcha: Above implementation only works for Android API level 23 and is not compatible with older versions.
Better Fix: Use `com.android.support:support-v4` as specified in build.gradle line 24. Now your code should use Support library and make the following changes
| checkSelfPermission(Manifest.permission.WRITE_EXTERNAL_STORAGE) | |
| => ContextCompat.checkSelfPermission(MainActivity.this, Manifest.permission.WRITE_EXTERNAL_STORAGE); | |
| requestPermissions(new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, WRITE_EXTERNAL_STORAGE_REQUEST_CODE); | |
| => ActivityCompat.requestPermissions(MainActivity.this, new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, WRITE_EXTERNAL_STORAGE_REQUEST_CODE); | |
| shouldShowRequestPermissionRationale(Manifest.permission.WRITE_EXTERNAL_STORAGE) | |
| => ActivityCompat.shouldShowRequestPermissionRationale(MainActivity.this, Manifest.permission.WRITE_EXTERNAL_STORAGE) |
And we are done here!!
For targeting Android M or higher, refer to wrapper library EasyPermissions.
About RemotePanda
RemotePanda is a global marketplace for Freelancers. Our concierge service means you have someone to take care of your needs right from profile matching to hiring and throughout the project. We set the KPIs for the work and build accountability within the process for the Freelancers.
Thinking Freelancers, Think RemotePanda
