Now that Android 6.0 becomes more popular among users, I've asked myself what the consequences of the selective permission granting are.
Let's assume I had a free ad-supported version of an app. It will obviously need internet permission to query ads. Now the user is able to deny that permission and apps could not be queried. The consequence I am thinking of is to deny app function if not all the permissions are granted. But this would make the permission model pointless for my app. It would be an "all or nothing" scenario. Is that thinking correct? I am interested in your thoughts.
Another thought I had was: Is the permission of internet access granted to AdMob automatically, by any chance? This would prevent users from disablings ads simply by takingvaway the internet permission. As AdMob is a Google company and this functionality is implemented in the Google Play Services, I guess that could be possible?! Any thoughts on this?
Let me know what you think.
Update: Admob also wants to have Location Info. So even though Internet does not need permission, the question still is interesting.
#mad: in android 6.0, your app never ask your to allow internet permission. because internet not part of user's privacy in android 6.0
(in sort user not able to deny internet permission) only on/off internet from device!
so don't worry about it. you app work same in android 6.0 as previous version of android.
you have to ask user for permission only if you are using, CAMERA, CONTACTS, LOCATION, MICROPHONE, Phone, STORAGE ...etc..
LOCATION: when you fetch location from your app and pass to any 3rd party app. in this case you must have to ask user to allow location permission. otherwise its not needed like Google Play service or In-App Purchease.(both fetch user location where app installed or product purchase but when we use both library in our app we must not have to ask location permission).
Related
is there any way for hide the android manifest Permissions for some reasons and user couldnt see during installing the app?
Taken from the support page from Google Play:
Google Play shows you which permission groups an app will be able to
access. This information can help you decide whether you want to
install the app.
The whole sole purpose of those permissions is for people to see what your app can access and decide whether they want to share (all) that information with you.
In Android L and lower, this is impossible. If you do not ask for a permission, you will get a crash when you try to access the thing that needs permission. Thus, you cannot hide permissions from users.
In Android M, the whole permission idea is changed: instead of asking for lots of permission at the install, the app is installed without permissions, and when you need a specific permission, for example for camera, the user will have the option of accepting or declining the permission. Thus, the user will have a clearer view of what a permission is asked for.
When I add the permissions
"INTERNET"
"ACCESS_NETWORK_STATE"
to my app and upload it to Google Play, people who download the app see the message "this app doesn't require any special permissions".
Are the following permissions "special" for Google Play?
"ACCESS_WIFI_STATE"
"READ_PHONE_STATE"
I'm using a mobile ad SDK that claims to perform better if it is granted all four permissions. But I don't want to scare off some users by asking for too many permissions.
The permission READ_PHONE_STATE has to be accepted by users, ACCESS_WIFI_STATE doesn't.
Somebody asked already about the link between Android Permissions and Permission Groups - the selected answer links to the actual mapping file for the permissions of Android.
So the permissions you mentioned are belonging into the following groups and protection levels:
INTERNET: NETWORK (dangerous)
ACCESS_NETWORK_STATE: NETWORK (normal)
ACCESS_WIFI_STATE: NETWORK (normal)
READ_PHONE_STATE: PHONE_CALLS (dangerous)
Based on Google's explanation about the protectionLevel, "special permissions" (as you call it) are permissions marked as "dangerous" (as Google calls it).
But hey, INTERNET is dangerous! Why aren't users asked about this permission? Because.
Google has also given each app Internet access, effectively removing
the Internet access permission. Oh, sure, Android developers still
have to declare they want Internet access when putting together the
app. But users can no longer see the Internet access permission when
installing an app and current apps that don’t have Internet access can
now gain Internet access with an automatic update without prompting
you.
I have noticed that for few apps containing ads, they will ask for READ_PHONE_STATE permission. After tracking down their bytecode, I find they call TelephonyManager.getDeviceId(). Is it necessary for app containing ads ask for DeviceID? It's malicious to me because it seems that these apps will leak my private information.
Admob at least doesn't require that permission. All it needs is Internet access permission.
I can't tell if other providers require more permissions.
I am actually preparing to release an app using the device google account to authenticate on Google App Engine server.
To do that, I need those permissions :
USE_CREDENTIALS : obviously
INTERNET : obviously
GET_ACCOUNTS : to ask the user to select one of the google accounts registered on his phone.
My problem is with GET_ACCOUNTS : I think it's quite intrusive to ask this permission along with INTERNET : I would be able to get all his accounts (google, facebook, etc...) and send them to my server (I won't do that of course !). But I fear this permission may scare users, and they may not download my app...
I had the idea to report this permission to an other app, which wouldn't have INTERNET permission. This app would be called with an intent, and return only the account chosen by the user. And then, my main app don't need GET_ACCOUNTS anymore.
The source code is there : http://code.google.com/p/account-chooser/
It's quite simple (only one screen)
To send an intent to this app I use a utility library like IntentIntegrator from ZXing. If my "account chooser" app is not present on the device, it asks the user to download it from market.
What do you think about that ? Is it a good idea ? Am I right to bother the user with downloading a mysterious app he may not understand the usefulness ? Or should I just use GET_ACCOUNTS permission in my main app without questionning myself about privacy ?
So instead of just asking for the GET_ACCOUNTS permission within your app, you plan to request it in another app and in turn expose that information to any other app on the device (via an intent).
Stick with asking for the GET_ACCOUNTS permission within your app and be done with it. Speaking from experience, if an app I downloaded forced me to install yet another app just to get some functionality out of it, well.. you know what happens next :)
I have few doubts.
Is it possible for Android application after installation, to ask user for permission for accessing certain functions? Like say the app A wants to read contacts for a specific purpose. If the user grants permission, then the activity will take place. Else it wont. Is it possible?
Is there a way of allowing user to select/de-select permissions during installation time?
I have read that using CyanogenMod grants user these kind of priveleges. Is there any solution for non-rooted user, apart from take-it-or-leave-it approach?
It would be great, but not, all permission must be granted during installation :-(
Only exception is access to the google profile, this will be authorized during first access.
I hope that a future android version will can do that.
Cyanogen can do opposite. You must grant all permissions during install, but you can explicitly remove them later. But it result in application crash very often. This is only for advanced users.