Understanding Android Marshmallow permissions
Android Marshmallow introduces a new application permissions model, allowing a simpler process for users when installing and/or upgrading applications. Applications running on Marshmallow should work according to a new permissions model, where the user can grant or revoke permissions after the installation—permissions are not given until there is user acceptance.
Supporting the new permissions model is backward-compatible, which means your apps can still be installed and run on devices running older versions of Android using the old permissions model on those devices.
An overview
With the Android Marshmallow version, a new application permissions model has been introduced.
Let's review it a bit more thoroughly:
- Declaring permissions: All permissions an app needs are declared in the manifest, which is done to preserve backward compatibility in a manner similar to earlier Android platform versions.
- Permission groups: As discussed previously, permissions are divided into permission groups based on their functionalities:
- PROTECTION_NORMAL permissions: Some of the permissions are granted when users install the app. Upon installation, the system checks your app's manifest and automatically grants permissions that match the
PROTECTION_NORMALgroup. - INTERNET permission: One important permission is the
INTERNETpermission, which will be granted upon installation, and the user can't revoke it.
- PROTECTION_NORMAL permissions: Some of the permissions are granted when users install the app. Upon installation, the system checks your app's manifest and automatically grants permissions that match the
- App signature permissions granted: The user is not prompted to grant any permissions at the time of installation.
- Permissions granted by users at runtime: You as an app developer need to request a permission in your app; a system dialog is shown to the user, and the user response is passed back to your app, notifying whether the permission is granted.
- Permissions can be revoked: Users can revoke permissions that were granted previously. We must learn how to handle these cases, as we'll learn later on.
Note
If an app targets an Android Marshmallow version, it must use the new permissions model.
Permission groups
When working with permissions, we divide them into groups. This division is done for fast user interaction when reviewing and approving permissions. Granting is done only once per permission group. If you add a new permission or request a new permission from the same permission group and the user has already approved that group, the system will grant you the added permission without bothering the user about the approval.
For more information on this, visit https://developer.android.com/reference/android/content/pm/PermissionInfo.html#constants.
When the user installs an app, the app is granted only those permissions that are listed in the manifest that belongs to the PROTECTION_NORMAL group.
Requesting permissions from the PROTECTION_SIGNATURE group will be granted only if the application is signed with the same certificate as the app with the declared permission.
Note
Apps cannot request signature permissions at runtime.
System components automatically receive all the permissions listed in their manifests.
Runtime permissions
Android Marshmallow showcased a new permissions model where users were able to directly manage app permissions at application runtime. Google has altered the old permissions model, mostly to enable easier and frictionless installations and auto-updates for users as well as for app developers. This allows users to install the app without the need to preapprove each permission the application needs. The user can install the app without going through the phase of checking each permission and declining the installation due to a single permission.
Users can grant or revoke permissions for installed apps, leaving the tweaking and the freedom of choice in the users' hands.
Most of the applications will need to address these issues when updating the target API to 23.
