What I want from Android App Permissions

I’m an Android user and developer, but I’m not a fanatic about it. There are somethings I think Android does better than iOS, and some things I think iOS does better than Android.

One of the things I think iOS does better than Android is app permissions. Currently, in Android the users have to accept all permissions at once at install time.

This is terrible for users as some apps ask for many permissions at once. For example the Facebook app on Android asks for permissions to access the users phone book, and if you want to use the app you have to grant it. Based on previous events I’d say this is a terrible idea, and thus I don’t have the Facebook app on my phone (there are other reasons to, but that’s one of the main ones.)

This is also terrible for developers, as sometimes you want to add a feature that you know only a few users will use but requires a permission some users may balk at. For instance, to find a users friends on a service you traditionally scan their address book and match emails. This requires the read phone book permission, but some users will be loath to allow that. So you are faced with a choice; include the feature in your app and risk alienating some users, or just leave the feature out?

But now, with the release of Android 4.3, it looks like this may change. It looks like Android is going to get more granular permissions in the near future. I’m very excited. This is what I hope we get:

Firstly, it looks as if the app will see generic error messages if a permission is denied. As a developer, that sounds really annoying. Now if you get an generic error message when trying to access the camera, you don’t know if it’s a permission problem or a device problem. I want a clear API that lets me see if the app has a permission.

The argument against this seems to be that “bad” apps shouldn’t be able to see if the user has denied permission. Why not? I haven’t really seen a good argument for that. Bad apps will be bad apps, and at some level you just have to accept that.

Secondly, I want there to be compulsory and required permissions for an app. For instance, the Facebook app requires the internet access permission. Really, it does. If you don’t give it that permission, then there is no point. However, it only needs permission to read the address book if you use that feature. I and hopefully many users don’t use that feature, so we can choose not to grant that permission. Compulsory permissions could be obtained at install time, as at present.

The argument against this may be that bad apps will continue to make invasive permissions compulsory. Let them. Their good competitors that make these permissions optional will hopefully wipe the floor with them.

This could be done without breaking backwards compatibility. Currently you declare needed permissions in XML:

<uses-permission android:name=”android.permission.WRITE_EXTERNAL_STORAGE” />

You could easily add a new flag, which defaults to false:

<uses-permission android:name=”android.permission.WRITE_EXTERNAL_STORAGE” optional=”true” />

The new Android could pick this up. An API in both the normal Android space and the Google Play Services library allows the app to see if it has an optional permission. The first time this is called for a particular permission, the user is prompted. Subsequent calls return true or false immediately. The user could change the permissions they granted or refused later from the control panel.

On old Android devices, the optional flag would just be ignored. When you install the app, all permissions would be shown to the user and permission obtained. The API call in the Google Play Services library would just always return true to any queries asking if the app had the permission, as it would do.

This would provide a backwards compatible way to have optional flexible permissions for apps, and would be great. Fingers crossed.

3 thoughts on “What I want from Android App Permissions”

Comments are closed.