This document discusses the Android permission system. It begins by introducing application sandboxes and the need for permissions to access resources outside the sandbox. It then covers the different types of permissions, how to check for and request permissions, and how the Android system handles permission requests and responses. Key points include how permissions are evaluated, the difference between normal and dangerous permissions, and methods for checking and requesting permissions like checkSelfPermission() and requestPermissions().
2. Agenda
● Introduction
● Application Sandbox
● Types Of Permission
● Check For Permission
● Request For Permission
● Handle Permission Request Response
● How Android System Ask For Permission
3. Introduction
●
To protect android system and user's privacy, Android system runs
each application in a limited access sandbox.
● If the app wants to use resources or info outside of its sandbox,
The app has to explicitly request permission.
●
Earlier all permissions used to set at installation time and can not
change untill the reinstallation, but now in new version of android,
Permissions are asked at the time of usage.
● In order to grant a permission, It should be declared in the
manifest file, The system then evaluates it and make a final
decision on whether to grant or deny.
4. Application Sandbox
● The Android system assigns a unique (UID) to each
android application and runs it in a separate process.
● Limiting the access of application.
● Any program can ask to Activity Manager to launch
other application, which runs with that application's UID.
● For instance A is not allowed to do something malicious,
like to read application B's data or dial the phone
without permission.
5. Types Of Permission
● Depending on the type of permission that app requests, The system
may grant the permission automatically, or ask the user to grant the
permission.
● Normal Permissions: Normal permissions do not directly risk the
user's privacy, so the system grant the permision automatically. Ex –
permission for flashlight.
● Dangerous Permissions: Dangerous permissions can give the
access to the user's confidential data, So user has to explicitly give
approval to your app. Ex – permission to read contact.
6. Check For Permission
● If your app needs a dangerous permission, You must check
every time whether you have permission to perform an
operation that require the permission.
● The user is always free to deny the permission, So even if
the app used the calander yesterday, It can't be assumed
that it still has permission today.
● To check, If the app has permission, Call the method
ContextCompact.checkSelfPermission().
7. ● The method will return an integer, You can
compare it with
PackageManager.PERMISSION_GRANTED or
PackageManager.PERMISSION_DENIED.
● See the code snippet:
//Assume thisActivity is current Activity
int permissionCheck =
ContextCompact.checkSelfPermission(thisActivity,
Manifest.permission.WRITE_CALENDER);
8. Request For Permission
● If your app doesn't already have the requred permission, The
app must call requestPermission() method to request
appropriate permission.
● You just need to pass required permission and a request
code to identify the permission request as parameter.
● This function works asynchronously.
● After the user responds to the permission dialog box, The
callback goes to overriden method
onRequestPermissionResult() of activity with the request
code and result.
9. ● There may be a situation, Where user deny the requested permission.
It may due to not understandable.
● So when the user again interact with the same feature that have been
rejected, We will show a explanation dialog.
● Android provides a utility method
shouldShowRequestPermissionRationale() to overcome the situation.
●
The method returns true, If the app has been requested the permission
earlier and the uses have denied it.
● If the user check Don't ask again, The method will return false.
10. Handle Permission Request Response
● When your app requests for permission, The system
shows a dialog box to user.
● When user responds onRequestPermissionsResult()
method of activity will call.
● The dialog box shown by the system describes the
permission group your app needs to access instead of
specific permission.
● For instance: If you request the READ_CONTACT
permission, The system dialog show to access device
contacts.