"Translated" Permissions Best practices Android m right-of-way

Permissions Best Practicespreviousnextin This document

• Consider Using an Intent
• Don ' t overwhelm the User
• Explain why need Permissions
• Test for Both Permissions Models

You should also read

• Interacting with other Apps

It's easy-for-a app to overwhelm a user with permission requests. If A user finds the app frustrating to use, or the user was worried about what the app might was doing with the user ' s infor Mation, they may avoid using the app or uninstall it entirely. The following best practices can help you avoid such bad user experiences.

an application It is easy to intimidate users through permission requests. If the user finds that the application is uncomfortable or is concerned that the application may be using the user's information to do something, it may avoid using the application or completely uninstall it. The following best practices can help you avoid this bad user experience.

Consider using an Intent consider the use of Intent

In the many cases, you can choose between the ways for your app to perform a task. You can has your app ask for permission to perform the operation itself. Alternatively, you can have the app with the intent to the another app perform the task.

For example, suppose your apps needs to being able to take pictures with the device camera. Your app can request CAMERA the permission, which allows Your app to access the camera directly. Your app would then use the camera APIs to control the camera and take a picture. This approach gives your app full control over the photography process, and lets your incorporate the camera UI into your a Pp.

However, if you don't need such complete control, you can use a intent to the ACTION_IMAGE_CAPTURE request an image. When you send the intent, the system prompts the user to choose a camera app (if there isn ' t already a default camera app) . The user takes a picture with the selected camera app, and the apps returns the picture to your app ' s onActivityResult() method.

Similarly, if you need to make a phone call, access the user's contacts, and so on, you can do it by creating an APPROPR Iate intent, or you can request the permission and access the appropriate objects directly. There is advantages and disadvantages to each approach.

If You use permissions:

• The Your app has full control over the user experience if you perform the operation. However, such broad control adds to the complexity of your task, since your need to design an appropriate UI.
• The user is prompted to give permission once, either at run time or at install time (depending on the user ' s Android versi ON). After this, the your app can perform the operation without requiring additional interaction from the user. However, if the user doesn ' t grant the permission (or revokes it later on), your apps becomes unable to perform the Operati On @ all.

If you use an intent:

• You don't have a to design the UI for the operation. The app that handles the intent provides the UI. However, this means you has no control over the user experience. The user could is interacting with a app you ' ve never seen.
• If the user does not has a default app for the operation, the system prompts the user to choose an app. If the user does not designate a default handler, they may has to go through an extra dialog every time they perform the Operation.

In short, you can let other applications do the work of other applications, so that without the design interface, and do not have to apply for permission, as long as a intent to solve the problem. and permission requests are small, do not request permission too much.

Only ask for Permissions you need apply for the permissions you need

Every time you ask for a permission, you force the user to make a decision. You should minimize the number of times your make these requests. If the user is running Android 6.0 (API level) or later, every time the user tries some new app feature that requires a Permission, the app has to interrupt the user's work with a permission request. If the user is running a earlier version of Android, the user have to grant every one of the app's permissions when instal Ling the app; If the list is too long or seems inappropriate, the user could decide not to install the your app. For these reasons, you should minimize the number of permissions your app needs.

Quite often your app can avoid requesting a permission by using a intent instead. If A feature isn't a core part of your app's functionality, you should consider handing the work over to another app, as Described in consider Using a Intent.

Whenever you apply for a permission, you will force the user to make a decision, so you should minimize the number of requests. If the user is running Android6.0 (API level 23) or later, each time the user tries some new app functionality that requires permission, the application interrupts the user's work because of the request permission. If the user is running an earlier version of Android, the user is granted every permission to the application when the application is installed, and if the list is too long or looks inappropriate, the user can finally decide not to install your application. For these reasons, you should try to minimize the number of permissions your application needs.

Many times your application avoids requesting permissions and uses intent. If a feature is not a core part of the functionality of your application, you should consider switching this feature to another application, as described in the previous article.

Don ' t overwhelm the user don't scare users

If the user is running Android 6.0 (API level) or later, the user have to grant your app it permissions while they was Running the app. If you confront the user with a lot of requests for permissions in once, you may overwhelm the user and cause them to quit Your app. Instead, should ask for permissions as you need them.

In some cases, one or more permissions might is absolutely essential to your app. It might make sense to ask for all of those permissions as soon as the app launches. For example, if a photography app, the app is would need access to the device camera. When the user launches the app for the first time, they won ' is surprised to being asked for permission to use the camera. But if the same app also had a feature to share photos with the user's contacts, you probably should don't ask for The READ_CONTACTS permission at first launch. Instead, wait until the user tries to use the ' sharing ' feature and ask for the permission then.

If your app provides a tutorial, it may do sense to request the app's essential permissions at the end of the tutorial s Equence.

If the user is running Android 6.0 (API level 23) or later, the user has to grant permissions to your application when your app is running. If you once let users face a lot of permission requests, you may scare users and cause them to quit your application. Instead, you should ask for permission when you need it.

In some cases, one or more permissions may be absolutely required by your application , and it is reasonable to request all of these permissions once the application starts . For example, if you do a photographic application, the app needs to access the device camera. When users start the application for the first time, they are not surprised to be asked to allow permission to use the camera. However, if the same application also has a feature that shares a contact's photo with the user, you may not be required to request Read_contacts permissions on the first run. Instead, wait until the user tries to use the share feature and then request permission.

If your application provides a tutorial, it is reasonable to request permission at the end of the tutorial.

Explain Why do you need Permissions explain why you need these permissions

The permissions dialog shown by the system if you call requestPermissions() says what permission your app wants, but doesn ' t say why. I n some cases, the user may find this puzzling. It's a good idea to explain to the user why your app wants the permissions before calling requestPermissions() .

For example, a photography app might want to use location services so it can geotag the photos. A typical user might not understand it a photo can contain location information, and would is puzzled why their photogra PHY app wants to know the location. So in this case, it's a good idea for the app to tell the user about this featurebefore calling requestPermissions() .

One-to inform-the user is-to-incorporate these requests into an app tutorial. The tutorial can show each of the apps ' s features in turn, and as it does this, it can explain what permissions is needed. For example, the photography app's tutorial could demonstrate its "share photos with your Contacts" feature and then-tell th e user that they need to give permission for the app to see the user ' s contacts. The app could then call to ask the user for that requestPermissions() access. Of course, not every user was going to follow the tutorial, so we still need to check for and request permissions during T He app ' s normal operation.

When you call Requestpermissions () The system displays the Permissions dialog box, which shows you need these permissions, but does not say why it is needed. In some cases, users may be confused. It is a good idea to explain to the user before calling Requestpermissions() Why your application needs this permission .

For example, a photographic application may need to use location services so that it can mark the location of a photo shoot . An ordinary user may not understand that a photo can contain location information and will wonder why a photographic application needs to know the location. Therefore, in this case, it is a good idea to tell the user about this feature before calling Requestpermissions () .

one way to inform users is to include these requests in a tutorial. This tutorial can show the functionality of each application in turn, which can be a good indication of why these permissions are needed. For example, a tutorial that takes an app can simulate its "share photos with your Contacts" feature, and then tell the user that this requires permissions for the app to view the user's contacts . The application can call Callrequestpermissions () to request the permission from the user. Of course, not every user will follow the tutorials to give you the permissions you need, so you still need to check and request permissions during the application's official run.

Test for Both Permissions Models testing two permission modes

Beginning with Android 6.0 (API level), the users grant and revoke app permissions at run time, instead of doing so when th EY install the app. As a result, you'll have the to test your app under a wider range of conditions. Prior to Android 6.0, you could reasonably assume that if your app was running at all, it had all the permissions it Declar Es in the app manifest. Under the new permissions model, you can no longer make that assumption.

The following tips would help you identify permissions-related code problems on devices running API level or higher:

• Identify Your app ' s current permissions and the related code paths.
• Test user flows across permission-protected services and data.
• Test with various combinations of granted or revoked permissions. For example, a camera app might list camera ,   read_contacts , and  Access_fine_ Location  in its manifest. You should test the app with each of these permissions turned on and off, to make sure the app can handle all permission C Onfigurations gracefully.
• use The adb tool to manage permissions from the command line:
  • List permissions and Status by G Roup:

    $ adb shell pm list permissions-d-G 

  • Grant or revoke one or more perm Issions:

    $ adb shell PM [grant|revoke] <permission-name> ... 

• Analyze your app for services this use permissions.

Starting with Android 6.0 (API level 23), users grant and revoke permissions while the app permissions are running , rather than when the application is installed. This way, you have to test your application in a wider range of conditions. Before Android 6.0 , you can assume that your application has all the rights declared in manifest at run time. According to the new permission model, you can no longer make such assumptions.

The following tips will help you identify issues with the device code that is running API level 23 or higher for permissions related to:

• Determine the current permissions of your application and the associated code path.
• Test users to follow cross-rights-protected services and data.
• Test the various combinations of grant and revocation requests. For example, a webcam application might list camera,read_contacts and access_fine_location in its manifest. You should test each permission to open and close to ensure that the application handles all permissions configuration well.
• Use the ADB tool to manage permissions from the command line:
  • List permissions and status by group:

$ adb shell pm list permissions-d-G

• • To grant or revoke one or more permissions:

$ adb shell PM [Grant|revoke] <permission-name> ...

• Analyze services that are limited to your application usage.

Reprint please indicate the source and link, the author retains ownership

"Translated" Permissions Best practices Android m right-of-way