Android Permission

Normal permission and Dangerous permission

• Normal permissions do not directly risk the user’s privacy. If your app lists a normal permission in its manifest, the system grants the permission automatically.
• Dangerous permissions can give the app access to the user’s confidential data. If your app lists a normal permission in its manifest, the system grants the permission automatically. If you list a dangerous permission, from Android 6.0, the user has to explicitly give approval to your app.

If target API less than 23:

• No matter what’s version OS is, all Permission in Manifest will be granted by System during installation. And users can see that.
• No matter what’s version OS is, deny the permission in Android settings screen can’t make any change. The permission is still granted. (For OS less than M, there might be no deny in settings screen.)

If target API higher or equal 23:

• Dangerous permissions should be granted during runtime by users. And they should also be declared in Manifest.
• If OS version higher or equal to M, users can see all the dangerous permission. But all of them are grey/off/denied by default. We should promote them and let users grant.
• Both ContextCompat in support library and native Activity have checkSelfPermission(),requestPermissions() and onRequestPermissionsResult() APIs to do runtime requesting.
• Only the permissions declared in manifest could be requested run time.
• Runtime permission is an additional requirement for targeting API higher than 23. It doesn’t enable developer more abilities but more restriction.
• If OS version lower than M, All dangerous permissions will be granted by system during installation.

Merged Manifest

In Android studio, there’s a tap at the bottom of Manifest file named “Merged Manifest” which could be used to check which libraries the permission is from.
Permission merged from libraries could be removed by tools:node=”remove” in main manifest.
could request permission specific for target API higher than or equal to 23. And for the situation that depending library targets API higher than 23 but main App targets API lower than 23, the dangerous permissions declared in depending library will be tagged as “<users-permission-sdk-23 ” automatically during merging.

External Storage Permission

• Before API 18, developers need put READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE in manifest to read/write to application’s data folder.
• After API 18, no permission needed to read/write to application’s data folder.

Some Scenarios No Permission Needed

• To open/read file with Intent.ACTION_OPEN_DOCUMENT, no permission needed.
• To open camera with ACTION_IMAGE_CAPTURE, no permission needed.