What Are Android Permissions And How Do They Work?
Most of the time, when you install a new Android app or update an existing one to a new version, a pop-up window inside the Play Store will prompt you to give the app at hand some sort of “permissions”. Some of you might find them scary. Some of you might think “Why the hell does the Facebook app need so many different permissions?!”
In this post you will learn what Android permissions are, how they work and why they are actually less scary than they might sound. But first, let’s dig into the basics.
Google wanted to make permissions easier to understand
Everything on our mobile devices is being programmed and designed in a way to make stuff work as easy as possible, which also means that developers need to simplify certain aspects of the OS to give us, mortals, the ability to use the device intuitively and make setting everything up less of a process. This might sound good, but this comes at a certain price.
Google’s move to make App Permissions easier to understand might leave you under the impression, that once you give an app access to a whole set of permissions, you will not really know what the app might or might not use. To clear things up, you must need to understand the basic difference between so-called Permission Groups and Permissions.
Scary Android Permissions
When installing a new app, you might have seen a permission that sounds particularly scary if you don’t know the story behind it – “Device & app history”.
This infamous item asks you to give the app permission to “view one or more of: information about activity on the device, which apps are running, browsing history and bookmarks”. Most people would have probably completely forgotten about “view one or more of…” after reading the part about giving an app access to one’s browsing history. Everybody knows to protect his or her own browsing history. This stuff is better kept secret.
Anyway, as you see in the example above, Google tried to simplify app permissions by grouping some of them together to make them easier to understand. However, in this case the app at hand would not automatically get access to all items within the permission, but, as the description said, “one or more of”. This is key to remember.
Difference between permission groups and permissions
For your own safety, Google won’t give developers access to every permission on your phone. But since there are a lot of them, Android groups them together into easy to undestand chunks, so you can allow apps to do stuff and make the decision to do so on a more intuitive level. So, each permission group is made from a set of sub-permissions.
However, if you give the developer access to a permission group, it doesn’t mean that each of the sub-permissions will be used.
To see what permissions you are really giving access to, scroll down on the Play Store page a bit and click on Permission Details to see a detailed list (works both in the Play Store app and browser version). To see a list of permissions for already installed apps, go to Settings > Apps > select the app you want and scroll down to permissions.
Now let’s have a look at what Android app permission groups are out there.
List of Android App Permissions
At the time of writing this article, there are 17 different app permission groups on Android. The names of the permissions are self-explanatory in some cases, but let’s examine each one of them separately, just in case.
Before we begin thought, you must know that all apps have the permission to access your internet connection by default.
1. In-app purchases
This permission will allow apps to make purchases from within the app itself. A popular example would be buying additional in-game currency in exchange for real money to buy some fancy decoration for your beautiful dragon city or whatnot.
2. Device & app history
This is the scary one from the example above. Please remember the exact wording of this permission from Google.
“An app can do one or more of the following”:
- read sensitive log data
- read the device’s internal state
- access your bookmarks as well as browsing history (for example, in case you want to install another browser and transfer your bookmarks)
- retrieve running apps
This particular permission is often used if an app wants to interact with another one. It’s actually not as scary as it may sound if you don’t know the whole story behind it.
3. Cellular data settings
This permission allows the app to control your mobile data connection settings. This would, for example, mean that an app could enable or disable your mobile data connection, set a data limit or give you a detailed analysis of where you spent your precious megabytes of mobile data.
The identity permission allows apps to access all saved account on your device, as well as access and change your personal information stored on the device. By account I mean everything you will see if you go to Settings > Accounts. There you will probably find a list that will probably contain your Google account, Facebook, WhatsApp, Skype, Dropbox and many others.
For example, this permission would allow you to log into other apps using your Google or Facebook account! Very useful and not scary at all, given that all your sensitive data (like passwords) are safely encrypted.
Pretty much self-explanatory. This permission gives apps access to your list of contacts and allows them to read and modify items within that list.
A good example of the Contact permission would be a new calendar app, that would allow you to invite your friends to an event. For that, the app would need access to your contacts.
Much like in the example above, a calendar app would, of course, need access to your calendar! This permission also allows the app to access and modify your events, as well as invite guests without your knowledge.
This permission gives apps access to your location. However, there are two different methods of determining your location, one of which is more precise than the other and more battery intensive.
- Approximate location – determines your location based on mobile towers and WiFi networks in your area (relatively light battery use)
- Precise location – uses GPS as well as the network-based factors above to determine your location (heavier on the battery)
This one also gives the app access to your GPS settings, which would be particularly useful for mapping or fitness apps.
This one might cost you money. The SMS permission allows apps to do the following:
- read and receive messages in form of SMS, MMS or video messages
- edit text messages (SMS or MMS)
- Send SMS messages ($)
The phone permission is useful for all apps that allow you to place and receive calls within an app (think Android dialer apps).
- Call phone numbers (even without your intervention)
- Read and write call logs
- Reroute calls
- Modify phone state
This permission is all about files on your device. This allows apps to:
- read, modify or delete contents of your device such as photos or videos (even if they are on your SD card)
- Mount, unmount and format external storage (like a thumb drive connected with a USB cable to your device)
Allows apps to take pictures or videos (doesn’t include sound recording). A popular example would be Instagram, which needs access to the camera hardware to take photos or videos right from the app itself without the need to use your device’s native software first.
Apps can use your microphone and record audio. This one is in most cases paired with the camera permission, especially if a certain app allows video recording with audio.
13. Wi-Fi connection information
This permission allows apps to do everything WiFi related, which includes, but not limited to, changing your settings, accessing the list of WiFi networks within your device’s reach as well as devices connected to yours (think mobile data tethering).
14. Bluetooth connection information
This permission gives apps access to your Bluetooth settings. There are three different levels of Bluetooth access:
- Simple – allows apps to connect to already paired Bluetooth devices
- Admin – apps can pair and discover new devices
- Privileged – apps can do all of the above without any user interaction. The access level is called privileged, because not a single third-party app has access to this permission. Let Google handle the sensitive stuff.
15. Wearable sensors/activity data
The go-to permission for all fitness-tracker apps, that need to access readings from the sensors inside your wearable device (which also includes Android Wear based smartwatches).
16. Device ID & call information
This permission gives apps access to your device ID and gives information about whether you are currently on on the phone or not and the number of the person on the other end of the call.
All other minor permissions that don’t fall under any of the categories above. The best way to avoid any frustration is to manually check the permission for new apps by following the steps from the top of the article.
Let’s look at some of Facebook’s other permissions:
- draw over apps (like a window overlay on top of other apps when video-calling)
- control device vibration
- run at startup
- read battery statistics
- set wallpaper
- install shortcuts
Revoke and disable permissions in Android M – the new way
During its latest developer conference, Google has announced a brand new way for developers and users to control app permissions. If any of you guys used to be iOS users, this will sound somewhat familiar to you.
In previous Android versions, such as Lollipop, you had to give apps all necessary permissions prior to installing the app itself. And the security level of single permissions didn’t matter in this case.
With Android M, users will only allowing so-called “Protection-Normal” permissions, such as access to your alarm clock during the installation, but all other permissions will only be asked for when the app actually requires it. In the case of Instagram, you could install the app without granting any permissions at all, and once you launch the in-app camera, the app will prompt you to give access to the camera.
Also, the new model gives users access to revoke single permissions at any time. Don’t want Facebook to access your location when you don’t want it to? Not an issue anymore. Simply go into the app’s permission setting, and revoke location access by flipping a switch.
Next time Facebook want’s to know where you are, you will be asked again.
Today, Android permissions are slightly more confusing to the user than they actually are. You have groups of permissions that you don’t know the details about, scary permissions such as access to your browsing history and many other misunderstandings.
However, all this will change once Android M hist your device. From this point in time you will be able to manage ALL individual permissions for certain apps on your device, so you will finally be in control of what information apps can access, and what you better want to keep private.
If some points in this guide are unclear or if you have any open question in regard to all of the above, simply drop a line in the comments, and I will do my best to clear things up.