Skip to content

Most visited

Recently visited

navigation

Requesting Permissions

Android is a privilege-separated operating system, in which each app runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Linux thereby isolates apps from each other and from the system.

Because each Android app operates in a process sandbox, apps must explicitly request access to resources and data outside their sandbox. They request this access by declaring the permissions they need for additional capabilities not provided by the basic sandbox. Depending on how sensitive the area is, the system may grant the permission automatically, or may prompt the user to approve or reject the request.

This page describes how apps can request standard system permissions. The following document, Defining Permissions, describes how apps can define their own permissions, so they can securely share their data and capabilities with other apps.

Also see the material style guide for permissions.

Using Permissions

A basic Android app has no permissions associated with it by default, meaning it cannot do anything that would adversely impact the user experience or any data on the device. To make use of protected features of the device, you must include one or more <uses-permission> tags in your app manifest.

For example, an app that needs to monitor incoming SMS messages would specify:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.android.app.myapp" >
    <uses-permission android:name="android.permission.RECEIVE_SMS" />
    ...
</manifest>

If your app lists normal permissions in its manifest (that is, permissions that don't pose much risk to the user's privacy or the device's operation), the system automatically grants those permissions. If your app lists dangerous permissions in its manifest (that is, permissions that could potentially affect the user's privacy or the device's normal operation), the system asks the user to explicitly grant those permissions. The way Android makes the requests depends on the system version, and the system version targeted by your app:

Often times a permission failure will result in a SecurityException being thrown back to the app. However, this is not guaranteed to occur everywhere. For example, the sendBroadcast(Intent) method checks permissions as data is being delivered to each receiver, after the method call has returned, so you will not receive an exception if there are permission failures. In almost all cases, however, a permission failure will be printed to the system log.

The permissions provided by the Android system can be found at Manifest.permission. Any app may also define and enforce its own permissions, so this is not a comprehensive list of all possible permissions.

A particular permission may be enforced at a number of places during your program's operation:

Automatic permission adjustments

Over time, new restrictions may be added to the platform such that, in order to use certain APIs, your app must request a permission that it previously did not need. Because existing apps assume access to those APIs is freely available, Android may apply the new permission request to the app's manifest to avoid breaking the app on the new platform version. Android makes the decision as to whether an app might need the permission based on the value provided for the targetSdkVersion attribute. If the value is lower than the version in which the permission was added, then Android adds the permission.

For example, the WRITE_EXTERNAL_STORAGE permission was added in API level 4 to restrict access to the shared storage space. If your targetSdkVersion is 3 or lower, this permission is added to your app on newer versions of Android.

Caution: If a permission is automatically added to your app, your app listing on Google Play lists these additional permissions even though your app might not actually require them.

To avoid this and remove the default permissions you don't need, always update your targetSdkVersion to be as high as possible. You can see which permissions were added with each release in the Build.VERSION_CODES documentation.

Viewing an app's permissions

You can view at the permissions currently defined in the system using the Settings app and the shell command adb shell pm list permissions. To use the Settings app, go to Settings > Apps. Pick an app and scroll down to see the permissions that the app uses. For developers, the adb '-s' option displays the permissions in a form similar to how the user will see them:

$ adb shell pm list permissions -s
All Permissions:

Network communication: view Wi-Fi state, create Bluetooth connections, full
Internet access, view network state

Your location: access extra location provider commands, fine (GPS) location,
mock location sources for testing, coarse (network-based) location

Services that cost you money: send SMS messages, directly call phone numbers

...

Permission required to install unknown apps

If your app targets Android 8.0 (API level 26) or higher and triggers APK installs using the package installer API, you need to add the REQUEST_INSTALL_PACKAGES permission, as shown in the following code snippet:

<manifest>
    <uses-permission
        android:name="android.permission.REQUEST_INSTALL_PACKAGES" />
    <application>
      ...
    </application>
</manifest>

Only apps that use this permission can appear in the Install unknown apps system settings screen. For more information, see the Android Studio publishing guide to learn how to install unknown apps.

Normal and Dangerous Permissions

System permissions are divided into several protection levels. The two most important protection levels to know about are normal and dangerous permissions:

Permission groups

All dangerous Android system permissions belong to permission groups. If the device is running Android 6.0 (API level 23) and the app's targetSdkVersion is 23 or higher, the following system behavior applies when your app requests a dangerous permission:

Caution: Future versions of the Android SDK might move a particular permission from one group to another. Therefore, don't base your app's logic on the structure of these permission groups.

For example, if your app requests the READ_CONTACTS permission, then the WRITE_CONTACTS permission, you shouldn't assume that the system can automatically grant the WRITE_CONTACTS permission, even though it's in the same permission group as READ_CONTACTS as of Android 8.0 (API level 26).

Any permission can belong to a permission group, including normal permissions and permissions defined by your app. However, a permission's group only affects the user experience if the permission is dangerous. You can ignore the permission group for normal permissions.

If the device is running Android 5.1 (API level 22) or lower, or the app's targetSdkVersion is 22 or lower, the system asks the user to grant the permissions at install time. Once again, the system just tells the user what permission groups the app needs, not the individual permissions.

Table 1. Dangerous permissions and permission groups.

Permission Group Permissions
CALENDAR
CAMERA
CONTACTS
LOCATION
MICROPHONE
PHONE
SENSORS
SMS
STORAGE

Continue reading about:

Permissions that Imply Feature Requirements
Information about how requesting some permissions will implicitly restrict your app to devices that include the corresponding hardware or software feature.
<uses-permission>
API reference for the manifest tag that declares your app's required system permissions.
Manifest.permission
API reference for all system permissions.

You might also be interested in:

Device Compatibility
Information about Android works on different types of devices and an introduction to how you can optimize your app for each device or restrict your app's availability to different devices.
Android Security Overview
A detailed discussion about the Android platform's security model.
Defining Permissions
Describes how an app can define its own custom permissions, enabling it to share its information and functionality with other apps.
This site uses cookies to store your preferences for site-specific language and display options.

Get the latest Android developer news and tips that will help you find success on Google Play.

* Required Fields

Hooray!

Follow Google Developers on WeChat

Browse this site in ?

You requested a page in , but your language preference for this site is .

Would you like to change your language preference and browse this site in ? If you want to change your language preference later, use the language menu at the bottom of each page.

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.

Take a short survey?
Help us improve the Android developer experience. (Dec 2017 Android Platform & Tools Survey)