Main Website

Best practices for accessing and handling user permissions: Part II for Android apps

Google Play Store rightfully boasts of being the home to the largest number of mobile apps in the world. As of 2021, there are around 3.5 million Android apps available for download on the store.

When compared to iOS, Android apps have more mass appeal and thus are easier to create, manage and use as per many parameters. Thanks to the advent of free Android app makers, it has also become extremely effortless and affordable to create Android apps for any website.

However, building an app is just first of the many steps that you need to take in order to set up your empire in the mCommerce industry. Getting the apps published on the app stores, inspiring users to download it and give it the necessary permissions, are some of the real battles that must be fought strategically.

Additionally, the best practices must be followed as you access and manage the user permission for your apps. In the first part of this blog, we shared some tips for handling user permissions for iOS apps.

Go through the first part to discover the benefits of collecting user data through app permissions and more. You can read it by clicking on the link given below.

Also Read: Best practices for accessing and handling user permissions: Part I for iOS apps

As promised, now we are here with the second part of the blog. In this part, you can learn all about the best practices for accessing user permissions for Android apps. So, let us get started!

How user permissions function in the Android universe

The basics of user permissions remain the same for any operating system. Even though Android and iOS differ from each other in terms of their approach towards accessing and handling user permissions, they are similar in their goals of ensuring user privacy and better data-handling.

In fact, we recommend that you begin by reading the first part of our blog that discusses the importance of user permissions, and then hop on this one.

User permissions can help an app achieve many intended goals and also ensure a secure and trustworthy experience for users. It gives users control over what they share with the app and also helps them understand how the requested data is being used.

The full list of user permissions for Android and their string syntax can be discovered here: List of all Android permissions. Here, you can also discover the various types of permissions and their segmentation that we have also discussed in the sections below.

Evolution of the user permission scenario for Android

The user permission scenario has been constantly evolving for Android. With time, Android has moved to a user-centric approach and has become more concerned about user privacy and experience. In fact, it has changed dramatically over the years.

Getting user permissions was actually much simpler before Marshmallow (13th version of Android) was released. All permissions were handled at the time of install. When users tried to install an app from the Google Play Store, they were presented with a list of permissions.

Users had the option to either grant all the permissions and continue to install the app, or not install the app at all. Users were unable to give specific permissions or revoke given permissions after installing the app. This led to more abandonments and affected the app owners and users negatively.

However, things changed mightily with the release of Marshmallow that introduced the runtime permissions model. As a result, the permissions are no longer requested at the time of install but at the time of usage. Users can give or deny the permission upon launching the app, and also revoke the permission whenever they want.

Basically, they are presented with the options to allow access, deny access, or allow access to a certain resource only while the app is running. As discussed in iOS, app owners can customize the labels of these options without changing the gist and replace “Deny” with “Ask Later”, to avoid an instant denial, and keep their chances intact even if the user denies permission at first.

App developers, owners and publishers must be aware of Google’s guidelines and policies and align their business decisions and app infrastructure with the same. The users’ privacy and experience must be considered and respected when dealing with user permissions and data collection.

Suggested Read: APKs vs AABs – What is the difference between the two Android files?

Types of permissions requested in Android

Based on the time or nature of request, level of security and the scope of the access requested, user permissions for Android apps can be segmented into several categories. The different categories or types of permissions are as discussed below:

#1: Install-time permissions

As the name suggests, install-time permissions are automatically granted by the system when a user installs an app and accesses it for the first time. It gives limited access to restricted data.

The install-time permission notice is displayed to the users when they view an app’s details page on the app store itself. Normal permissions and signature permissions can be classified as the sub category of install-time permissions and can be defined as follows:

a: Normal permissions

Normal permissions allow apps to access data that pose very little or no risk to the user’s privacy. However, the data and actions present very little risk to the user’s privacy, and the operation of other apps.

For example, if an app needs access to date and time, then the user need not be asked for permission and the data can be collected without any violation of the user’s privacy. You can checkout the list of Android permissions shared above to know which permissions fall under the ‘normal’ category.

b: Signature permissions

Signature permissions are granted by an Android device at the time of installation. However, this happens only under certain suitable conditions. In order to get the permissions, the app requesting it must be signed with the same signature as that of the app that defines the required permission.

#2: Runtime permissions

Runtime permissions, also known as dangerous permissions, involve access to critical user data.  This may include access to potentially sensitive data like location, phone book, contact information, or more.

Runtime permissions must be explicitly asked by apps in clear words. An alert or a dialog box can be used to ask for the required permission. Also, it is recommended that you request runtime permission when the user triggers an activity that requires access to critical data that falls under this category.

#3: Special permissions

Special permissions are permissions defined by the platform and OEMs (Original Equipment Manufacturer or the companies that manufacture the phones). These correspond to specific app operations and are requested accordingly.

It is mandatory to declare such permissions in the AndroidManifest.xml file and then send a request to the user for authorization. For instance, a request to overwrite data or edit it may fall in the special permissions category.

Suggested Read: Creating videos for App Store and Play Store listings: The complete guide

Best practices for asking user permission for Android apps

Now that you know so much about requesting user permissions in the Android world, it is time to discover the strategies to implement your knowledge. Follow the tips listed below and make your user permission requests completely professional and inspiring:

Learn about the libraries

It is important that you precisely know about the permissions you need and ask only for these. For this, you may need to have some information about the libraries used in your app as it can determine the type of data or permission you require for the app to function smoothly.

If possible, use SDKs (Software Development Kits) that do not request unnecessary permissions. Else, your app will prompt request for the same. Do not forget to use suitable signals before you make the requests. For example, if the request is critical but unclear, you can add a customized screen to explain to the user why the permission is being requested.

Give more context to users

Explain to your users why the permission is being requested by your app. You can add a few screens before the call for the permission is prompted and use this space to explain how granting the permission is going to make their journey better.

Do not be vague or use ambiguous sentences like “Allow XYZ to access location for better experience”. Instead, use a clear and specific message like “Allow XYZ to access location for recommending the stores nearby”. You can also include a continuous indication and show it on the users’ device while the app is running and using the data.

Optimize the number of requests

Apps that have poor classifications of request, ask for too many permissions, or bombard users with requests, can get immediately uninstalled. Therefore, it is important that you optimize the number of permissions that you are requesting and be reasonable. Group your permissions cautiously in order to avoid total rejection.

The best approach would be to wait for the user to trigger a request. Ask for permission to certain feature or data when it is needed to complete the activity or request initiated by the user. The chances of getting the permission at this point will highly increase if you follow the right approach.

Prepare to handle rejections

With new and advanced Android versions, users have more control over what they want to share and how they want to share with an app. Therefore, be prepared to handle rejections and overcome challenges. You can focus on gaining your user’s trust and ask for the permission at a later time even if they reject it at first.

You can also make use of Google’s permission evaluation guide and use alternatives instead of requesting permissions explicitly. Also use analytics to see what permissions users are denying the most, try to find the reason behind it and work on it. 

That was all about accessing permissions for Android apps! If you are overwhelmed by all the information and are confused about taking a step further, then shed your worries now. Go ahead and create your app on AppMySite and manage user permissions easily.

Just declare the permissions you need by turning the toggle on and enter the message you want to be displayed. That’s it! It is simpler than it sounds. You can subscribe to AppMySite for free and find out for yourself!

Suggested Read: How to use the Google Play Console internal testing feature and launch the perfect apps

Need a feature-rich Android app? Try AppMySite for free!

mobile app access

Need a makeover for your existing Android app or planning to build a new app? Try AppMySite’s website to APK converter for free and fulfil your goals with minimum effort. Here, you can build premium Android and iOS apps without writing a single line of code.

Anyone with a website can create, customize, and preview their apps on AppMySite without investing a dime. You only need to pay when you are ready to publish your app builds to the app stores.

Here, you can design the layout and appearance of the app and also point to add specific features based on your app and industry type. For instance, you can add blogs, products, design the menu, manage categories, and do a lot more.

Additionally, you can also enable features like push notifications, monetization, social integration, and login, and more. The list is endless! So, what are you waiting for? Go ahead and build your own Android app for your business. Check out our blog suggested below and get all the help required! Get, set and app your way to success!

Suggested Read: How to make an android app that links to a website?

Related Articles