Mobile by Rob Lauer
When you develop an Android app, your users will justifiably be concerned if your app requests access to a myriad of device features and personal information. You are risking decreased app installations and increased suspicions of your app’s motives if you ask your users for personal data, contacts, access to their phone, SMS messages, and so on. In this article I hope to pull back the curtains on Android permissions and help you develop and distribute your apps more efficiently, without raising the ire of your customers.
Android Permissions and What They Really Mean
There are a lot of permissions to sort through on the Android platform. Did I say a lot, because I mean: A LOT. In the interest of space and time, I’ve provided you a handy chart you may use to look up any Android permission along with a plain English description of what that permission really means:
Permissions to Avoid
Now that you know what all of the permissions mean, you should next focus on limiting your exposure to certain ones. As a rule of thumb, you should only request a permission that your app literally NEEDS to run properly. At the same time, you should by all means avoid requesting the following permissions – as these are major red flags when it comes to securing your end user’s privacy:
CALL_PHONE: Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
RECEIVE_SMS: Allows an application to monitor incoming SMS messages, to record or perform processing on them.
SEND_SMS: Allows an application to send SMS messages.
READ_CONTACTS: Allows an application to read the user’s contacts data.
ACCESS_FINE_LOCATION: Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.
Basically any permission that brings up the dreaded “this may cost you money” notification, you’ll want to avoid if at all possible.
CORDOVA PLUGINS AND RELATED PERMISSIONS
Now we get to the important part for those of you who develop hybrid mobile apps with Cordova/PhoneGap. Say you’ve gone through and eliminated as many Android permissions as you possibly can. However, when you deploy your app on a device, the app still asks for permissions that you didn’t specify! What is going on here?!
The issue is that certain core Cordova plugins also enable some Android permissions by default. For your convenience, here is another handy list:
Unsure of which core Cordova plugins you need in your mobile app? Check out this guide.
- Battery: Does not set additional permissions.
- Camera: Sets the
- Capture: Sets the
- Contacts: Sets the
- Device: Does not set additional permissions.
- Device Motion: Does not set additional permissions.
- Device Orientation: Sets the
- File: Sets the
- File Transfer: Sets the
- Geolocation: Sets the
- Globalization: Does not set additional permissions.
- InAppBrowser: Does not set additional permissions.
- Media: Sets the
- Network Information: Sets the
- Notification: Does not set additional permissions.
- SplashScreen – Does not set additional permissions.
- StatusBar: Does not set additional permissions.
- Vibration: Sets the
Also, if you are a Telerik AppBuilder user, you may be using one of these plugins:
- Telerik Push Notifications: Sets the
- Telerik Analytics: Sets the
- Telerik AppFeedback: Sets the
- Telerik Mobile Testing: Does not set additional permissions.
MANAGING ANDROID PERMISSIONS WITHIN TELERIK APPBUILDER
And yes, of course we make it as easy as possible to manage your Android permissions within all of the AppBuilder clients. With a simple toggle next to each permission (along with a basic description), you can easily maintain permissions for your app: