Over a million developers have joined DZone.

Android Permissions Explained

DZone's Guide to

Android Permissions Explained

· Java Zone ·
Free Resource

Download Microservices for Java Developers: A hands-on introduction to frameworks and containers. Brought to you in partnership with Red Hat.

Mobile by Rob Lauer

When you develop an Android app, your users will justifiably be concerned if your app requests access to a myriad of device features and personal information. You are risking decreased app installations and increased suspicions of your app’s motives if you ask your users for personal data, contacts, access to their phone, SMS messages, and so on. In this article I hope to pull back the curtains on Android permissions and help you develop and distribute your apps more efficiently, without raising the ire of your customers.

Android Permissions and What They Really Mean

There are a lot of permissions to sort through on the Android platform. Did I say a lot, because I mean: A LOT. In the interest of space and time, I’ve provided you a handy chart you may use to look up any Android permission along with a plain English description of what that permission really means:

Permissions to Avoid

this may cost you money

Now that you know what all of the permissions mean, you should next focus on limiting your exposure to certain ones. As a rule of thumb, you should only request a permission that your app literally NEEDS to run properly. At the same time, you should by all means avoid requesting the following permissions – as these are major red flags when it comes to securing your end user’s privacy:

  • CALL_PHONE: Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
  • RECEIVE_SMS: Allows an application to monitor incoming SMS messages, to record or perform processing on them.
  • SEND_SMS: Allows an application to send SMS messages.
  • READ_CONTACTS: Allows an application to read the user’s contacts data.
  • ACCESS_FINE_LOCATION: Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi.

Basically any permission that brings up the dreaded “this may cost you money” notification, you’ll want to avoid if at all possible.


Now we get to the important part for those of you who develop hybrid mobile apps with Cordova/PhoneGap. Say you’ve gone through and eliminated as many Android permissions as you possibly can. However, when you deploy your app on a device, the app still asks for permissions that you didn’t specify! What is going on here?!

The issue is that certain core Cordova plugins also enable some Android permissions by default. For your convenience, here is another handy list:

Unsure of which core Cordova plugins you need in your mobile app? Check out this guide.

  • Battery: Does not set additional permissions.
  • Camera: Sets the WRITE_EXTERNAL_STORAGE permission.
  • Contacts: Sets the READ_CONTACTSWRITE_CONTACTS, andGET_ACCOUNTS permissions.
  • Device: Does not set additional permissions.
  • Device Motion: Does not set additional permissions.
  • Device Orientation: Sets the ACCESS_COARSE_LOCATION andACCESS_FINE_LOCATION permissions.
  • File: Sets the WRITE_EXTERNAL_STORAGE permission.
  • File Transfer: Sets the WRITE_EXTERNAL_STORAGE permission.
  • Geolocation: Sets the ACCESS_COARSE_LOCATION andACCESS_FINE_LOCATION permissions.
  • Globalization: Does not set additional permissions.
  • InAppBrowser: Does not set additional permissions.
  • Network Information: Sets the ACCESS_NETWORK_STATEpermission.
  • Notification: Does not set additional permissions.
  • SplashScreen – Does not set additional permissions.
  • StatusBar: Does not set additional permissions.
  • Vibration: Sets the VIBRATE permission.

Also, if you are a Telerik AppBuilder user, you may be using one of these plugins:


And yes, of course we make it as easy as possible to manage your Android permissions within all of the AppBuilder clients. With a simple toggle next to each permission (along with a basic description), you can easily maintain permissions for your app:

android permissions in appbuilder

Download Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design. Brought to you in partnership with Red Hat


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}