App permissions a necessary evil..?
Long gone are the days when app permissions where a thing developers only needed to worry about once. Ever since the introduction of Android 6.0 marshmallow it has become a part of the flow in most apps or games. Not just a question to be asked at the moment of install.
And where it once used to be a thing users only had to take a stand to when installing an app, it’s now come to the point where at any twist or turn you could be faced with a dangerous sounding question. Do you want to give this app access to your contacts ? or do you want to give this app access to your camera ? and so on.
What is a permission?
This is how Android regulates which apps gets access to different resources on a device. If an app does not have permission to the device storage that app can not access the data stored on your device. If it does not have access to your contacts, well then there is no way for that app to set a ringtone for your contact.
Why is it so complicated?
It really isn’t, but it used to be a lot simpler. Before Android version 6.0 marshmallow you would be presented with a list of permissions an app needed to function when you installed it. If you didn’t like it your only other option would be to not install it and leave a comment on some forum on how this or that app steals all your personal information if you install it.
These days apps targeting Android 6.0 and above has two ways of asking for permissions. One of them is like it used to be before. At install you get a list of permissions the app needs to work. This should according to developer guidelines only ask permissions absolutely needed for the app to function.
We can imagine as an example a camera app will not be much use to anyone without access to the device's camera so in this case it should ask said permission at install.
But if the app also offers a way for the user to geotag his images this may not be as essential for the app to function and should therefore ask the permission to access the user's location when the users chooses to geotag his hers images.
I think the reasoning behind this is that the user would now understand why the app needs access to a particular resource on the device when the permission is asked in context to what the user is trying to do in the app.
So why is it still so hard to understand?
I think the question is quite hard to answer and I Certainly do not claim to have a definite answer to this.
I think the most important factor to this puzzle is that people simply does not have time or interest in reading through a long list explaining why the different permissions is required.
If you are a developer did you take the time to read through the terms of service when installing Android studio ? If you did good for you, but if you didn’t, why not ? Only you yourself can answer that question. I can't tell what your reasons may be but I think they would not differ much from the reasons a app user would list for not read through the details explaining why your app needs a particular permission.
Who do you trust?
A phone is no longer just a phone. A smartphone contains information about most aspects of our lives. We use our phones as a bank, a journal, a photo album, and many many more things. I cannot imagine giving a complete stranger access to my personal photo album or my journal, if I had one. Why should I give a app developer access to all those things.
The reason why I do this over and over again is because I choose to trust that the developer will not misuse the permissions I give. But I really have no way of knowing that.
For all I know all the apps with storage permission on my phone could be uploading every bit of information I ever stored.
So why do I keep installing apps ? I want them, simple as that. And whatsmore I elect to trust that the permissions I grant will not be misused.
How do we handle this?
I guess the best approach is to handle it like Google want’s us to. Just ask the permissions you need for the app to run at install time and prompt the user for all other permissions as we need it.
Alternatively you could do it the way Snapchat does and ask all permissions at install and be done with it. That way you will at least not get those 1 star ratings from people complaining your app does not work after denying necessary permissions. An added bonus to this approach is that it is a lot less work.
On the other hand it can be harder to get someone to install an app when the permissions needed is not obvious to the user.
Why won’t your app work!
No matter how well you handle app permissions there will always be someone leaving you those little sought after 1 star rating because your app does not work. And if you ask a user who emails you about his problems, if he gave the necessary permissions. Be prepared to explain what permissions is and how to enable them for your app. A pretty good indication that the user denied your request for permission and did not read or understand what he denied.
In that respect the old system was much better and created a lot less noise. Since it did not create cases where the user could break the app for not wanting to give permissions.Worst case before Android 6.0 was that users would choose to not install your app.
(Header photo: © User:Denelson83 / Wikimedia Commons / CC-BY-SA-3.0)