Android O and the app permissions system: a complete guide, risks, and key settings

  • Android organizes permissions into installation, runtime, and special permissions; review them by app and type from Settings.
  • Enable automatic revocation in unused apps and use global switches to block camera and microphone.
  • Monitor special permissions (Accessibility, Administrator, Overlay, Files, Multimedia, Unknown Sources).
  • Grant only what is necessary, at the right time and with a clear explanation; be suspicious if the use is not justified.
RocĂ­o G. RubioUpdated on

7 minutes

Android app permissions

Android does not stop growing and is already the most used operating system worldwide. Android Nougat continues its expansion thanks to the market launch of the new high-end of each brand and the updates of other models. Meanwhile, Android O finalizes its details for its release on the market, although there are still months.

Although it has not yet been officially released, we already know many of the details that will come with the big update of Google's operating system. Android O is still a ways off, and it will probably be the Pixel 2 that debuts the operating system. There's still a long time to go, but we continue to learn new details. The latest has to do with the new SMS authentication system of some of the applications.

On many occasions, when you install an application on the phone, it asks you to authenticate a code that arrives via SMS. We have seen it, for example, when installing WhatsApp. But it is not the only one. In order to read the code that arrives by SMS and scan it, these applications ask for permissions to read the SMS. Now, with Android O, a new API would be implemented that would allow this type of application to read the code that arrives by SMS to confirm without having to grant them read permission In general, the app will only read the received code in messages. Only in specific cases will the application be able to read the code. You can find out how to do this in [link to relevant section]. how to manage permissions If you want to check these accesses on your device.

It is not an improvement that users are going to make too many parties to since it does not mean a great change in the day to day. Nevertheless, It is important to monitor app permissions because it will improve security and make our data and our phone more protected. To learn how monitor application permissions There are guides and tools that help detect misuse.

Android O

New permissions in Android

We know other functions or features that Android O will come with. The new operating system will improve the battery life of our phones. thanks to the fact that it will better manage the applications in the background and will make them not consume battery if we are not using them. It will also allow, for example, the PIP mode that will allow us to play a video while running another application at the same time. What will allow us to do tasks while we continue to watch a video, whatever type it may be.

There will also be improvements in notifications, that can be grouped by channels, muted for a specified time or organized more efficiently. Notifications could also turn off on their own if they are no longer useful. Something especially striking when it comes to game promotion notices, limited-time restaurant offers, etc.

Permissions in Android: how they work and how to manage them

Manage app permissions

Android bases its security on a system of permissions and the prevention of excessive access; there are three main categories: installation permissions (normal and signing), runtime permissions y special permitsInstallation permissions are granted automatically when you install the app if its impact is minimal; runtime permissions require that accept a system dialogue when the app needs them; special ones protect particularly sensitive operations (for example, drawing on top of other apps). You can read more about why many apps ask for so many permissions and how to interpret it.

Additionally, Android organizes some permissions into logical groups (such as SMS or Contacts) to reduce the number of dialogues, although these groups can change and it is not advisable to assume fixed relationships between them.

To change permissions for a specific app: Settings> Applications > Choose the app > Permissions and select from options such as Allow, Do not allow, Only while in use o always ask (This last one is valid until you close the app). In permissions such as location "All the time" access may exist. If you want to revoke access, see how. remove application permissions on your mobile.

To review by permit type: Settings > Security and privacy > Privacy > Permissions manager > Choose a permission (e.g., Camera) and you'll see which apps use it. Tap each app to adjust its access.

Android also incorporates features that strengthen control: automatic revocation of permissions for unused apps (Settings > Apps > choose the app > enable Pause activity when not in use) and global switches to disable access to the camera or microphone from Settings > Security and privacy > Privacy > Privacy controls. The possibility of automatically grant or deny permissions This control is facilitated.

What permits exist and what do they entail?

Security and permissions in Android

These are common permissions and what they can do when granted: Calendar (reads/creates events), Call logs (consult and write the history), Camera (photos and video), Contacts (access your calendar), Archives (reading files from the device), Health and fitness or “body sensors” (activity and constant data), Location (approximate and precise), Microphone (records audio), Music & Audio (access to audio files), Nearby devices (search/connect with nearby devices), Notifications (send notices), Phone Number (manages calls), Photos and videos (access to the gallery), Physical activity y SMS (sending and reading messages). You can expand the explanation about the different types of permissions and their scope.

For high-impact permissions such as camera or microphone, the system shows indicators and makes it easier to explain why they are requested. If you see two consecutive applicationsNormally, the first is an informational notice from the app, and the second is the official Android dialog box. actually grants or denies the permit.

Special permits to be closely monitored

Special permissions on Android

  • Accessibility: essential for advanced assistance, but allows an app See what appears on the screen and act for youIn the wrong hands, it can facilitate password theft or device control. Only activate it if absolutely necessary.
  • device administrator: enables actions such as block or erase the phone and makes it difficult to uninstall while it's active. Only use it for trusted apps (for example, company policies or locating/wiping your device).
  • Show on other appsIt allows you to overlap windows. It's useful for bubbles or floating windows, but it could be used for... capture touches or simulate formsAvoid it if it's not justified.
  • Access to todos los archivos: Grants read/modification of most shared files on the device. This only makes sense in file managers, backups, antivirus, or encryptionBe suspicious if another app asks for it.
  • Multimedia management: geared towards apps that need organize, modify or delete photos and videosFind out what they want it for.
  • Installing applications from unknown sourcesThis allows you to start installations outside the store. The process is not automatic, but could induce you to install another app. Deactivate it if you don't need it.

Good practices for users and developers

Good practices for permissions

  • Ask for/grant the bare minimum: only request or accept the permissions essential for the action you are currently performing.
  • Associate permissions with actions: It is best to request permission just when the user presses “record audio” or “take photo”.
  • TransparencyIt clearly explains what data is being used and why; as a user, look for that explanation and revoke if it doesn't fit.
  • Check dependenciesThird-party libraries may have permission requirements. Check what each SDK adds.
  • Access indicatorsIf the system doesn't display them, the apps should offer them. visible signs when they use a camera or microphone.

A useful tip: if you're going to install an app, you can check its information to see what permissions it will request, and if you get it in APK format, use analyzers to Check permissions before installing. Furthermore, the Privacy Dashboard Android shows which permissions have been recently used so you can detect anomalous behavior.

Android O not only brought improvements like Picture-in-Picture, notification channels, and limits on background usage; it also marked a turning point in How apps request and use permissionsWith APIs like SMS verification that don't have full access to your messages and with increasingly granular controls for the user, if you regularly review permissions by app and type, enable automatic revocation, and are wary of special permissions that aren't fully justified, You maximize your security without sacrificing the features you really need..

types of permissions apps android-6
Related article:
Types of app permissions on Android