Android Marshmallow (M) introduced Android 6.0 SDK which includes the final version of the API Level 23. This version introduces a number of changes over the previous. API 23 focuses on protecting the system integrity and user privacy. This means all app runs in a limited access sandbox. Whenever the app wants to use resources outside the sandbox, the app has to request for permission. Depending on the type of permission (normal and dangerous) the app requests, the system may grant the permission automatically, or the system may ask the user to grant the permission.
For example, if your app requests permission to turn on the device camera, contact, GPS, Gallery and the rest, the system asks the user to approve that permission. But app wants to open flash light, internet, Wi-Fi and so on, the system grants that permission automatically. The user can revoke the permissions at any time, by going to the app’s Settings screen.
Normal and Dangerous Permissions
Normal permissions do not directly risk the user’s privacy. If your app lists a normal permission in its manifest, the system grants the permission automatically.
Dangerous permissions can give the app access to the user’s confidential data. If you list a dangerous permission, the user has to explicitly give approval to your app. It also provides the user more control over the app’s functionality.
Users grant permissions to apps while the app is running, not when they install the app. Since the user does not need to grant permissions when they install or update the app.
Both the normal and the dangerous permissions it needs in its app manifest.
| Permission Group | Permissions |
| CALENDAR |
|
| CAMERA |
|
| CONTACTS |
|
| LOCATION |
|
| MICROPHONE |
|
| PHONE |
|
| SENSORS |
|
| SMS |
|
| STORAGE |
|
Add Permissions to the Manifest
The system behavior depends on how sensitive is the permission. If the permission does not affect user privacy the system grants automatically. If the app needs permission for sensitive user information, the system asks the user to approve the request.
To declare that your app needs permission, put a <uses-permission> element in your app manifest, as a child of the top-level <manifest> element.
For example, an app that needs to access camera would have this line in the manifest:
<manifest xmlns:android=”http://schemas.android.com/apk/res/android” package=”com.example.snazzyapp”><uses-permission android:name=”android.permission.CAMERA”/><application …>…</application></manifest>
API 23 working in Android 6.0 and others
If the dangerous permission is listed in your manifest, android device running on 5.1 or lower version the user has to grant the permission at the time of app installing. if they do not grant the permission, the SDK is 22 or lower system does not install the app at all.
If the Android 6.0 or higher running device, each dangerous permission will request when it needs while the app is running. If the app targeted SDK is 23 or higher, User can grant or deny each permission and app can continue to run with limited capabilities even if the user denies a permission request.
Check for Permissions
Every time your app needs a dangerous permission, it checks before performing that operation. The user can revoke the permission any time. That is, last day app used the camera or gallery, but it can’t be assume it still has that permission today.
To check that permission, call the ContextCompat.checkSelfPermission() method. For example, this snippet shows how to check if the activity has permission to open camera:
// Assume thisActivity is the current activity
int permissionCheck = ContextCompat.checkSelfPermission(thisActivity,
Manifest.permission.CAMERA);
If the app has the permission, the method returns Package Manager. PERMISSION_GRANTED, and the app can proceed with the operation. If the app does not have the permission, the method returns PERMISSION_DENIED, and the app has to explicitly ask the user for permission.