Your Android app doesn’t need that many permissions

Android system permissions can be a bit confusing from a user's perspective. Sometimes you may only need to do something simple (edit a contact's information), but you apply for permissions that far exceed what your app needs (such as permission to access all contact information).

It is hard not to make users wary of you. If your app is closed source, users have no way to verify whether your app is uploading his contact information to the app server. Even if you explain to users why you are applying for this permission, they may not believe you. So when I developed Android apps in the past, I avoided using some tricks because it would require additional permissions and users would not trust you.

After practicing for a while, I have come to realize that you don't necessarily need to apply for permissions to complete certain operations.

For example, there is a permission in Android: android.permission.CALL_PHONE. You need this permission to call the dialer from your app, right? The following code is how you make a call, right?

 Intent intent = new Intent(Intent.ACTION_CALL);
 intent.setData(Uri.parse( "1234567890" ))
 startActivity(intent);

Wrong! This permission allows your phone to make calls without user input! This means that if my app uses this permission, I can make harassing calls at 3 a.m. every day without your knowledge.

In fact, the correct way to do it is this - use ACTION_VIEW or ACTION_DIAL:

 Intent intent = new Intent(Intent.ACTION_DIAL);
 intent.setData(Uri.parse( "1234567890" ))
 startActivity(intent);

The appeal of this solution is that your application does not need to apply for permissions. Why not? Because the Intent you use will start the dialer and pre-dial the number you set. Compared with the previous solution, the user still needs to click "Dial" to make a call. Without the user's participation, the call cannot be made. To be honest, this makes me feel good. Nowadays, many applications request permissions that make people feel overwhelmed.

Another example: I wrote an app called Quick Map for my wife, which was primarily a response to her complaints about existing navigation apps. She just wanted a list of her contacts and a route to where they were.

Seeing this, you may think that I need to apply for access to all contact information to complete this application: Hahaha, you are wrong again! If you read my source code, you will know that I actually used the ACTION_PICK Intent to start the relevant application to obtain the contact address:

 Intent intent = new Intent(Intent.ACTION_PICK);
 intent.setType(StructuredPostal.CONTENT_TYPE);
 startActivityForResult(intent, 1 );

This means that my app does not need to apply for permissions, and does not require additional UI. This greatly improves the user experience of the app.

In my opinion, one of the coolest parts of Android is its Intent system. Because Intent means I don't need to implement everything myself. Each application will register with Android the data area it is good at handling, such as phone numbers, text messages or contact information. If an application needs to solve everything, then the application will become very bloated.

Another advantage of the Android system is that I can use the permissions requested by other applications, so my application does not need to apply again. The above two points in the Android system can make your application simpler. The dialer needs permissions to make calls, but I only need an intent to make a call, which does not require permissions. Because users trust the dialer that comes with Android, but do not trust my application, this is good.

The point of writing this blog is that before you apply for permissions, you should at least read the official documentation about Intent to see if you can complete your operation through other applications. If you want to know more in depth, you can study this official document about permissions, which introduces more detailed permissions.

In short, using fewer permissions not only allows you to gain more user trust, but also provides users with a good user experience.

source:Dan Lew I don't need your permission!