ras-slava - Fotolia


How Android app permissions work in Marshmallow

The latest Android operating system, Marshmallow, improves the mobile user experience -- and IT security -- by providing more granular control over app permissions.

The revamped Android application permissions approach is Google's response to the need for mobile security, which...

is at an all-time high.

Prior to the release of Android 6.0 Marshmallow, end users had zero control over app permissions, without rooting a device and installing third-party software. So, when a certain app wanted permission to access a user's network, contacts and SMS messages, there was no choice but to grant it all. Users complained about this all-or-nothing approach.

Now, Android 6.0 Marshmallow app permissions put control in the hands of the users, but that level of control comes with responsibilities they haven't had, so they must work wisely with Android app permissions.

How to access Android app permissions settings

Unlike previous releases of Android, Marshmallow lets users define which services an app can access. There is a slight danger with this approach, because now, users can gain access to critical system services, such as com.android.sharedstoragebackup. And if admins revoke app permissions to storage from com.android.sharedstoragebackup, it could break a number of systems on users' devices.

Thankfully, Android developers have slightly obfuscated system permissions from users. On the surface, it's all about changing the permissions of installed apps, and not crucial systems.

The important piece of this puzzle is that the end user has control over which services can be accessed. Android takes a slightly different approach to this than the competition. Instead of going into each app and managing permissions, users actually go into services and switch off the apps they don't want gaining access. The available services are:

  • Body sensors
  • Calendar
  • Camera
  • Contacts
  • Location
  • Microphone
  • Phone
  • SMS
  • Storage
  • Additional permissions

Tap on one of those services and see a listing of every app that can access it. If there's an app users don't want accessing that service, they can disable it by tapping the Enable/Disable slider.

The limitations of Android app permissions

The developers of Android want the user to have to know where to go and what they're doing to alter the apps' permissions.

As you might have guessed, users cannot simply open up an app -- in Settings > Apps -- and then disable permissions on a wholesale level, nor will they get a more in-depth explanation of how an app is going to use the permissions during installation. In fact, in most cases, the permissions listing of an app -- during install -- will look very familiar.

It's clear that the developers of Android want the user to have to know where to go and what they're doing to alter apps' permissions. From a design and development perspective, that's a smart move -- otherwise, they run the risk of users randomly disabling permissions and, thus, breaking apps during installation.

How app permissions work

Managing Android apps permissions is actually quite simple. Go to System > Apps. From the Apps window, tap the gear icon, and then tap App Permissions. In the new window, locate and tap the service you want to manage.

Say, for example, you want to prevent the Facebook app from gaining access to SMS messages. To do this, tap on SMS -- from within the App Permissions window -- locate Facebook, and tap the slider to disable it.

If, for whatever reason, you do need to manage system permissions, you can:

  1. Open up App Permissions.
  2. Locate and tap the system you want to manage.
  3. Tap the menu button -- three vertical dots in the upper right corner.
  4. Tap Show System.

The above steps will temporarily unhide the system apps that access that particular service. Use this feature with caution, because it could, theoretically, cause systemic failure, which could require a device reset. Unless you really know what you're doing, limit yourself to nonsystem app permissions.

What the new Android app permissions mean for users

Ever since the viral scare about Facebook using Android device microphones to spy on everyone, users have been clamoring to gain granular control over app permissions to disable the mic and keep Facebook from accessing it. The caveat is, most users don't fully understand how the permissions work. For instance, the reason why the Facebook Messenger app needed access to the device mic was to allow users to do speech to text for messages. Facebook wasn't, in fact, spying. So, users must understand that disabling mic permissions for an app such as Messenger means they won't be able to use the speech to text feature in that app.

If you do need to limit permissions on an app, however, you now have the ability to do just that. I would highly recommend that you do so with caution.

Next Steps

Android's enterprise features have room for improvement

Top four tips for better Android security

How to balance user needs and mobile security concerns

Dig Deeper on Google Android operating system and devices