With Android 6.0 Marshmallow, permissions have moved from an up-front approval model to a runtime model.
This is great for users, as they now have fine-grained control over what information apps can access, but it introduces new challenges when designing interactions that involve those permissions.
First, let’s take a look at the experience downloading an app fresh from the Google Play Store.
Here’s what the user experiences on Marshmallow (the dialog is only shown the first time a user installs an app post-upgrade):
There’s less friction during install since users don’t need to guess why the app might need access to the Phone permission in some situation.
To illustrate how the new permission model works on Marshmallow, let’s walk through an example in the Facebook app. Imagine we want to share a picture. Let’s tap the “Photo” button.
The user is immediately shown this system dialog which formally asks for permission to access the device’s storage.
Tapping “ALLOW” will let the user proceed to select a photo. Tapping “DENY” does not allow the app access and makes subsequent requests more complicated as we’ll see shortly.
The “Second Ask”
In an attempt to avoid an app constantly popping the system dialog, Marshmallow surfaces a “Never ask again” checkbox on subsequent “official” requests for a given permission.
A poorly designed app might let the user get to this state too quickly without providing additional context why the permission is required.
If that happens, it’s unlikely an average user will be able to reactivate the permission, as it’s hidden behind the “Permissions” screen for that app in settings:
Ask Before You Ask
In the situation where a user declines the first official request for a permission, Facebook explains to the user why it’s needed before invoking the second official request.
Overall, there are some interesting nuances to requesting permissions with the new model introduced in Marshmallow. Here’s a final diagram attempting to document the possible flows.
As you can see, there are progressively more steps the user must complete the longer the permission is withheld.
Brenden Mulligan wrote a fantastic reference in the art of asking for permissions on iOS.
- Requesting Permissions at Run Time (Google Training)
- Google Code Sample (GitHub project)
- Google Play Services and Runtime Permissions (Google Developer Guide)
Disclaimer: I have no affiliation with Facebook, I choose it as a case study since it’s a very popular app that handles the corner cases nicely.