Android is ever evolving in its quest to protect users’ privacy. In Android 12, the platform increases transparency by introducing Privacy Dashboard, which gives users a simple and clear timeline view of the apps that have accessed location, microphone and camera within the past 24 hours. Users can determine exactly when the access occurred, and they have the option to revoke permission for apps.
How this affects developers:
Now that users have an easier way to see what permissions are being used by the apps on their device, all developers should review their code and understand data access needs, including those in third-party SDKs, and make sure all accesses have justifiable use cases. You can track the data being used with the data access auditing APIs and also share more context about your app’s data usage with the new permission intent API in Android 12.
Data access auditing APIs
Android provides Data access auditing APIs so you can more easily track the data accesses in your app. This feature allows you to associate private data access with specific use cases in your app, such as “order coffee” or “share with friends.” This allows you to track expected and unexpected data access. This API allows your app to use AppOpsManager. OnOpNotedCallback, which can perform actions within the callback every time your app accesses private data, or each time that code in a library accesses private data.
You can learn more about the Data Access Auditing APIs in the documentation or in the sample.
Permission intent
When you do need to ask for a permission, the permission intent API allows you to present a rationale to users to justify why your app accesses location, camera, or microphone information. You can present the additional rationale either on the Privacy Dashboard screen or on your app’s permissions screen. For example, your app may need access to the camera for two features, such as scanning barcodes and taking photos of meals. By using the permission intent API, you can specify the use case for every location access in the Privacy Dashboard.
To implement the intent for Privacy Dashboard, your package needs to define an activity with an intent filter for android.intent.action.VIEW_PERMISSION_USAGE_FOR_PERIOD
and has the android.permission.START_VIEW_PERMISSION_USAGE
permission.
To implement the intent for Permissions Settings, your package needs to define an activity with an intent filter for android.intent.action.VIEW_PERMISSION_USAGE
and has the android.permission.START_VIEW_PERMISSION_USAGE
permission.
For either of these, if your app targets Android 12 or higher, you must explicitly define a value for the android:exported attribute.
In conclusion
Privacy Dashboard protects user’s privacy by providing transparency. Developers can utilize the Data Access Auditing APIs to track data access to their app and the Permission Intent API to present justification to users.
Comments are closed.