paint-brush
The Android Heretic, Issue 1: Runtime Permissions Suck!by@sebastian212000
878 reads
878 reads

The Android Heretic, Issue 1: Runtime Permissions Suck!

by Antonis TsagarisFebruary 14th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

<em>“The Android Heretic” is a new series in which I’ll discuss things that piss me off about Android and Android development. They won’t be your usual “the Camera API sucks” type of posts. Instead, I’ll rail against some holy cows of the Android world.</em>

Companies Mentioned

Mention Thumbnail
Mention Thumbnail

Coin Mentioned

Mention Thumbnail
featured image - The Android Heretic, Issue 1: Runtime Permissions Suck!
Antonis Tsagaris HackerNoon profile picture

My expression when I first heard about Marshmallow’s runtime permissions. I then threw the book against a wall and it broke. True story.

A series of karma-obliterating posts

“The Android Heretic” is a new series in which I’ll discuss things that piss me off about Android and Android development. They won’t be your usual “the Camera API sucks” type of posts. Instead, I’ll rail against some holy cows of the Android world.

Now, under normal circumstances these posts would ruin the credibility of any Android developer but since I have no credibility to begin with, that won’t be a problem.

2009: “Modal dialogs suck, lol”

Hey, remember how we Android fanboys used to make fun of the iPhone back in 2009? How quaint it seemed that, whenever someone received a message, they’d get a workflow-stopping pop-up on their screen?

That wasn’t the case for us Android lovers: we’d get a nice, discreet notification in our notification drop-down with a preview of the message displayed in the ticker (and since we’re here: damn you, person that decided to remove the ticker — DAMN YOU TO HELL!)

Do you also want me to remind you of Windows Vista’s User Account Control (UAC) which, at the time, everybody agreed was the offspring of Satan and Shub-Niggurath, The Black Goat of the Woods with a Thousand Young?

UAC’s mom and her thousand young. What a whore.

Well, guess what? With the introduction of runtime permissions in Android Marshmallow, Android users would start getting a taste of that too. But this time they’d like it because Google said so.

2016: “OMG, modal permission dialogs rock!”

Whenever I mention my dislike of runtime permissions, I get ganged up on: “The user finally has a choice! They can accept or deny permissions granularly. Are you insane? Are you a communist?”

While I can’t deny that this permission model makes sense on some level, I think that Google (which essentially copied Apple’s permission model in all its horribleness) could have done much better.

So, why do I hate this model? Because on the developer’s side, it’s a mess. On the user’s side, it’s annoying and workflow-stopping.

Implementing Runtime Permissions or: The Eighth Circle of Hell

Implementing runtime permissions forces the developer to add the code for granting (and checking if the permission has already been granted) in their Activities. At a time when everybody is trying to make their Activity classes lighter (with the help of Architecture Components by Google itself), how does this make any sense?

It also doesn’t help that the API contains method names that are longer than the German word for a Welsh village.

ActivityCompat.**shouldShowRequestPermissionRationale()** ?

Seriously?

And how about those suggested ‘graceful degradation’ guidelines in which the app should still work, even if the user denies some permissions?

Apparently, developers should also concern themselves with making sure that the app stays functional, even if some permissions are granted and some denied. Have fun writing that spaghetti code.

“But… but… Antonis. There are third-party libraries that make dealing with permissions much easier!”

Of course: the sign of a masterfully-crafted first-party API is the need for third-party libraries to make it usable.

Stop what you’re doing, I forgot to ask you before!

As a user, runtime permissions can also get really annoying, really fast.

Imagine installing that new shiny camera app and, suddenly, coming across a deer eating a wolf. Or a cat chasing a dog. Or Trump treating a woman with respect. You want to take that photo right there and then! So you press the shutter button and SURPRISE MOTHERFUCKER!

App name redacted under instructions from Shub-Niggurath

The moment has passed.

The deer is back to pretending that it is not evil incarnate. The dog has gotten away and Donald is back to grabbing vaginas willy-nilly.

You could argue that this is the developer’s fault: they could have asked for the permission earlier. But earlier when? On app launch? What sort of user experience is that? And what if the user hasn’t launched the app prior to this moment anyway?

Another aspect of this that really bothers me is the way the flow of some apps is interrupted in a sudden, almost rude way.

For example, with my app Veterondo (Play Store, Github) I tried to make a stylish, minimalistic weather app. You get an animated intro the first time you open the app and then a second activity which shows the actual information.

As much as I wanted to make the app flow smoothly from one screen to the other, I couldn’t: I had to request the location permission somewhere. On app launch, it destroyed the mood (install the app and see: imagine that instead of the opening animation, you first got an intrusive pop-up and then the animation). Same thing between the two screens but I had to compromise.

Not only that but since you can’t style the dialog (which is understandable, at least — it has to look like a system-level thing), the pop-up can look really out of place in apps that try to look distinctive.

So, what’s your solution, smart guy?

Logic says that I don’t have to come up with a better solution to be allowed to criticize Google’s approach. However, here are some solutions off the top of my head

  • Allow the user to choose between granting all required permissions upon installation or a grant-as-you-go model for masochists
  • Instead of showing a goddamn pop-up, how about you show an ongoing notification to the user that says “[enter app name here] is currently recording audio” if you’re concerned that the app will start doing something on the down-low? Not that I don’t hate ongoing notifications, mind you, but you’re not beneath doing it for background processes. Extra sauce: make it an actionable notification and let the user disable the behavior from the notification. You’re welcome.
  • Open a floating terminal window and have the user type

sudo grant PERMISSION_NAME

It’ll still be pretty fucking annoying but at least then they’ll feel like a hacker.

Or you know what? Maybe Google’s army of engineers and UX experts could solve this in a much better way than a guy typing nonsense on Medium in his spare time. Just saying.