🎥 Video Link

đź“ť Transcript

Transcript

Please excuse any grammatical errors. I used a tool to generate the transcript and haven’t had a chance to read through it yet.

So today I want to talk about Android app permissions and the reason for that is recently I was on a consultation call with a client. I was helping them figure out some issues they were having with an app. Turns out they had some permissions disabled. They don’t know when it happened but I showed them how to access them, how to work through the issue and they were extremely happy knowing that information.

To me that information seemed basic but after thinking about it I’ve been using Android, specifically Graphene OS, for about five years now. So something that might be basic to me could be extremely helpful to someone just getting started so that’s why I’m going to be going through this today.

I also think the art of troubleshooting and problem solving and just learning in general seems to be disappearing for some reason. If you’re looking to get into tech anytime soon, especially in this AI era or whatever you want to call it, there’s only so much you can memorize and so many things you can read about. But if you know how to troubleshoot and problem solve, you will be a much more valuable candidate.

So to get started, this is my test device I use with clients, so don’t trust as a recommendation any of the apps you see listed here. I was just helping people troubleshoot stuff. But what we’re going to be using today as an example is WhatsApp. I don’t use WhatsApp personally, but WhatsApp requests a lot of permissions, so it’s a great example to use.

So to get started, long press on the app. Go to App Info. Once you come to this screen, the second option down is Permissions, and this is what we’ll be talking about today.

The first one you’re going to see, at least on Graphene OS, is the Sensors Permission. This is allowed by default for all apps, which is why you might see it listed as allowed and wonder why it’s there. One side note, you can disable sensors from being allowed by default. If you go into Settings, Security and Privacy, More Security and Privacy, and then disable the third one down, allow sensors permission to apps by default.

Now when that’s disabled and you install any new apps, this will not apply to existing app installations. The sensor permission or sensors permission will not be granted. Sensors are things like your GPS module or the gyroscope module inside your phone. So if you then have an app that has sensors disabled, then that app cannot access those things.

So the reason this is allowed by default is that on GrapheneOS, this permission is exposed to users. Typical Android, it’s not. So if you do have it disabled, just remember you’ll need to enable it if you have an app that needs to use sensors. Otherwise it won’t work.

So getting back to the permissions, if we take a look, the second one, we have call logs. Call logs is just the log of calls on your device. Some of these permissions are self-explanatory based on the name. Some of them are not. Call logs is one that is.

Some of these permissions, I haven’t actually launched the app and gone through the setup yet, but you will be prompted to allow these when you initially launch the app to sign in. I have not yet, so everything is denied.

The second one down is camera. There’s a couple settings when it comes to camera and microphone as you’ll see. There’s allow while using the app and ask me every time or don’t allow. When it comes to something where you’re going to be video chatting regularly, like in Signal, I’ll leave that set to allow only while using the app instead of ask every time. So that’s the camera permission.

Closely tied to this, I’m just going to show you microphone for now. Again, same options for this.

Now this is where we’re going to get into some troubleshooting. Let’s say that you denied the microphone permission and a couple days later you go inside of WhatsApp to make a phone call. You launch the app. You start making a phone call. The person on the other side cannot hear you.

First thing you should check is the global microphone toggle enabled or disabled or global permission. In this case, in the swipe down menu, it’s disabled. So I would enable that. You also get a prompt on Android if it’s disabled. But again, just going through some troubleshooting steps.

So the person can’t hear you. You enable this. They still can’t hear you at that point. The overall phone permission is allowed. Next, you would check the actual app permission for microphone. You would go in there, permission, microphone, set to don’t allow, set it to whichever one you want. The person can now hear you. There you go.

So next we have contacts and accounts, and some of the options you’ll see here are a little different compared to stock Android OS, although I believe Android 17 will be adding this option, but the current Android version does not have this.

So for contacts, you have don’t allow and allow. WhatsApp, I believe, requires you to allow access to your contacts. If I was to use WhatsApp, I wouldn’t want to give it my entire address book. That’s where contact scopes come in.

Now what contact scopes do is they make the app think that it has full access to your contacts, but really you’re giving them a scoped version, thus the name. And in this case, you can do it by label, contact, number, email.

For the example, I’ll just do it by contact. So in these fake contacts, let’s assume that my friends Alex and Alex Wells both have WhatsApp and I want to talk with them. I would only select those contacts. Tap select. We could see the contacts that are allowed. Now when WhatsApp goes to read my contacts, it can only see those two contacts versus my entire contacts list.

Contact scopes are a great way to minimize the amount of data that an app can get, especially if it’s not privacy friendly. I’m a realist when it comes to privacy and security. I understand people have friends and family on WhatsApp or maybe they need to use it for work. If that’s you, don’t be afraid to use WhatsApp on Graphene OS. Just be aware of the added privacy features that are available and make sure to use them.

It’s also worth mentioning that with contact scopes, let’s say you met someone and you added them to your phone contacts and you now want to message them on WhatsApp, you will have to manually add them to the scoped contacts.

So again, you’d go into the app settings, contacts and accounts, contact scopes. Let’s say you met Cameron and you want to add them. Check the box, select. Now that contact will be accessible to WhatsApp.

So that’s contact scopes. That’s the contact permission.

The next one we have location. Location is GPS, things like that. There’s a couple options. I like to use ask every time. I don’t want to give an app permission to use it right when I open it. But again, it’s up to you.

Music and audio. I believe by default, if you do allow, that gives it access to the music folder on Android. But music and audio is similar to contacts where you have storage scopes. Different from contact scopes. This is in regards to storage. So you can enable that. You can give it access to nothing by default. Or you can add a folder, file, things like that.

The next one is nearby devices. This one I usually leave off. Unless you’re pairing some headphones or a speaker or a smart camera something like that then you likely need to turn this on. Nearby Devices uses Bluetooth Low Energy and I think there’s some other things it uses but can’t recall right now. So if you allow that that gives the app access to that but typically you don’t need this.

The next one is Network. This is another permission that Graphene OS exposes. This is a popular one where people have issues so let’s get back to the troubleshooting.

So let’s say you just installed an app you likely saw this box pop up where you could uncheck the allow network permission. If you uncheck it you’ll see something like this where allowed no network under not allowed is network. I found that some people think that just disabling network makes the app more secure but what that means is if you don’t allow network then the app has no network access so it can’t connect to the internet can’t sign into accounts.

Now what that looks like is let’s open WhatsApp. Agree and continue. We now have an alert. A cellular data network is required to activate WhatsApp Messenger.

If I was now troubleshooting this, I’m wondering what was going on. First thing I would check is my network connection working. So what does that look like? Open your browser, pick a website to go to. If the page loads, that means your internet is working on your device and you can access external resources.

So next thing to me is, okay, good network connection. Let’s see what the app permissions look like. Again, long press, app info, permissions. If we look here, as we expected, network is disabled. Change that to allow. Let’s go open WhatsApp again. Agree and continue. And now the app proceeds to load because it can now access the network.

So again, these might seem like basic things, but understanding what’s going on underneath is extremely helpful, especially if you encounter issues. If you’re on iOS, you don’t have any control over a lot of this, which is. things just work. You also don’t have a private device, but that’s another story.

So back to permissions. The next one is the phone permission. And from what I recall, this allows the app to see your phone number. It allows to see if you have a cellular connection, the SIM installed, I think, as well. That’s what the phone permission requires or allows.

Once you sign into WhatsApp or other apps that request this or require it, they will prompt for that permission. But this is, again, just going through it before the initial signup.

We have photos and videos. This is photos and videos on your device. If you change it to always allow all, that’ll allow all access to photos and videos on your device. There’s allow limited access. And with that, you can select the exact photos that you want to allow or the select the exact albums you want. Or there’s also the don’t allow plus storage scopes. And again, that gives you access to add a folder, file, images.

And the last one is SMS. Again this one’s pretty straightforward this gives the app access to your sms messages on your phone and the main reason whatsapp requests this permission is that when you sign up for an account they send you a text message this allows whatsapp to directly read your messages and verify that the verification code is correct it also means they can read all your messages so take that with a grain of salt.

That’s the main permissions. These only show up because the app it’s bundled and i believe the manifest for the app where it’s going to request these permissions. If there’s an app that’s a little more privacy friendly let’s pick the calendar app if you look for the permissions that one has or can request you can see it’s much smaller.

We have calendar access for obvious reasons notification sensors again that’s just one by default and not allowed as contacts and accounts besides that we don’t see any other ones so if you don’t see a bunch of permissions listed for an app that’s because that app did not require those or did not list those in the app’s manifest.

I know we’re getting into the weeds a little bit at this point, but just pointing that out. And if you really want to get into the weeds for the permissions an app has, you can click on the three dots, select all permissions, and you can see the exact things it’s getting when you allowed certain things.

So in this case with contacts and accounts, it can modify your contacts. It can find accounts on the device and read your contacts. You can also tap things in here to get more information. I’d say go here if you’re curious, but you likely don’t need to come here regularly or at all.

That’s all I got for today. I just want to say don’t be afraid to tinker, experiment, learn more, troubleshoot. Even if things go horribly wrong, you can always uninstall the app and start over again. And regardless, you’ll still learn something.

On this channel, I don’t take any sort of sponsorship, but I do have a paid membership that comes with a monthly Q&A along with bonus videos and early access to YouTube videos. So if you want to support me and what I create, you can find out more at membership.com. members.sideofburritos.com.

Thanks again for being here, and I’ll see you next time.