Android Permissions on Kitkat, Lollipop and Marshmallow

android kitkat lollipop marshmallow

How does android handles permissions in different versions

In a recent article we talked about how you give privilege to apps on install time to gain access to different parts of your android device. Today we're going deeper into how android handles these permissions in the previous 3 android updates : Kitkat (Api level 19 and 20) Lollipop (Api level 21 and 22) Marshmallow (Api level 23).

Each of the  versions of android have distinct behavior regarding permissions, but we're simply focusing on these three major updates because Protektoid is designed to run on devices with minimum Api level of 19 (Kitkat).

Api level 19 & 20 : Kitkat

In this version of android, each app needs to request for permission at install time. Once a permission is granted there is no way to deny that permission for the given app. The only way is to uninstall the app.

Here we list the new set of permissions that were introduced :

  • android.permission.TRANSMIT_IR

The first two permissions allow an app to install or uninstall a shortcut on the app launcher of the device respectively. The last item gives permission to an app to use the device's IR Transmitter if it has any. Based on android's concept of Protection Level of permissions, all three of these permissions belong to the Normal Protection Level. The notable update that was introduced with this version of android was the ability to read / write from/to app's private directory without asking for READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE. However the app requires to ask for permissions if the app intends to write to device's internal storage or SD card!

Android kitkat install permission

Api level 21 & 22 : Lollipop

Android introduced a lot of features regarding Custom Permissions in this version which is out of the scope of this article (we're focused on System Permissions). The only new permission that was introduced was the following :

  • android.permission.BIND_DREAM_SERVICE

Daydream is an interactive screensaver mode that is activated when the device is inserted into a dock or left idle etc ... (can be configured). This permission has "signature" protection level which simply means , it is not available for third party apps. Like Kitkat, there is no way to revoke permissions for an app targeted to lollipop.

Api level 23 : Marshmallow

With the introduction of Marshmallow a new way of defining permissions was introduced to the android community. Devices running Marshmallow can revoke access to certain permissions at any time from the app's setting page. Two new categories were also introduced : Dangerous and Normal Permissions. If an app is targeted to Marshmallow , you don't get the list of required permissions at install time instead you get a message that this app will ask you for permission at run-time.

Dangerous Permissions and Permission Request at Run-time

android run-time permission

Permissions that belong to this category require to ask for permissions from the user the first time the app is run. As mentioned earlier, you can deny the permission for each permission by going to the setting page of the app and click on permissions and then deny or allow permissions. Below you can see the list of dangerous permissions that need run-time request in order for the app to be able to access their features :

  • android.permission.ACCESS_COARSE_LOCATION
  • android.permission.ACCESS_FINE_LOCATION
  • android.permission.BODY_SENSORS
  • android.permission.CALL_PHONE
  • android.permission.CAMERA
  • android.permission.GET_ACCOUNTS
  • android.permission.PROCESS_OUTGOING_CALLS
  • android.permission.READ_CALENDAR
  • android.permission.READ_CALL_LOG
  • android.permission.READ_CONTACTS
  • android.permission.READ_EXTERNAL_STORAGE
  • android.permission.READ_PHONE_STATE
  • android.permission.READ_SMS
  • android.permission.RECEIVE_MMS
  • android.permission.RECEIVE_SMS
  • android.permission.RECEIVE_WAP_PUSH
  • android.permission.RECORD_AUDIO
  • android.permission.SEND_SMS
  • android.permission.USE_SIP
  • android.permission.WRITE_CALENDAR
  • android.permission.WRITE_CALL_LOG
  • android.permission.WRITE_CONTACTS
  • android.permission.WRITE_EXTERNAL_STORAGE

You can control the status of dangerous permissions for apps that are targeted for marshmallow as well as apps below marshmallow however upon denial of an app that was targeted below marshmallow, you might crash the app or receive certain unintended behavior from the app because it was not designed to work without certain permissions!

Normal Permissions

Unlike Dangerous Permissions, Normal Permissions cannot be denied by the user. Below you see the list of all normal permissions present in android Marshmallow.

  • android.permission.ACCESS_NETWORK_STATE
  • android.permission.ACCESS_NOTIFICATION_POLICY
  • android.permission.ACCESS_WIFI_STATE
  • android.permission.ACCESS_WIMAX_STATE
  • android.permission.BLUETOOTH
  • android.permission.BLUETOOTH_ADMIN
  • android.permission.BROADCAST_STICKY
  • android.permission.CHANGE_NETWORK_STATE
  • android.permission.CHANGE_WIFI_MULTICAST_STATE
  • android.permission.CHANGE_WIFI_STATE
  • android.permission.CHANGE_WIMAX_STATE
  • android.permission.DISABLE_KEYGUARD
  • android.permission.EXPAND_STATUS_BAR
  • android.permission.FLASHLIGHT
  • android.permission.GET_ACCOUNTS
  • android.permission.GET_PACKAGE_SIZE
  • android.permission.INTERNET
  • android.permission.KILL_BACKGROUND_PROCESSES
  • android.permission.MODIFY_AUDIO_SETTINGS
  • android.permission.NFC
  • android.permission.READ_SYNC_SETTINGS
  • android.permission.READ_SYNC_STATS
  • android.permission.RECEIVE_BOOT_COMPLETED
  • android.permission.REORDER_TASKS
  • android.permission.REQUEST_INSTALL_PACKAGES
  • android.permission.SET_TIME_ZONE
  • android.permission.SET_WALLPAPER
  • android.permission.SET_WALLPAPER_HINTS
  • android.permission.SUBSCRIBED_FEEDS_READ
  • android.permission.TRANSMIT_IR
  • android.permission.USE_FINGERPRINT
  • android.permission.VIBRATE
  • android.permission.WAKE_LOCK
  • android.permission.WRITE_SYNC_SETTINGS

app setting page permissions


There hasn't been any major improvements in terms of permission access until android marshmallow. With a device running marshmallow you can control almost all the critical permissions of your device. However the way these permissions are categorized might not satisfy concerns of many users who are privacy oriented. For instance allowance of Network permissions for apps by default that cannot be denied, combined with other auto granted permissions is a big danger to users concerning about their privacy!