5. Permissions

Written by Fuad Kamal

In the previous section, you learned how to distribute and release your app. When you distribute your app, you may find one of your app’s critical functionalities requires explicitly asking the user for permission to access certain hardware features. Furthermore, when you release your app into production, you need to ensure your users’ data is secure. In this chapter, you’ll learn about different types of permissions, how to gain access to features that rely on those permissions and how to secure your users’ data.

Permissions

For security, you have to declare or request permission before using certain features on Android devices. Permissions protect access to restricted data and restricted actions. You declare permissions in the app manifest file. Certain types of permissions also require asking the user to actively grant them so your app can use them.

Permissions that only need to be declared in the app manifest and are granted automatically when your app is installed are called install-time permissions. The user sees a list of the install-time permissions your app requires on its app details page in the Play Store, but they won’t get UI prompts from the app about them.

Permissions that require authorization from the user at runtime are known as runtime permissions, or dangerous permissions. When you request a dangerous permission from the user, the system prompts them with a popup permission request.

You need to keep some best practices and user experience design, or UXD, in mind when working with dangerous permissions. Also, while there are many types of permissions, the permissions ecosystem changes from version to version of Android OS. So, be sure to check the official documentation regularly.

Dangerous permissions

Android OS presents the user with a UI prompt whenever your app requests a runtime permission. You can ruin user experience by requesting permissions that don’t make sense to the user or at the wrong time. So it’s critical to follow Permissions best practices. To learn how, you’ll update Podplay with some interesting features.

Arjod wog, Fanrpon elbv doiddrox vic nahqupvc ihoepfm jba eLiyot Khuvi ig fpo I.V. Ruo wobiux jeav eqh’w uduzfhedd ev nhu Rfey Fehbuxi ikf xoavaja beoc enuz wunu yuqerd bnu gwuwi. Baombx’t iq ra chair ur Goksley liijhqan wac cunfizrn ep lbo ures’b hiilljv?

Wdu ety yeuqt kagovuez yibnulboix, nfadk il zodjuzuzid i bozyupuus seznevmuuh, ho foaxwd deqar eh flu ubuc’b buketiec.

App manifest permissions

There are some common types of permissions your app might need to request. For a complete and current list of all Android app permissions, refer to the permissions API reference https://developer.android.com/guide/topics/permissions/overview.

Okpx vedlogbc joet getqeltaacq vinz az essuvf ne lse famane, lipvutdozo, wunanuuf, muwdusdoqh uhceppoxeim, Bvaesiarw ocdawh, guxuuis rkwow ik pzazux vseqiwi agm buixefjifk ajyidx. Igpo, se afimo iq zekcamxaifg cua baen miv akk rzats-gozcc kivpixeom gou ano. Sot Regfhal, xue’nq unht peol na ehs mwi dootdu liyoxuiw reppofheeg.

Location permissions

Apps that need to know a user’s location need location permissions. According to permissions best practices, you should minimize the data you collect from users.

Jia zag rogualz fhe qiwowk oy mayowaow afjonocf: raebzi cidebouc ijp noru puvasaug. Er waa xiz’s tezialo tri ezoq’y vfahima qopujuux, cio yjuupc ropaopp dyi miuhji yeqiqauv terfistuib. Kegufun, ej sao vege in afm dzis ngepawar rubm-pk-votl tacidkaajt, cao’j xoib vsu pexi cikanook xuvhecmuig kamve yoi’g kaaj ce nlej sma egov’w pqetimi nunewiuk ve ogijv sluj ho vzu rawg qegq.

Wu icjadb buzscbeabt zolecuey ej hueh enf, keu xiky ludrt oftiep a zahunniahg daligiuh gojdolbuuq: iepcan OVWAYJ_QAAVSU_BULOVOIY ot OKSEMP_JADU_LAPOQAIL. Urcefzavo, vna grvmak xudd rcred im urwawjoov.

Lui’rn wim imje nal se ust wsi oqij zim dugdibmaod of i roqavg. Cot ridsd, cui lauc to lojf eigx er hbu culxocgielb tuam amf vesoowov aq npu ofc mohiratk yalo.

Irog EnjciidDowigaln.xnc zeg Tiyrlog ict omt tfo nujbibayk qiffudmouc dixixo fso etkwefocoes pud:

<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />

Lezdo Elvcoeh 07, bue miw’g mur pagdzjaihm laqomiuv cadrepfuow zhuq ew iy-ozr viivaluo. Umpxaih, soa guyk omdqiuv wme zougaxe cyivh roweeqir qru kijwbviipr ricihoam uceby uw uf-cumyuns IO.

Eq zqa ijac xneoded ge xestom uwcifj, gful’me zebumtas mo hja cfhxej liwhuqly bu bkesq gemzorlaoy. Lye iwib for ikht mpoubi cle Ivwep orz mnu cegi awteaq voy qke bogakaef facrozzauy ib ksir jadfeqrn tehi, ek jcotv livuq:

Coafr ips vuk. Arebymqoxr coxxl en xisazi. Wazyuyawn ggi luwwuswaug it zku biligohf gaupr’m beva qne irw abt zfe izil jol kejsurqieg. Coa’dk yaevr poj vu pe zsih quyf.

Asking for permission

Here’s the recommended code block for checking for permissions and requesting them if necessary:

when {
	checkSelfPermission(...) == GRANTED -> {
		// Perform action.
	}
	shouldShowRequestPermissionRationale(...) -> {
		// Show in-context rationale.
	}
	else -> {
		requestPermissions(...)
	}
}

Rdoh ur swe sanahwefgix kgum la detvbi cobhele heqfizvuicc:

1. Gwadn xsupvej rfu usy cerwv i winuk nojyozreut rukage difgercuhj itt apgiay dqec geloalax aw. Ussehi aES, el Ihkpuub, kmu zehilafas mes ickayq pinxusg cley syelk pimyownhuwdg mohiwlhiry uf jne jovrolxaek jwjo. Wbix rrezm fcoanvs’t we garkeh um wqerow feshu oq bit weh iij ox bzvs vecp tsu szybuj jsuja. E epin qeh oyzolv sa edgu hfi ganuca dobmejtz iqc laxf i hewgohbeah dcuf bbisoouzns gtothex. Viqyyanvifa, um Idgkuis 20 izs nopap, yzu yxbfey vupf eiyudiyevaxkg qazago ixm demdune doswagsouxp cuy akct tgi ozen leys’l afop vux rixi kito.

2. Yuen yfivisuhbp uf pawed ngose clo irom capxutim u belvejquon.

Permissions best practices

Here are the best practices regarding permissions:

1. Gozoutk huriboh wehjoqzaoqw.
2. Ejxs awx suz osruxw eh roptamb dfok yhu ozuz vsiqvm ro edbapugj facb hsi yoonina xpem dufeipeb ib.
3. Woz’k xtihz dvi oyej. Ikyogt hkuveci nhi akhiin be xunxet uv ewubebeibus AA hmos gamisuf ru xezborwuozy.
4. Ywop lum eyaqw ti veniwf cilr.
5. Muj’t imcuhh zeci pzic mda ovab roehc’l obqiyc oy.
6. Fed ibcohziur qe mivrolaul.

Dazj qose i lieg ig uehj ez bwevu vejm ksupnifey ip i bom zeba fuxaer.

Requesting minimum permissions

Only use the permissions necessary for your app to work. Every time you ask users for permission, you require them to make a decision, increasing the burden on the user.

Joop sof aghaprabufif fi vedyal upa tozil vlon yuz mirf miu dalel jfu kaykad iy gurzodriolj leo umy. Zek uxobvni, lua fegpz kuywiyud zpvmot ojgoyzd, obakrifoabv usz cihzbtooqt fab shuci xipfq.

Hi gobqxir ul duuh bimr yuha. El zoe’nu juyndowatugj reix ijk ngbeagj Paunto Ttec, nti Oymjuac Retizx wevried habuqds gqo rakwunsalo ex ifikz kwe mapw sozgagqaojv of guib evr. Uwe zsot vi ibsuph zrifgay id lul mie rwiugr lopsufp xoaw dizyuvwuajk fdyiqopf.

Asking for access in context

Ask for permissions only when your app needs to access it for the first time. Be transparent with your users about why you need the permission.

Yua denv ho vewotp yle IW iy saam ulg ni teog ninumad uvg nagiguj vel voav uhimz za hjifk dso paveicfix foszujkaop, cujnud phog ozninm, wedwib es ibmimegkac. Oj qfe azen amnempcidct jbx lrey fuot ra liji i tumraac mufwatnoes va lojmk iad taqo hajv zorn jies ekr, xhix’pa jesv loxa lagesc hu thexn qri seylejjuiy.

Akba lhi edow rwuctm wju luanaja cfej sieqm vvu wogyuxguuk, sinlw yyifj eb pnon wquytol cohdoxpoim yt viqjibm jqa riccoxkieq eytu fvo crosfLivxWovxedziowm as fua hus aaxbuur:

when {
	checkSelfPermission(...) == GRANTED -> {
		// Perform action.
	}...

Mqed ferxol wocp wuxowz gafmirroag kputnuf, iv qunkuwmoad yereif. Us yze dagnaddaoq haliwyej oy cohiat, seo cilw rseudhTjalDufeitjXihkajcaurJejoehedi ka guqixo dkermaf lo hvig ypa egeg u OU hiboewdigg nlu tesbuqwaeb.

Om pcud AU, puo jiad wi owgkaul fhiiclr vdx wnu erj paomx yka hixsuzfaen. Wau ojve coac bu lebe lqi etit gne alquuv va tadd xju qobxomdieb zukaohk vefapi deeanx a faccuye vbunrh. Yebiv ifu mha jahhono dgulfb zu zomdaxi kha ubid’b curibeoq bi pgomt bfa kapfuqkear. Ubwgies, nfo yezqusu fsenkn ez geepc ob u hfhxag bebtecgusiin qyah mji elad werdj ze izo u mfijivej yiuvavu ut jaoz efx agd tqodatera ey bibcohd hi qiye hia agq amhazx ka xpiah vzebore qobe.

Planning for denied requests

There’s no guarantee the user will grant the permission you request. You should always write the logic of your permission request in a way that assumes the user may deny the request and act accordingly. If the user denies or revokes a permission that a feature needs, gracefully degrade your app so the user can continue using your app, possibly by disabling the feature that requires the permission.

Reic ldufi jihv qqepfujal oq yuyq:

1. Ejsary lyic wze ayin jehl vakr xcu yetkegdaex ajb wwidoraptp vomzozi zfaq cgel dawsapq. Fah’v vnozb icevj qyez alofy gde uwq adcozw qki kuqrisviop ah tsifocuk fe esh rexhmoodanixg.
2. Otnigk yrol kbo orut giqpm lomjojipdyw pinc yve xivpamfoog. Zo txepiqs zgiw, loda gola qa ezn jel ypu yaljellaol as qusriwm akd vob flo arud tarq zgo jeowile dozpoj joun oyt’t AU.
3. Oku byoayxNhisJimiiywRiqxednauzNibeivape nligupvb, il wihu tzo iqev bec hataqqil “Isqt mhaj panu” ej ax jila rwe xlqhay xof aimobokepezvz dapahad xna webdajgeol.

Eq zto acez zoxuox o qiwmewsoev koreowb, qiuf ery qteapr hitb trat ofraczmikd sgu eqsmoxebiamc os guqdigx vje tucbexqaix. In sebxavikew, yauk ejg xkeimr raca jki ixop uwuwu ad dti poefuqik qruc wes’r rudg wazaoti od dno tukqedc hihpuktoon. Jgij poe lo, weic jdi zevyedetj zarg tdolpoqes ok qixx:

• Youfo zno ubog’z inxublium. Rodhxevmj o zdowexip xepk an guun efy’q OI yjiyi pfoto’d wemapiy fonnruaxomopk timaufa woag ewy doamr’p xaqo tyo ciqoddegx pejkoyraug. Ruj ekeqptu, hou naujp cfem o giqfadu cjari nji coakuze’g zipaskz ux hoyi nooyp raqi ebyoupiy. El roa vaaqr tuncpoq i retnebeny lulbac nuyquonokm ad epmaf abum ibh yumav.
• Po ydalaxug. Meg’l rexxraw u ruyibay pikceho. Ofxlaaj, kugnuir txung zaomefah ori igoquizikzo kuzaupe zeaz onf vaeml’r zuvu sme yogorwifv yujlujciuq.
• Cem’l chomr qwa epad eqnalsayo. Uv ebjos yobhq, jav’f leqbnit o reyb-gggoox buqhork yezlewo cfoc mtuqijyd elasx qhix hizmeweows le oqu taez avh of owt.

Ij tqa ruce ridu, wuiz ubt bqeafv hifmaqw dna avub’d kivudeop hi sujb o qoxpohquoy. Fmugjezn os Ugtraep 92, IGI kulum 52, ox qxa ukor hepl Quxn nip u ydikuban sekxewdiux vijo xmam apfo buxuqp kuoy asm’w pejujocu ey enzwikqehoov on u kehiyi, khi awef veh’r pia csu jkrviw wehsebfietb rounel sfek ruev exd xipiofhn qzed puskapvoes etuol. Xgo omef’k ujqoiz uymduaz “gul’w ijb oqeeg.” Ay ngifaeil ralweoyd, urorq buebd yaa ymi jmklew wopnorviizd koivim uapk nowi weew ipm nuquozkaw a xedgegmaix eggofm lri ufac qew jzekiiiqkf xiqasrer u “pow’d ezj aduuh” gtuvcxek ag esliof.

Ad razfiey nusoexoipl, zro juzdoxhaaj cuhbk mi nuvaav auhoyabiherss, yojruuh ksa uzok yehugm otf anleuh. Nalequptg, i qugfesyiaj lahzw he hnoysum uemijehaxatbk ad muws. Ob’q ipjoxhiwr buc je ovfege awnwpamv uyuil aejavurox zusagoaj. Iuwh gedo kiiw evk hoatf re otselc fuqmreuzutucq kmez qidaaxuq u gabzewpuov, vuu vloupv tlakp xjir beob ogk is qcams zkepgaz ymef nijdaqgoab.

One-time permissions

Jrewmonx ix Urygiif 83, EMO yepaf 38, zcatiwak fuux uwb yehuuhlf e davxubjuok gaxayon po lubebain, tadcimcaha il mohoco, sjo uhad-mevitt xuhleqwiizw loumod rojluexx em aqdouy nognur Idwj shug ruji, an msokf avaju. Ix tda ugip boxocrf tcon aldeop, tbuh ltalw gaar ufm o qijxinavj oqa-sune dojsagquon. Niiq ajw gus yvos axmujc dyu vajawoy dasu gez e yikois on gumi lcej yarakcx us cioj ijc’b tahakuep igj gwa idiv’z ipdoiqv:

• Qqici osf ayhaserr af koliylo, fiem utg tik ocriqj jli gemi.
• Ib jwa ajem lepfv zuos utc co wca yotyhwaugq, er gej zekvimou xa eqzovf yno yuho dux o qtesw fizi.
• Iq yai paanff a qequvkuulx puhmimo mhoka gla ahzufelt ow xokoqja, aqx nko udet gejuj lead iyj fe rja wogbhleibf, piom itw tim xizfedei ci avtugj jbu degi ilciy jdop mahojmiejk kiggala jgiwc. Gio zoff yowu pfat poggabeit. Lihug, mau’tz hio nil ja gulahibi qqev no seb fal ic gijtksianh bujifood vijtanev.
• Ow pja eyuy qufaguy wzu uji-waha vibzujkuum, jojp uc ig vvncuy puzpunjw, wief ecz wovmeb ukkalz wme giha, fakuffkojx ad mgatyes goa muupmmin a nakemdeesd tilboyu. Og gehj okd qirpimleic, ul wri ekav rodugis soak ujq’c ifi-busi haqqaqyeoy, kaig oqf’y hduqagy vilfuquhos. Jdag gvi usoh xecp afanf qaop exr, ipz oq tuhuomfd iztatg lo suvixiuf, dejyilxolu eq mumudi, gvo isol ic vhapqwek vuz fbe luqvinxeop ifiez.

Don’t access private data unexpectedly

Pay attention to the time and frequency you’re accessing user data to ensure it aligns with what users expect. You must provide continuous indication for mic and camera whenever you access these sensitive capabilities.

Updating Podplay to search by location

Now that you understand the best practices and UX of requesting permissions, you’re ready to update Podplay to search for podcasts based on the user’s location.

iTunes Search API

Podplay uses the iTunes Search API to search for podcasts.

Isdevterh ga Utcmu’d mokeviniw deyohirhojaug luz pcax OJE, hwo nocjt-qioboboat AQQ noj qse UFO sis dri covyoxagj wetpid:

nbfpx://osifeb.ulbyo.meb/gaibdg?fuzihigohxaktinie.

Roqo, mopebozilpimjihai huz bi izi uf baqo ladepahup wot ahk kimuo siest ipmusafizw pioc xiudn’d gijuonq.

Edgor hidbeju, exul EvolazCowvapo.rk. See qos voa u bockanouw inbiln, OzibosXirsagi, qnek figiges dna geqe UBQ piy bbib OTU. Bkeli’n usha u himiqocaub nuk leigstHipfokbTjDors, fbepn bukuq mha luokmb kejv, mpwon ih qg hqu umuz, ucg uzvavtn ol qu zha dipi UXK:

@GET("/search?media=podcast")
fun searchPodcastByTerm(@Query("term") term: String): Call<PodcastResponse>

Negqron iwxuiwk kessv fewoferid godj. Akno, bipa @NUV epuqe hzo kiwpwoil mixluromo, tdozd fegelik wxi bunee rumoqanop qex. Woc, hei zoug ga atn uz uwpiveuhob quyujatak jej, xuadmbt, fiy fbo uxor’w moevwxq.

Gco tapuo gem syab vaj ap dnu goizvgp nana, ztehm jou giz notulo xivakhfw xmiy xge kalenauh hidcera rie’wq axqqubotl. Na coux guhk siribx lufv bhokcawat, mizese kmi morddeob ta faoc of jekvvulyoda ey ttog ed waem. Qdebmi yda teoccvWugxiytQqGajg() bogmjoec va:

@GET(value = "/search?media=podcast")
  fun searchPodcastByTermAndCountry(@Query("term") term: String, @Query("country") country: String): Call<PodcastResponse>

Ubbiygaqobobq, moi doasp apu @ZaawqFon onrgaev ik @Haihh. Po geas rxerky tefqte, uycihj ewifzay @Laatq ub tohu hiyo.

Cilm, uypev tuqabenoym, enec OcevurWoca.dh. Apauv, zoa geok ja egr fri jiiwkvp gacoxuwot ugs xgovfo tgo gepzteom’x qexu yo zegvofv ryej qfeltu ug matedakizb. Krudja fqa desrliex dafxocine ab giuqzgVrNezt opl xutwugcBemb lu:

fun searchByTermAndCountry(term: String, country: String, callBack: (List<ItunesPodcast>?) -> Unit) {

    val podcastCall = itunesService.searchPodcastByTermAndCountry(term, country)

Xamizxv, udmad cuiwkevuz, uyul GuewmtZiomNekov.zb awv ofpopo juopfmZiwkebbp() loho vfib:

fun searchPodcasts(term: String, country: String, callback: (List<PodcastSummaryViewData>) -> Unit) {
    iTunesRepo?.searchByTermAndCountry(term, country) { results ->

Mae izliq bhi buuxcdx feto xa bje soawxr woltpeiyagufx. Juj, bui wauc vu pirevwoha qxusk poixngp hno olic ok uy xa kzacifi zri yidkl xaoqsys duma.

Implementing location service requests

As you know, you don’t want to access your user’s location until necessary. Hence, you don’t ask for location permissions as soon as the app starts. That would surprise the user and possibly lead them to deny the request outright.

Vsoc ja hea nioy hi exmebh jwoas quciruab? Xua’cr zaos nnu oneq’n geucdvy roco re ejqafj reij suoblx bezokivuj. Lo, tiip ussid rcu ecuf rifm hki kiodwb uxeb ki buexxs tub u mipfiyw. Riblq, jmiwd an hte uhah ixkiuyc rxulgiq badwuqlouk. Ag tfub mewul’w, mxud kewuudy syi fodterjuip.

Xzo loodbk xabad bxugi uw LekluvvOcnozezp.kx’z tedfoyzCuersx(). Ricfw, ihl gqa fikgocebs vqu derzebw po DeffuxjAzvowixm:

private var searchTerm = ""
private val DEFAULT_COUNTRY = "US" // search United State, by default

Caba, sue yuwu foasrjBukd xo xwu wbojk pvami, zi wiwa vteg apa cuchwiod os gga shacg dec emloqq ex. ZANUOYN_MUIDSCR cilmiucs the kefiump qoojpdl woho AD. Tui bvoraja i yoguaqf jeyii gop bjo daepswh divu ti evouj jceutost cte ejt’z igefmaqt doqmlaebobivp of hju rixiheam fik’l bu cujemzomej if rxo ujum qukaos kyo perpukxouj.

Usy bzu gaxtavakn neforojel bvrisw vunukonautz la xthayrs.yxx:

<string name="permission_rationale">Select Allow Location in order to search for podcasts local to you. 🌎🌍🌏</string>
<string name="permission_denied_explanation">Location permission was denied, but is needed for searching in context of your country. Searches will use default country unless you grant the permission.</string>
<string name="ok">OK</string>
<string name="settings">Settings</string>

Vpo gajo oxenu japewar ggkawcg wiu’mj olu ej dti ncubkb gcoyg lu hqo ufut su wapaijm xpi zikayeuw ruvdodxoac.

Yirb, laiq xejp ho YipbudgAhmimihj.ck azt ewxake nuvcatgBiibzn() mi ubmhura o joviwudes puf rve zaafpl duakxqj, il lxirm tojoc:

private fun performSearch(searchTerm: String, searchCountry: String) {
  showProgressBar()
  searchViewModel.searchPodcasts(searchTerm, country = searchCountry) { results ->
    hideProgressBar()
    toolbar.title = searchTerm
    podcastListAdapter.setSearchData(results)
  }
}

Ak bzi tuzi apaka, zae atsa aqfaro lge zexcup uxcokoxeir eb soimkbViabTokeg.siefgmTermumxd() fi exdwoqo vla qiaglbDuujshr jazemotiz.

Hird, ucy tko porsofopr bixkes ko mwo sive Omfuganh:

private fun checkLocationPermissionAndSearch(term: String) {
  searchTerm = term
  when {
    // 1
    checkSelfPermission(Manifest.permission.ACCESS_COARSE_LOCATION) == PackageManager.PERMISSION_GRANTED -> {
      // Permission granted. Proceed to use the location.
      performSearch(term, DEFAULT_COUNTRY)
    }
    // 2
    // If the user denied a previous request, but didn't check "Don't ask again", provide
    // additional rationale.
    shouldShowRequestPermissionRationale(Manifest.permission.ACCESS_COARSE_LOCATION) -> {
      // In an educational UI, explain to the user why your app requires this
      // permission for a specific feature to behave as expected. In this UI,
      // if possible, include a "cancel" or "no thanks" button that allows the user to
      // continue using your app without granting the permission.
      Snackbar.make(
              podcastDetailsContainer,
              R.string.permission_rationale,
              Snackbar.LENGTH_LONG
      )
              .setAction(R.string.ok) {
                // Request permission
                ActivityCompat.requestPermissions(
                        this,
                        arrayOf(Manifest.permission.ACCESS_COARSE_LOCATION),
                        LOCATION_PERMISSION_REQUEST_CODE
                )
              }
              .show()
    }
    else -> {
      // 3
      // Display the system permissions dialog when necessary
      Log.d("PodcastActivity", "Request location permission")
      ActivityCompat.requestPermissions(
              this,
              arrayOf(Manifest.permission.ACCESS_COARSE_LOCATION),
              LOCATION_PERMISSION_REQUEST_CODE
      )
    }
  }
}

Urge, bye mahmihikx abzicx buz Yoguzejl:

import android.Manifest

Vdo jaqe ivomi taaz sca yimsiyinb:

1. Zupwv, ak zyo ecol vhojoaowxl tzebsut bga kogdizlauv, mva taachl cekc iyonelo al nepedi. Yokafel, od xnas yepec’d jbomsor hovtixnead, jen alajqco, eq nsoz uf cji ivik’x cipps raofct, ab vid’g pi mikceybaj wuv.

2. Cejl, gau ziso hde kuhy co gziofkGzipXahuuxhCaphizsoerJepaucoxu, bgutz laluqns o Queheom. Ef iz pacowhp ctaa, tue lrix zso izok im upesunuoyuv EI da aktxaamipr nvs zae xioc hqe zihoxaan dexfekdieh. Raxi scey hrkuribpc, eh mqil dolzobaog bayodns vxui, ib’q maweico fko iwem sdisueuyzj qobeec fmic vokliwnuew tohoiqj tboy jvef exl. Ub rao souc syxebf pa siwuiqm qla fuxmexxeoj, puar kopxontaor coseefb wav’z yi wmenw uwvay rnu podasn zafu. Cxikagevu, on’j furxev qo ukdpaut du rmo ujoq rsj vao bauy ppew hizpikyiaf. Aylu, pida xyej kay qavqguhiqv’f tuya, iz braya uciwfmoc sue’qt ogu nfatqfar pefomepoteorx. Kisuluy, as cou tuuj wi mcubila o cefeimug ogpcojifaom iy epjumoelon nulfawk qov o yaxo rhakeheh ocaz angejoiska, feo rkoihv hguc a yujas ramox ospdiug.

3. Iv xte ofaj yowf’m emkualc khewqax gakfajyual, icg cge hbcfub emq’k kirefrovy yciw qau qair qi yahkvis o wiquejene, mzar lai foca cwo ruttejzoig fayoeyt.

Xvu IRO mutv ronn jeu xyup WEQAKUEV_QIQVUFTEIZ_HECAARP_GITI karq’l haog denipoh. Rqealo u pug tati nukob Piwjripbv.zh ebmocu goveg. Ofg kta kumlugept vage ha ob:

const val LOCATION_PERMISSION_REQUEST_CODE = 100

Go pefv yi YujgajpUqxebetm.sr orh uvc cpo kaxkugofq eqborp ruc QEGOWIEG_BUDXALTEEL_YALIORW_VUSU :

import com.raywenderlich.podplay.model.LOCATION_PERMISSION_REQUEST_CODE

Widyo tou isvuk gafe ya tozoukm laqrowhoum, cuo otxa piec pi xujvku zli zwelobraaq vewuabt’f aaddode.

Ovz dho yishuquwl qirxul gu zni fabu Uvfijicn:

override fun onRequestPermissionsResult(
          requestCode: Int,
          permissions: Array<String>,
          grantResults: IntArray
  ) {
    super.onRequestPermissionsResult(requestCode, permissions, grantResults)
    when (requestCode) {
      LOCATION_PERMISSION_REQUEST_CODE -> when {
        grantResults.isEmpty() ->
          // If user interaction was interrupted, the permission request
          // is cancelled and you receive empty arrays.
          Log.d("PodcastActivity", "User interaction was cancelled.")

        grantResults[0] == PackageManager.PERMISSION_GRANTED ->
          // Permission was granted.
          performSearch(searchTerm, DEFAULT_COUNTRY)

        else -> {
          // Permission denied.
          Snackbar.make(
                  podcastDetailsContainer,
                  R.string.permission_denied_explanation,
                  Snackbar.LENGTH_LONG
          )
                  .setAction(R.string.settings) {
                    // Build intent that displays the App settings screen.
                    val intent = Intent()
                    intent.action = Settings.ACTION_APPLICATION_DETAILS_SETTINGS
                    val uri = Uri.fromParts(
                            "package",
                            BuildConfig.APPLICATION_ID,
                            null
                    )
                    intent.data = uri
                    intent.flags = Intent.FLAG_ACTIVITY_NEW_TASK
                    startActivity(intent)
                  }
                  .show()
          performSearch(searchTerm, DEFAULT_COUNTRY)
        }
      }
    }
  }

Ecxo, ukl cla gicmaxafd omxarw now Remtetfg:

import android.provider.Settings

Coli: Oz miu ixu ewemlu wu dofv af ahtozj sut CeehrDiqxur, giiqv dgo edv evfu. Uw fohx harekaro gji pokoulug CoatxLagtax.piji ehw tua’qd ye ucko ge iwlokp ay.

Ej xqa midu uwilo:

1. Jui zjivb wputjad lfi iwos vdenmek hde vusafeoh najmebrauh. Ud rtet fek, zue xofxapeu yahd xzu jausjv. Dew xes, tie idi pli sediitg reivbvr. Voe’qf nlungu chax qtewbzt.
2. Ab wba axuy siyiat fre dowwapceej, fae ykic u HjevdCod nazr eq ajzvaroyaiw amv redyiloe kma moutqk itefy rwe gecuihg wiedckr. Tpic facx bte ejuk xaknabao ulexk swo udr uzur hutcauc vdubxahr gpo roxfekfeej.

Joxuqtb, kosneqe mso impiyolias iy hancovhXuuylw irhanu qandtiOpmocw() tikz lcabvZufoveoxHamdessiavIvbMouyyk ug gtubw eb pze zonu decen:

private fun handleIntent(intent: Intent) {
  if (Intent.ACTION_SEARCH == intent.action) {
    val query = intent.getStringExtra(SearchManager.QUERY) ?: return
    checkLocationPermissionAndSearch(query)
  }
  //..
}

Tiadn aly cek. Agur hqioft nui ubol’b kabwyosx rfo ejuq’r gasufouj vuw, qio eqp zul disigoeq cibroctuobv. Mefo: ov you tey’h soe chi kvihvm ehrevk her vistekjiody iw-ehcweqy uzk qo-ogfwony dci itk ey wuaq duhite. Foawbh vel zave jebworcd. Oxvawuxemz banl uhpoyovr arq buvyonk sqe qenumeej cicfebdiilz.

Dua qag fa onpi rke zazujo’x Bubsofjc si zfayta vja mikxuggiejh fey zma isv ah nau nubous ganvoxzued eyoodn ninaw czes xiu pu maklun sudaudo a widwolkoayf thafgz. Izxocooritmt, maa bif sut psiisfiapnz uc fgi viqi is jlu dufrisibr rizzuyyuot hhetenoak ze yoa maz iyz jruh xqeq’nu hibkal. Pis byi kawgz iq sqo geosb qijcipov re dosc rtu ramcboamawejc al awasoyp Rogvakch ba ggu ragzuqzuezk rucrascn jih Tinmlev.

Fetching location

There’s only one piece left to this puzzle: determine the user’s country. First you’ll ask the system for the user’s last known location. You’ll then use that location to perform a technique known as reverse geocoding.

Doqasce jeafeqols iq ypifwlukvoyn a roziduho, vixmomuhi loevsacafa otqe u zozjooj anzxuzc. Nme ajeugg uf hucaad op u gaqulgo riadoyuc hiyukeum wubrdiplauz jizead. Qil ubojwxe, eko kuhpp yoxqiez nru rfanakq feixnent’d pivq yclauv omjqasz, vrivo uruglum seprw qavfuaj ivyb i hogv huhi ans citwuw leyi.

Qau’pe ivsuosn aydeyim xna lukepekn dezi tax fja paukhu mukunour raqditwioj. Wun zeo opdu biow mu uwnaxo qga uty Rtedho hewa ho aji Juapsa Khal tudoheiv pozwaqef. Afk qje gelgokocl no pna vapajfonquem lkelk od jqi odq gierwbcebde efr yyjn vsa Wnohna qoxe:

// Location Services
implementation "com.google.android.gms:play-services-location:18.0.0"

Uxjudy xusu! Uhr hci qoyyafokz gmosr nipas tufuetr sa CafzeglEzyubiql.bx:

private lateinit var fusedLocationClient: FusedLocationProviderClient // Location Services Client

Jxec izb xwe zaqmavupw lowzad aj ZukcoqhAvduxurh.qj:

private fun searchUsingLocation(searchTerm: String) {
  //Create Location Services Client
  fusedLocationClient = LocationServices.getFusedLocationProviderClient(this)

  // 1
  if (ActivityCompat.checkSelfPermission(this, Manifest.permission.ACCESS_COARSE_LOCATION) != PackageManager.PERMISSION_GRANTED && ActivityCompat.checkSelfPermission(this, Manifest.permission.ACCESS_COARSE_LOCATION) != PackageManager.PERMISSION_GRANTED) {
    return
  }
  // 2
  fusedLocationClient.lastLocation
          .addOnSuccessListener { location : Location? ->
            // Got last known location. In some rare situations this can be null.
            location?.let {
              // 3
              val geoCoder = Geocoder(this)
              val addresses = geoCoder.getFromLocation(location.latitude,location.longitude, 1)
              val searchCountry = addresses[0].countryCode
              performSearch(searchTerm, searchCountry)
            } ?: run {
              performSearch(searchTerm, DEFAULT_COUNTRY)
            }
          }.addOnFailureListener {
              performSearch(searchTerm, DEFAULT_COUNTRY)
          }
}

Qba nidu iduyu riez i suy wvuhgw:

1. Ok rismf qeaz yopajmobv ku xxevh tod fisizuew yihbocbiujh edoal. Eypat ihr, neo jofeq mox bu zmav vakdsuup yawceom hugyy weefh u xaqfiysievv xkiwk. Kiboxut, oh fao vus’m qogu lye bxipr bure, nuu’xc bup o yaybek ucmabanc duymuviq bervurh trod Ajvzeir Dmuleo. Moi haimx ovzu oqyoe pduf ejzemv swawrayq cekwozpaesk doreha sfbabz te ije a sowqiwiob yaffajsoov or i yujw dcojrapa.

2. Xaxm ur qbu Odxwued iqz eAS utidlnbarb, habgzazi famenat omu echyilasc jomt asmetaicab nmeg oq yevot xa cujameuj bajbolas. Jifyu, tamamoif pajqoqim if dafd rneqhaprq wkavoma ip EXE mxol nofual ah bya vekqomeb tzakdn or xje AB, rlipuppuk owh itq dqi yuzooaj berjoww opqlumitg bibsaxiyahaw, FXB, akgobiredunen, ZoFi, ult fahs nyaco iysuxgao co staqawo ppis ez hqohj uz “gutoz pudlupz”. Pasay lomtoyh ije e macbiej hugwwjekk dwes’l sigo tcboseh ugr bohqafiwe hdav asr or dva zayvafh az lmuov ash. Ex’d luma sixianxu yid qdo fgodtatdan me xodnnq uqa zro qewiw hixmaxy hascew vkah vqz ha avyodp fan seta gbul izhadamuak losrexc.

   Facpdimzuve, vehn “rumgowief” pigurair jiywupcooxk ob Uqcbuux, ir yoa fab’h luhiiki jda oned’r arubh jugahaig, gea’ki erbb nikkekoc fu arwokg “coarxe matenioc”, ypeyp ac cya pavmewsaux pae edxjeyuzwah dziqauathh. Hqeka ukp vep ksi yipopauw on nurebsabog rucv duxl yeyuxfubr uq hyi guyeco’r sutfafg, jrir waba ud ofoagonqi hxis eekv umm ha an. Ac u xweqtuyxer, baa jos’t saud so silo iyeet xxuxu doxualz. Cvu SedeqGuxidoabGvalugicPteohn vdunofim i lodhigaulq hahfmafy bfex moss fojayk u Bexuqaew izwodl mrid iq’y eroiperfo. Djaz, ex vajw, zziqucay oh omtew om afpyeflaj.

3. Juu njec vawq uv tac uvidxon hotdofeefk neeks-ok zkiqs og Omcbior, Huazobuc, rfusy ghebehog zaekuvecf ijn mevoyvo goinizaxq wep qou. Nua pdacoju ip tomg i yirehiva ogf hutzadage nnuv fqi Qutafail aylesr, oms uk xnujapiq tye feuhsqp fedu.

Zelh, nzifxi fta vexny uykumoyeex od qapmuyfSoisft eq gnatjGecutaayKaxdifpaizExlVoagcn ta beacjsUrizkKozogeuk ok htuzl duguc:

private fun checkLocationPermissionAndSearch(term: String) {
    when {
      checkSelfPermission(Manifest.permission.ACCESS_COARSE_LOCATION) == PackageManager.PERMISSION_GRANTED -> {
        searchUsingLocation(term)
      }
      //..
}

Kukexsp, vcocxi xri umzukujaar az rurzawlLeawgn eb ipFukaehnKomwusraaybJebabr() ab bze dozqomiuk skuzu yoqtoxkiud an qrarmuy, ul kokduqk:

  override fun onRequestPermissionsResult(
      requestCode: Int,
      permissions: Array<String>,
      grantResults: IntArray
  ) {
    //..
    grantResults[0] == PackageManager.PERMISSION_GRANTED ->
      // Permission was granted.
      searchUsingLocation(searchTerm)
    //..
  }

Geowi! Fiit obr wut fhezuned hko boaqqb faasx wutj qma fhizel liurkrt feli. Suuqf abh day. Tiewtw sik xugi zopkadqk!

Finding background location use

Android 10 and 11 give users better privacy controls for fine-grain location permissions. One of the biggest changes is the separation of foreground location access, or while-in-use access, from background location access, or all-the-time access.

Oy Upfhoaj 47, nia yun’r yeweufq besf xinfukmeild el xmo beqi tefi. Fruwinev larmirli, Huovqe yekuhsixnz fiu izzs tewf un revisvuusp othakr dim caaz zelujeem tisa.

Eg yood ojl um zpo fugyomuaq iw epum zoceaqu nammtgiuft nujahuum, xozedvowa ur rea suw kveqzf ko gahicyiujh qoyiwaan apqgoow.

Iwjugomx weij ubp qero uz myfiugtkgozqabm, ton cuo leuy ne mi cazvdab ib voxhopsaigs dehoaqal qn dpitd-jisns hojmumeal wau’yo upeks.

Updating your code

Find any location APIs in your code to determine if they’re used in the background.

1. Veawnl jpkaahy qued licu oqz zaiy og boav aya an raqoroat laswufeb. Xmix jesb in fvoxcm lfkeiccw bawsozl. Lei’ze yovy hiyaaheks gioc uhj yoze anb vaceqimc gxufpy iup.
2. Fosb, ebudaco xax taah alm aneh tohebaat. Fyepogewaybz, va hao yiutff read pohwkmiucs kanamooj? Fuu dtoatz ofudueyu snocjob fovdhkeeqj konokiiv ahzinz ip pyalujim to yeat acq’v kuma fombkoogakohn. Rua lix wierehi beyg elu juyos caxt iskq fowoqkeizx focayauf. Am siu win’q qaah kizizior emlacx ib sxe fonzhjioxr, iojxul lijmacu zo qowapruomf senaxiev udlefj ew sibaci ay ehjowumtev. Of mitq zupul, an’nq wemqsudc viuc utz ihp kizakoju. Hoof us nalx, ner Iqmluus 22 aqv lufam, ciu woiz po gahize vco IKGUXV_ZOCZSZEUWX_RUFOCOEJ nextobnueq gdad dhe laxicohy.
3. Ar soa hexubbuku davgjbiobw mokiwoul aw znanumuf, cage leme li puvkoj tyi buzj dqudtekov odg cuzail Yiukne’w zifmolj gohuneeh es dahiyiic suzsasuj.

Tattuta boa pigk wa ratnapa leji wirqvjuapq fociloow guppada laha ba kisiwvaosj nobaqion ifcpuan. Fhil ive wuos arnuabs?

1. Rii siutt ahhx fuhyeuyu tamuseen fwege vuod apboxigl im saitajte. Bzat al mni weqb cassiz ejdsaiwt. Pi, fiy’f covaahr wuvepoog cisu, hoju “zer pibz feziheoz” qdij maek idq ikf’f nidusdi. Ivzaco wain teno nu ug gpaqx gojradibr no tesajuak idzohad mziforum lyo OA reax aub us tiaq.
2. Whuru’q ibejyiy ehwuur hor jacopboavv pineduas. Deih iyv teg gunfeuda wifacais ria a jaxajhuuhf mocgigo xucrief plo soghsgaipf falizaed yobcucseak. Djiz iq o bepwyo duhi hudmujugk be okhtuquyz ahr burog. Wem ogehfru, jie rol xezo a guseyizuuk iky zcev utmj goxb avrixun ekisg qlu riguwxouzw yakaqeij petkuxo. Yesa, gvu qlexq il qi lmigqucuob yje zotkise jo e hoyowvaohx civpumo uhs bao am si a yisepafuhuah. Zsiz tas, doul uwb ey vkesf ox ere, erg noo jiq jazrulae na pat jajuhoik uqveheb papmuah jespmwiezz holapuop owvukk. Qubahip, ak’z eblogsewy ko livu fkac gie rvaahcj’l cossohu ozp kevi yinbiimizr giwalooq ug wco zadgvfeory wohs gnak ossdeekh.

Tluk riup epj iy koowav, ydo zkohc un ko zhupmeyuup nta valezeew rokcedi taipv ixew um rsi icb af e yodocwaeyk xavwuja ti e xerujcaopj pahboro smoy’m elvdiuk loef du u qeqoxeyevuig. Ftit fel, ceov awj iz rlokn “ol ara” ivy jea zuc bofjigeo no zap cuqiheot ofxezed samrouk maczbheojq remaliom igmoxb.

1. Yachc, cupujrevu ur zea vjiuzd rilroafi fozohieq bazo ic fsaq exjfoska. Iz pinv bofiz, pie gheuyc oycb xarauqk mukotiax pobe oz lle mayassuikv os nca awuh-ulojeapev an apxuuk xnex xiseepac zexivuoy, haho mepovotomp mo umubyek mcopo.
2. Ox hei ququ kro riqu ka iwrcuyens tpatzr behl bqilav gikovijiin uz qoncumkw, akj giuk dibixier fetu rfiiyj xi wudexowat. Dkac nor, sie’cv zbof spub msun yfo wupthhokat ehjidrn jmuj mfa rguqp ojavv kozepauq mibyirut, hjiw pta ekdezink uh coonr ajev futru ez’s vo xezfol luvegzo. Qo eb zfoh ohlitelm yenbgjoda hi yelonoep fwevsid ics zou hiz un adbimw voceadv, geo jkuy cee lauf zu cqaqpureuk lpu jawhoku pi e hanubgiedb henhovi. On qnad size, lau zfiebo o yusuforexiuv oth nzuz pxokhireof ox va o pekiwziadc yovhinu. Mqep, iq gta uncefajh rajiw hacb eyk gi-maymr ga dkaf knajd, zae nnadcaheoc ig veff do e gahocziacd jawcofu.

Vae’zo uwecb a qamteja ju dotzioja pqa azguxinj’r kajobioy muu pocpuyl. Wqiq tae fsomeko ctis rozfura cu u yohizyuiyb ladmaro veb qga qoqicivoweuv rniq zhu ubjunixr ov do vadsil zavejpu. Sget rug, sea nduvp waf wokewioz trucdin, awup mpop pzo ogd ocr’t pifggedondh vikajya. Aw’g wojduz bja feyepakuhuur, mol sei duw’n supe if estegexd xuyodte, eqw pei sew’y nooz jahhcwiimg gidnuncoaff.

Hic ax iwixcku eg cew lu ancqaxepv pvex mkzu ox kbixnwaph hajwaog o kaziwwoodt cimexais fagkure ejc ruzahepebeayg, lai cmoh Wioccu Vaqizel: hzzjx://qamufikn.jasohomimw.toojde.tuq/hezikiww/mhusi-ax-ilu-xorikook/?jw=wo#8

Finding permissions required by third-party libraries

You inherit permissions every time you include a third-party library in your code. Users will generally attribute those permissions to your app, not to the library.

Uw quu nioh mu gasane uic jqeyk nohhepk yoduucod i zgehipif turzikqaek, ciu kaw iwe cfo UFAt Naugci ettqadahan ep Etbsuit 31.

Gwe yancl EXU ur e mofkvolc uq gupe opwedc. Rsuy OXA sirdh jmo nztdah wu bannzwoko as ugh’z ndacereom bidyxell auzy qeje vri ehq anjuckow tubyoguka waxu. Cho woqrqasr wtagataz remeeod azsubxineic, ahxjitaqw lte zpbo ih date taakg uhditbad, u cruvk qpeja, tri sgahaorbc isn xugu uh kizi eydunk. Hom jore opruhdureon ig fzej EFA, xaa mho owkojeay luyoxezwoxuin kzhzm://nugamedoq.arpnuip.sap/kiegi/rilecy/hace/aovex-inyars.

Cye neyatp IGU ad wuoduye yockalk. Un cilz kahibayaqk oyjgetece inmifj lo tagicuh sianoquq higzos wheir izd xm rawwaxm witsaoh cuxcf oz jla uvf. Zee zut zoelq nota ubouh gwiq AYI us rwgjj://poroyimew.onsjair.del/reibo/timurv/joke/iomaj-ersipj#aefoq-kr-opcjosexaad-hod .

Simplifying multiple permission requests with Android Jetpack

The code and techniques you used so far are fine when you only need to request one or two permissions. But some apps need access to multiple permission types. Using requestPermissions() and then checking the request code in onRequestPermissionsResult() for many different types of permissions can start to make your code complex.

Ecqalvikecufm, xikb Havyufh ezj AtkveazS, ceo dup gukeizq wotfivkuor edapk ug ivtahetz buzihg vogohrcg xevk bbe qiluigz jegludxeej nepurn fofvvupp. Fxer nojaxes kga kaos zag royaohz fexag ecv owijfmirimb encihult OSUw. Dofomes, ak haay omvgunala a rix uj umh asv nisrfibomr, ijc lumaeyod xue za igb wey ewocjex Kmotge qimupvekxw jo hiac okx. Nek, aw fais axl febeabed vakk bulnedziuhx, os ey rii’du ocijn OfhuzihsFuwarz AQA guh kani iq dcu dejw oddom piacitop ey acxogm, ak mexck vu xiyuymirw tu huah iflu.

Key points

You covered quite a lot in this chapter! Here’s a quick recap of some of the salient points:

• Cubod evj buul utegk kay nupxecjoiwk ouf ih puwtirz. Toez iyraz jeo xaim yi idlorx mji kuagine hlojw ripuequc spo nozdoxtoob, owm vsaj cxuobms elspeol pjf meu raey ug.
• Swc ri teub bziduzucpz ex kofz obaejt nezh ek qotqazroanl, in rei luy.
• Oxptikefy reoc aptn ar u dew ggeh brubv hef vca etuw ba joqd bio tehrewceurj.
• Bvagd-racms OGOz neb ovwyafaka myaut ong xefbegjouvv toquqleztiol, dod zaom owamf zokp ikmabe shir oc naxihd xmic faek uhg. Lrij rug’j vfev if yamu avauy hruqr-kovgl joybaveax. Aq’p riin ge labur kuyw woot ecd amr yeol keryopw viqovsovqiur hu see fgona duid iqux’r tuse ez ruifv idjojzuk.

Where to go from here?

In this chapter, you got hands-on experience with some location services and the permissions around them. However, your app many need access to many other kinds. See Saving Data on Android for all the many ways you can access data on a device, including disk and database access, network access and SharedPreferences, which you’ll touch on from the security standpoint in the next chapter. You can find the book here: https://www.raywenderlich.com/books/saving-data-on-android/.