The right way to ask users for iOS permissions

This is the <i>only</i> way that permissions should be implemented by any mobile platform. Without it, users are forced to decide at install time whether the payoff of having the app installed is worth the associated risk of granting ALL permissions the app requests. It&#x27;s a hard choice to make before you&#x27;ve even installed the app.<p>Jeff Atwood describes the app-installation-headaches nicely here: <a href="http://blog.codinghorror.com/app-pocalypse-now/" rel="nofollow">http:&#x2F;&#x2F;blog.codinghorror.com&#x2F;app-pocalypse-now&#x2F;</a>

Makes me wish Android could request some permissions at runtime.<p>It&#x27;s painful to have a bunch of permissions in the manifest that aren&#x27;t used by 100% of users, but 100% of them have to allow them if they want to install the app.

This is fantastic and I wish everything did this. As an android user, I&#x27;m often at a loss as to why an app needs a certain permission, and there&#x27;s simply no easy way to figure out the answer. An initial dialog that explains the feature before it is used&#x2F;enabled seems like the perfect solution.

Really interesting to see the iterations from obviously awful through acceptable all the way to obvious in retrospect but takes a non-obvious amount of thought and design.

This is great, more developers should think this way. When I worked on Google+ Developer Relations this summer there was no way to do incremental permissions, but it has since been added and makes Sign-In With Google way less scary for a lot of use cases.<p>Android needs this desperately. One of my apps has ~15% of users never updating because I added an additional permission and when you do that you can&#x27;t auto-update. I wish I could just ask for it at runtime, since it&#x27;s a Camera permission and I added picture-taking to my app. I&#x27;m sure 100% of users would say yes at that time.

I find I&#x27;m often surprised by the permissions an app is requesting, which turns me away from the app.<p>I&#x27;m an Android user, but I prefer the unix philosophy, I just want an app to do one thing and to do it well. It&#x27;s hard to find apps that do that I find.<p>Examples that have turned me away from apps before: a filesystem viewer doesn&#x27;t <i>really</i> need the ability to control my wifi. An ebook reader doesn&#x27;t <i>really</i> need access to my contact list.

Part of me worries that an app could use this in a bad way as well. If an app asks a user for a permission, and the user says no, the current expectation is that they won&#x27;t be asked again. However, with this pattern, the app could bother the user until they finally gave up and granted permissions. Of course, this could also backfire and cause the user to uninstall the app.

One of my apps accesses a persons&#x27; contacts. The approach I took to this was to notify the user ahead of time that I would be asking for permission to use the app, and that we would never use the contacts for anything but in app convenience. It feels great and is very informative. Only thing is the code is a bit wiry, but I&#x27;m working on that.

Very intuitive. People just need a context for permissions to make sense. I feel like this is similar to anything online. Don&#x27;t ask for something right away until someone understands what the benefit of doing so entails. These rules hold true in sales, pitching, etc.

I&#x27;d be interested if anybody also analyzed the permissions for social accounts (Facebook, Twitter).<p>Our experience at Theneeds is kind of strange in this regard. We have the &quot;classical&quot; initial join page with social buttons, and we ask for permissions when the user tap one of them. Surprisingly, we realized that many users click on Facebook icon, but next they &quot;Don&#x27;t allow&quot; permissions. This forced us to implement a web fallback to still be able to authenticate the users (without forcing them to go to the iphone settings).

Seems like a better workaround for the time being. I know from personal experience that I tend to either: a) somewhat trust the app I&#x27;m using, so I just blindly accept to get it out of the way, or b) don&#x27;t trust the app at all since it&#x27;s completely new to me, so I tap to deny immediately.<p>If you can make your users feel more comfortable about the legitimacy of your app and help them to feel more at ease with giving away those permissions, then you&#x27;re doing a good job.

Pretty good article, and I&#x27;ve definitely noticed that it works better when you ask people at the time of usage vs on first open.

for anyone who wants apps to request permissions or the ability to deny permissions I highly recommend rooting your phone then installing XPrivacy; <a href="https://github.com/M66B/XPrivacy" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;M66B&#x2F;XPrivacy</a>

Super helpful. Thanks for writing.

A modal &quot;do-what-I-want&#x2F;pester-you-later&quot; dialog is not the right way. The right way for Vegetable Knight or what-not to ask for permissions is to give the option to say &quot;no, and don&#x27;t ever ask again,&quot; and enforce that at the system level.

Also posted here: <a href="https://news.ycombinator.com/item?id=7531782" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7531782</a>

The answer at install is always no:<p>&quot;SuperApp would like to send you push-notifications&quot;

Most annoying persmission is Geo-Location for apps that don&#x27;t really need it.

Fantastic post. This is a major problem with Android, when oftenly users are asked to grant permissions that apparently have nothing to do with the app.