Understanding and Implementing Dynamic Permissions in Android

At the end of last year Chinese authorities introduced new privacy regulations that require Android apps to display a privacy notice before requesting permissions; this article reviews the background, evolution, and practical implementation of Android dynamic (runtime) permissions.

Historical background : iOS added privacy permissions in iOS 7 (2013) and later required that permissions be requested at the moment of use. Android introduced dangerous permission management in Marshmallow (Android 6.0, 2015), bringing the concept of runtime permissions.

Four stages of Android permission management :

Pre‑Marshmallow: all permissions listed at install time and granted automatically.

Third‑party security apps (e.g., 360, Tencent) began monitoring sensitive permissions and showing custom dialogs.

OEMs integrated permission prompts into the ROM, producing system‑level dialogs.

Google’s native runtime permission model (Android 6.0+) where the app must check and request permissions at runtime.

The article provides concrete <uses-permission android:name="android.permission.READ_PHONE_STATE" /> and <uses-permission android:name="android.permission.INTERNET" /> entries for the manifest.

How to handle dynamic permissions :

1. Check whether the permission is already granted:

// 检测PHONE_STATE 如果已授权
if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_PHONE_STATE) == PackageManager.PERMISSION_GRANTED) {
    // do what you need
}

2. If not granted, request it:

// 检测PHONE_STATE 如果未授权
if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_PHONE_STATE) != PackageManager.PERMISSION_GRANTED) {
    ActivityCompat.requestPermissions(this,
        arrayOf(Manifest.permission.READ_PHONE_STATE),
        PERMISSIONS_REQUEST_PHONE_STATE);
}

3. Override onRequestPermissionsResult to handle the user’s choice:

override fun onRequestPermissionsResult(
    requestCode: Int,
    permissions: Array
,
    grantResults: IntArray
) {
    when (requestCode) {
        PERMISSIONS_REQUEST_PHONE_STATE -> {
            if (grantResults.isNotEmpty() && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
                Toast.makeText(this, "Permission granted", Toast.LENGTH_SHORT).show()
                // continue with the operation
            } else {
                Toast.makeText(this, "Permission denied", Toast.LENGTH_SHORT).show()
                // fallback logic
            }
        }
    }
}

For devices running Android 5.x or lower, the same code works because checkSelfPermission simply returns PERMISSION_GRANTED for permissions declared in the manifest.

Compatibility notes : many Chinese OEMs modify the ROM and may disable or alter the runtime‑permission flow. A compatibility table lists support status for major brands (Xiaomi, Huawei, OPPO, VIVO, 360, ZTE, etc.) on Android 6.0‑based and Android 7.0‑based ROMs.

Permission groups : before Android 8.0, granting one permission in a group implicitly granted the others; from Android 8.0 onward each permission must be requested, though subsequent requests for the same group are auto‑granted after the first approval. The article shows how to request multiple permissions in a single call to avoid repeated dialogs.

// Example of requesting several permissions at once ActivityCompat.requestPermissions(this, arrayOf(Manifest.permission.READ_EXTERNAL_STORAGE, Manifest.permission.WRITE_EXTERNAL_STORAGE), REQUEST_CODE_STORAGE); Additional best‑practice tips include showing a pre‑permission rationale UI, using shouldShowRequestPermissionRationale to distinguish first‑time requests, and handling the “Don’t ask again” option. The article concludes with a concise checklist of steps (declare in manifest, check, request, handle result, consider UI guidance) and a timeline of major permission‑related changes on both Android and iOS platforms.