Android 11’s auto-reset permissions feature is coming to older OS versions
With Android 11, Google introduced auto-revoking permissions that barred unused apps from accessing sensitive permissions granted by the user. While this privacy feature currently remains exclusive to Android 11 and above devices, it will soon be trickling down to older versions of Android — all the way back to Android 6.0.
Today, Google announced it is bringing Android 11’s permission auto-reset feature to all devices running Android 6.0 and above. The feature will start rolling out to devices that have Google Play Services installed later this year. Google says the feature will be enabled by default for apps targeting Android 11 (API level 30) or higher. For apps targeting API levels 23 to 29, users will have to enable it manually from settings.
For starters, the permission auto-reset feature automatically revokes sensitive permissions granted to apps that the user hasn’t accessed for a few months. For example, if you allowed an app to access your location and for some reason never opened that app for an extended time, the feature would automatically revoke the location permission for that app — the app will have to request the location permission once again when you open it.
The permission auto-reset feature won’t apply to Device Administrator apps; similarly, permissions fixed by enterprise policy will also not be revoked. The feature is also compatible with app hibernation in Android 12. If required, the app developer can also ask the user to disable the auto-reset permission feature. If your app targets API level 30 or above and you wish to ask the user to disable permission auto-reset, then you’ll need to use the new cross-platform API that’s part of the Jetpack Core library —
androidx.core.content.IntentCompat.createManageUnusedAppRestrictionsIntent(). Doing so is helpful for apps that primarily operate in the background, such as a companion app for your smartwatch.
The permission auto-revoke feature making its way to older Android phones may sound insignificant on the surface, but considering that software support for many of these older phones ceased a long time ago and thus are at higher risk of being exploited by malicious apps, it’s good to see Google expanding this privacy feature to older Android versions.
The permission auto-reset feature will gradually roll out to Android 6.0 through Android 10 devices with Google Play Services installed starting December 2021. Google says the feature will reach all eligible devices by Q1 2022. Meanwhile, the cross-platform auto-reset APIs launch today in beta with Jetpack Core 1.7.0 but will launch as a stable API in October 2021.