After months of waiting, the official new Android SDK is here – Android 6.0 (better known as Android Marshmallow) has been officially released for developers. First unveiled last May at Google I/O 2015, Android Marshmallow introduced some great new features. One such feature is a new permissions model, called Runtime Permissions, and app developers are going to have to make the necessary adjustments to their apps to deal with this new model. But one very important thing they might not be aware of – the code of the 3rd party tools they are using: the SDKs.
Here at SafeDK we’re constantly thinking about them. How they improve the development process and boost apps on one hand, but are the subject of bugs and security breaches on the other. We’re constantly trying to mediate over that gap, putting a little more love and trust into “this love and hate relationship of app developers and SDK developers”, as our CEO Orly Shoavi puts it. So naturally when we heard of the new permissions model, we sighed “finally…” and then quickly came to think “but what about the SDKs?”
Let’s back up a moment and talk about this new permissions model. Android M (planned to be released around the end of Q3 2015) deprecates the concept of pre-approving a long list of permissions during app install, as well as the ‘take it or leave it’ deal apps and users have today. Starting with Android Marshmallow, users will have the ability to selectively choose which permissions to grant, and moreover will be able to revoke permissions in the Settings screen later on, much like in iOS. The app, on the other hand, will get the opportunity to explain why it requires specific permissions, and will no longer be able to rely on them being granted in advance – every single time an app wants to access some service guarded by a permission, it will have to ascertain it has that permission (and gracefully handle the scenario in which the user declines to grant it). Sounds like a big leap forwards for Android, wouldn’t you say?