

The right way to ask users for iOS permissions - pwrfid
http://techcrunch.com/2014/04/04/the-right-way-to-ask-users-for-ios-permissions/

======
notdonspaulding
This is the _only_ way that permissions should be implemented by any mobile
platform. Without it, users are forced to decide at install time whether the
payoff of having the app installed is worth the associated risk of granting
ALL permissions the app requests. It's a hard choice to make before you've
even installed the app.

Jeff Atwood describes the app-installation-headaches nicely here:
[http://blog.codinghorror.com/app-pocalypse-
now/](http://blog.codinghorror.com/app-pocalypse-now/)

~~~
kylec
No kidding. Not to mention that a lot of Android developers have the mentality
to request every permission they could possibly conceive of using in the
future so that the user doesn't reject a potential future update for asking
for more permissions. So every single app you install nowadays seems to want
access to everything and there's no way to prevent it short of canceling the
app installation.

~~~
jsight
I don't really blame them either. Android will not automatically update apps
that ask for additional permissions.

I suspect that a lot of users end up never updating apps like this. It makes a
lot of sense for the developer to request everything that he might want
upfront.

~~~
click170
I'm probably in the minority here, but if I try to install an app and it
requests _any_ permission that I think is inappropriate for what _I_ want to
do with said app, then the app is not installed. Peroid.

And yes, I also decline to update apps that demand additional permissions.
Requesting more permissions up front will not help you with this, at least not
with me.

My 2c.

~~~
sizzle
root your phone and install:
[https://github.com/M66B/XPrivacy](https://github.com/M66B/XPrivacy)

------
theelfismike
Makes me wish Android could request some permissions at runtime.

It's painful to have a bunch of permissions in the manifest that aren't used
by 100% of users, but 100% of them have to allow them if they want to install
the app.

~~~
sliverstorm
This is exactly why I have yet to install the Facebook app. I want some of its
features, but not others; if I could reject certain permissions, I'd have
installed it by now.

~~~
parfe
Run Cyanogenmod which includes Privacy Guard and you'll get exactly what you
want.

~~~
sliverstorm
Once upon a time I would have. But these days, I'm just sticking with the
stock firmware. I haven't even rooted it! (gasp) I can live without the
Facebook app.

------
Gracana
This is fantastic and I wish everything did this. As an android user, I'm
often at a loss as to why an app needs a certain permission, and there's
simply no easy way to figure out the answer. An initial dialog that explains
the feature before it is used/enabled seems like the perfect solution.

~~~
greggman
One common reason an app needs permissions is because of 3rd party metric
libraries and 3rd party ad libraries. At least for games that's the #1 reason
they ask for permissions the game itself doesn't need.

While I hate it my game dev friends retort that they see no negative
repercussions... as in their install rates don't change perceptibly based on
permissions requested. A few geeks like me might refuse to install but we're
such a tiny percent of their customer base that it's not worth it for them to
find alternative libraries or write their own.

------
ajanuary
Really interesting to see the iterations from obviously awful through
acceptable all the way to obvious in retrospect but takes a non-obvious amount
of thought and design.

------
habosa
This is great, more developers should think this way. When I worked on Google+
Developer Relations this summer there was no way to do incremental
permissions, but it has since been added and makes Sign-In With Google way
less scary for a lot of use cases.

Android needs this desperately. One of my apps has ~15% of users never
updating because I added an additional permission and when you do that you
can't auto-update. I wish I could just ask for it at runtime, since it's a
Camera permission and I added picture-taking to my app. I'm sure 100% of users
would say yes at that time.

------
click170
I find I'm often surprised by the permissions an app is requesting, which
turns me away from the app.

I'm an Android user, but I prefer the unix philosophy, I just want an app to
do one thing and to do it well. It's hard to find apps that do that I find.

Examples that have turned me away from apps before: a filesystem viewer
doesn't _really_ need the ability to control my wifi. An ebook reader doesn't
_really_ need access to my contact list.

------
heywire
Part of me worries that an app could use this in a bad way as well. If an app
asks a user for a permission, and the user says no, the current expectation is
that they won't be asked again. However, with this pattern, the app could
bother the user until they finally gave up and granted permissions. Of course,
this could also backfire and cause the user to uninstall the app.

~~~
kylec
I've never seen an app ask for the same permission more than once. I'm pretty
sure that if the user declines it the first time, all subsequent times will be
automatically declined without prompting the user.

~~~
FigBug
Facebook Messenger does it every time you go to the App, it's very annoying.
It definitely makes me use it less. I don't think Apps should be aware if they
have had permissions denied, functions should just quietly return
nothing/false data.

Example: [http://i.imgur.com/S4MmKo3.png](http://i.imgur.com/S4MmKo3.png)

~~~
gurkendoktor
Older versions of Messenger even complained if you allowed it to send push
notifications, but disabled the notification _sound_.

------
dclowd9901
One of my apps accesses a persons' contacts. The approach I took to this was
to notify the user ahead of time that I would be asking for permission to use
the app, and that we would never use the contacts for anything but in app
convenience. It feels great and is very informative. Only thing is the code is
a bit wiry, but I'm working on that.

~~~
dangero
I'm convinced this is the best way to do it. I was testing one of those apps
that repeats what you say and they did something like this. They popped up a
dialog that said, "We are going to ask for access to the Microphone. We need
this so we can make the animal repeat after you." When you tapped "OK" the
permission dialog popped up. Apple should really let the developer put some
information like that on their permission dialog.

~~~
bbatsell
> Apple should really let the developer put some information like that on
> their permission dialog.

They do :)

See all of the NS.*UsageDescription keys listed here:

[https://developer.apple.com/library/mac/documentation/genera...](https://developer.apple.com/library/mac/documentation/general/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html)

~~~
LeoNatan25
They don't on iOS.

~~~
bbatsell
Yes, they do. Many apps use them (including the one in the linked article,
which shows customized usage descriptions in their screenshots). The
documentation I linked applies to both Cocoa and Cocoa Touch, and you can see
whether OS X or iOS or both supports each key based on the Platform column on
the right.

------
nirkalimi
Very intuitive. People just need a context for permissions to make sense. I
feel like this is similar to anything online. Don't ask for something right
away until someone understands what the benefit of doing so entails. These
rules hold true in sales, pitching, etc.

------
ecesena
I'd be interested if anybody also analyzed the permissions for social accounts
(Facebook, Twitter).

Our experience at Theneeds is kind of strange in this regard. We have the
"classical" initial join page with social buttons, and we ask for permissions
when the user tap one of them. Surprisingly, we realized that many users click
on Facebook icon, but next they "Don't allow" permissions. This forced us to
implement a web fallback to still be able to authenticate the users (without
forcing them to go to the iphone settings).

------
spike021
Seems like a better workaround for the time being. I know from personal
experience that I tend to either: a) somewhat trust the app I'm using, so I
just blindly accept to get it out of the way, or b) don't trust the app at all
since it's completely new to me, so I tap to deny immediately.

If you can make your users feel more comfortable about the legitimacy of your
app and help them to feel more at ease with giving away those permissions,
then you're doing a good job.

------
matznerd
Pretty good article, and I've definitely noticed that it works better when you
ask people at the time of usage vs on first open.

------
sizzle
for anyone who wants apps to request permissions or the ability to deny
permissions I highly recommend rooting your phone then installing XPrivacy;
[https://github.com/M66B/XPrivacy](https://github.com/M66B/XPrivacy)

------
lauraglu
Super helpful. Thanks for writing.

------
username223
A modal "do-what-I-want/pester-you-later" dialog is not the right way. The
right way for Vegetable Knight or what-not to ask for permissions is to give
the option to say "no, and don't ever ask again," and enforce that at the
system level.

------
bmull
Also posted here:
[https://news.ycombinator.com/item?id=7531782](https://news.ycombinator.com/item?id=7531782)

------
lukejduncan
The answer at install is always no:

"SuperApp would like to send you push-notifications"

~~~
eddieroger
640k ought to be enough for anyone.

Absolutes are usually bad advice. Some apps effectively use push. Many don't.
With iOS' limited background modes, despite advancements in 7, sometimes you
need to get the user's attention, and push is the means.

------
suyash
Most annoying persmission is Geo-Location for apps that don't really need it.

------
fjcaetano
Fantastic post. This is a major problem with Android, when oftenly users are
asked to grant permissions that apparently have nothing to do with the app.

