

How to ask users for iOS permissions - gr2020
https://medium.com/@mulligan/the-right-way-to-ask-users-for-ios-permissions-96fa4eb54f2c

======
Animats
This is an amusing tutorial on how to scam users into giving your app more
permissions than it needs. Their popup text reads "Heyday would like to access
your location Heyday uses your location to journal places you go. It's
completely private and secure."

Now compare their privacy policy:

"If location services are enabled on your mobile device, our HeyDay
application will passively and automatically send location information to Hey,
Inc..."

"Hey, Inc. cannot guarantee your safety and security and you should be aware
that submitting any information and using the Services is done at your own
risk."

So, in the popup, they claim to take responsibility for the security of
location data, but in reality, they're tracking you at all times and don't
take responsibility for the security of the data.

~~~
haney
Are there no legal consequences for telling the user one thing in the UI and
another in the TOS? Obviously this would require some sort of challenge in
court, but there's at least some avenue for a remedy to this kind of behavior,
no?

~~~
pluma
I'm pretty sure you'd have a case in the EU (at least the "completely private"
BS seems dodgy), not sure about the US.

------
0942v8653
Actually, an easy way to get your privileges after they were declined is to
open the URL "app-settings:". In iOS 8, the settings page for any app includes
easy access to the permissions, including at least location, photos,
notifications, microphone, background refresh, and cellular data.

Quite a bit simpler, and takes the user right to it. Of course, you still have
to initiate the action, but again this can be done at a relevant place in the
app.

------
WhitneyLand
A simple example of the best practice described here is to display a checkbox
that says "Allow us to use your camera". Then if the user toggles the checkbox
the app immediately presents the system permission prompt.

When you see it in action it feels really natural and less jarring to the
user.

I've noticed this in a few apps so it seems like it's becoming a design trend,
and a good trick to learn from for those that make apps.

~~~
tracker1
I'd much rather see this as an on-demand permission request... when I see
permissions that make no sense for what I think an app is, I tend not to
install said app.. right off the bat.

I don't know if Android offers similar on-demand permissions, but it would be
a much nicer experience.

~~~
Macha
> I don't know if Android offers similar on-demand permissions, but it would
> be a much nicer experience.

The answer is sadly no. Unfortunately this leads to developers pre-emptively
asking for permissions they might need in the futiure at install time, in case
the request for more permissions in a future update causes the user not to
update.

------
sitharus
I've noticed this with websites in Safari recently, the first thing you see is
"Allow <site> to send push notifications", and I immediately click no - I just
want to read the article!

It's always better to wait to see if someone's interested or just exploring.

~~~
joshschreuder
Is this on Mac (desktop notifications?)

I don't think iOS Safari has anything like this

~~~
skyo
Yes, it's a feature that was introduced with Mavericks.

[https://developer.apple.com/notifications/safari-push-
notifi...](https://developer.apple.com/notifications/safari-push-
notifications/)

------
username223
> Only 3% of users who clicked “Give Access” clicked “Don’t Allow”, meaning
> less than 2% of total users denied access at a system level.

How many normal humans could anticipate that saying "yes" then "no" was the
only way to say "no"? Putting a preemptive "obey/ask me later" dialog before
the system one is slimy, but not unexpected.

~~~
duskwuff
Not sure what you mean by that. There's no benefit to explicitly denying the
app permissions -- declining the app's pre-permissions dialog just means it
never requests the permissions at all.

~~~
ajanuary
Declining the app's pre-permissions dialog means they can request it again.
Accepting the app's dialog, then denying it at the OS level means that, at
least with the library they link to in the post, the pre-permissions dialog
won't pop up again.

~~~
basch
sure the preemptive dialog could pop up again, but instead it would say "go to
settings to fix the problem"

------
jlaws
Here is a pre-permission utility that supports (almost) all of the permission
types on iOS:

[https://github.com/jlaws/JLPermissions](https://github.com/jlaws/JLPermissions)

pod "JLPermissions/Calendar" pod "JLPermissions/Camera" pod
"JLPermissions/Contacts" pod "JLPermissions/Facebook" pod
"JLPermissions/Health" pod "JLPermissions/Location" pod
"JLPermissions/Microphone" pod "JLPermissions/Notification" pod
"JLPermissions/Photos" pod "JLPermissions/Reminders" pod
"JLPermissions/Twitter"

------
msoad
Sometime app ask for permission right on spot that it's needed. For example
when sharing with friends, they ask for contacts permission so they can fill
in "to:" field of a "send to a friend" dialog. It's all reasonable and nice
until you realize the app sent your entire addressbook to their servers and
you start seeing recommendations to connect etc from your friends contacts in
the app...

Can iOS solve this?

~~~
JonathonW
I don't think they can, not without forbidding apps from getting access to the
entire address book altogether. That would rule out a whole class of apps that
actually need that functionality (WhatsApp, for example).

A good citizen on iOS (as of iOS 8) that wants to get a single contact from
the address book will always use the system contact picker to choose a single
contact without requiring full access to the user's address book. That's opt-
in, though; a bad actor can still require that the user give full access to
the address book. You (as a user) just have to hope that the review process
caught whether or not an app is being misleading about what it intends to do
with your contact info.

~~~
tracker1
If the OS provided an interface for SELECT_CONTACT or SELECT_CONTACTS that
allows for single or multi-select... then can only see the contact info for
the contact selected, that would be cleaner, and not expose all of one's
contacts.

~~~
JonathonW
That's exactly what the system contact picker does (it gives the app access to
the selected contact, without giving the app access to other contacts or to
future changes to the selected contact). There are apps out there where
exposing all your contacts is a desirable behavior, though, so they can't get
rid of the "read all contacts" permission.

