Gone are the days when apps used to ask for all the app permissions in a single go at the time of app install or asked for app permissions without providing any reason. A lot has changed in the way app permissions are implemented in apps - Android or iOS. Apps that dominate app stores provide superior value to their users. They do this by using or manipulating (in a positive way) data that is accessible to them.
Photo sharing, social media, fitness, news and other apps are nothing without user consent to use their data from device. Just imagine Instagram without access to your photos and google maps app without GPS. For apps, permissions are a gateway to your data but i see this is not given much importance. A lot of apps ask for app permission without any justification. Without any proper justification, this is too much to ask from the user. Many times, ill implemented app permissions lead to churn. Why would my taxi hailing app require permission to see my text messages? Why would a restaurant reviews app want to send me notifications?
In the process of making apps more usable, developers end up asking for access to too many things the apps don’t require.
According to Bryce Boland, CTO, Asia-Pacific, at cyber security firm FireEye, “Developers, in the process of making apps more usable, end up asking for access to too many things the apps don’t require. Some well-known brands, too, have poorly coded apps that end up compromising on security”. Users used to overlook permissions and blindly agreed to install the app. But not anymore. Today’s user denies suspicious permissions at first run. They don’t want to go through that lengthy list of permissions just yet. They want to know reason behind permissions before granting access. If you app deals with sensitive data, this may be the reason you have high churn.
A new era of user privacy
Google and Apple keep tweaking Permission guidelines but things really changed between 2014 - 2015. App permissions, user privacy and data security became key areas app business could not ignore. Both software giants are doing their best to provide developers with ways to limit data access and provide more security while still providing value.
Apple frequently rejects apps from its app store due to faulty access or mishandling of permissions. It strengthened its commitment to user privacy near the end of 2014 with improved privacy features in iOS 8. Google released more granular, runtime requests for app permissions with its Android Marshmallow 6.0 release near the end of 2015. This allows app developers to ask for permissions as required. Permissions allow users to control and grant data access to the apps. Data could be related to a particular software or hardware of the phone. It can be anything from accessing the camera of the phone to accessing the user’s personal health information.
You need to ask for the right kind of permissions at the right time to provide value.
For a user to download and stick to the app you need to ask for the right kind of permissions at the right time to provide value. I recently reviewed a banking app that required access to my contacts even before i could login! That really spooked me out. Immediately uninstalled it and did a malware scan after that.
Read the guidelines
Here are links to app permission guidelines from Apple (iOS) and Google (Android). Both android and iOS user guidelines briefly explain rules on how and where the app should be prompting the user for app permissions. The app needs to ask permission before it activates any settings or accesses any private data. This is important for the privacy and protection of the user’s data. You’ll find multiple examples of this everywhere on the app store. Evernote will never ask you for permission to your Camera or photo library unless you want to capture a image based note. Facebook Messenger and Groupon only asks for location services when you need to share your location or find services nearby.
On the first launch of your app, it should only ask for the permission it absolutely requires to function. Later on, if a particular features requires access to another data, justify its need and then ask for user’s permission. Users get suspicious and develop distrust in the apps that do not explain reasons behind the app permissions. Enough to get them to uninstall the app.
Normal app permissions
Generally speaking, there are two kinds of permissions. Normal and Dangerous. As the name states, normal permissions are obvious in nature. Users intuitively know the permissions required based on the app they installed. These are the ones that usually popup at first run of an app just after you sign-in.
For normal app permissions, just ask at right time. In most cases, that’s all you’ll need.
When a user installs Google Maps app and launches it.The very first thing that she sees is the permissions popup. The only permission it needs is to ‘Use Your Current Location’ and nothing else. User knows that Google Maps allows her to see various places on the map and pinpoint her location. Naturally, the app needs access to the location feature on her smartphone. Now, if Google Maps starts asking for an unrelated permission at this moment without giving a reason for it, user becomes suspicious.
Dangerous app permissions
Dangerous app permissions include access or modification of photos, messages, contacts, etc which are user personal and private information. I recommend that you always keep your users informed about these permissions beforehand. These are permissions to private data that make the users apprehensive before granting access. We don’t want the user to deny these permissions and at the same time give assurance of the activity. Building an anti-case helps here as well. Your app should still function properly even if permissions are not granted.
A good example of an app dealing with dangerous app permissions is Snapchat. An app like Snapchat or Facebook has to deal with multiple features of the phone. It needs various permissions to enable some key features. Before hitting the system permissions dialog, the app informs the user about the access it wants to have and why. This pre-permission step gives confidence to the user. It makes it easy for the user to allow subsequent system generated permissions dialogues.
It's just good communication
Treat app permissions like communication with your users. Don’t force users into unnecessary permissions you don't need. All they need is honesty and for you to show respect to their data. Go through your app yourself. Weed out any permission you don’t really need. Figure out the best approach to inform your users about them. There is plenty of inspiration out there on websites like Pinterest and Dribbble!
I also like permission sequence of the Heyday app. It treats permissions like they are a part of the user on-boarding process. This app clearly informs the user on the importance of photos before prompting for permission. At this point user is already aware of the app permission intuitively.
Uber does the same with a well written copy. It’s Location Permission message says “Uber picks you up exactly where you are. To start riding, choose “Allow” so the app can find your location”. I’m sure you can find many more examples. Just make your users your priority to gain their trust. Assure your users of their privacy and they will trust your app enough to become its advocate.
- Do an audit of your app permissions
- Remove any unnecessary app permissions
- Keep first launch app permissions to a minimum
- Find creative ways to inform users of upcoming system app permission