From its announcement at Google I/O to today, we keep uncovering new information and subtle details regarding the new permission system in Android 6.0. What we weren't able to know, however, was how OEMs were going to treat (or be forced to treat) this new feature. Would they be able to remove it completely? Circumvent it for their own apps? Could they abuse it to grant permissions to bloatware? Well, we now have our answers thanks to the updated Marshmallow Compatibility Definition Document.
In it, Google explains that apps that target API level 23 will have to request permissions to access certain protected features. OEMs won't be able to avoid this, they will need to have dialogue windows for permission requests (ie the pop-ups) and a central location to manage all permissions (as in the Settings). These are non-negotiable (MUST) requirements.
More important however, is the fact that OEMs won't be able to (MUST NOT) grant permissions to pre-installed apps. There are two exceptions here. The first treats these like any other app, requiring them to ask for permissions before doing anything substantial. The second is when these apps are standard replacements for default ones, like the phone, camera, contacts app, etc.
Essentially, this means that an OEM like Samsung or LG could still replace the dialer and the camera and grant them the right to actually do their job without pestering users with requests when they first launch them. However, they won't be able to install other apps and grant them all the permissions without asking for them. If Asus and HP and other OEMs want to include a ton of bloatware with their devices to offset their price, and make it non-removable to worsen the situation, you will still have control over whether that bloatware actually does anything substantial in the background and without your knowledge or if it stays there castrated and harmless.
Here is the text from the CDD:
Permissions with a protection level of dangerous are runtime permissions. Applications with targetSdkVersion > 22 request them at runtime. Device implementations:
- MUST show a dedicated interface for the user to decide whether to grant the requested runtime permissions and also provide an interface for the user to manage runtime permissions.
- MUST have one and only one implementation of both user interfaces.
- MUST NOT grant any runtime permissions to preinstalled apps unless: the user's consent can be obtained before the application uses it or the runtime permissions are associated with an intent pattern for which the preinstalled application is set as the default handler.
I'm happy about this. It will definitely help a little with the crappy pre-installed anti-viruses, scanners, and whatnots that keep scouring your storage and grabbing whatever information they find to do God knows what with it.
- Android 6.0 Compatibility Definition Document (PDF)