If you're setting an app to be your default browser or email client, you probably trust it with your data. However, you still have to manually grant it permission for everything. Starting with Android Q, apps set as defaults will be automatically granted permissions based on what they are the default for.

Android Q introduces a new function called 'Roles,' which "allows the OS to grant apps elevated access to system functions based on well-understood use cases." There are seven roles to start with:

  • ROLE_BROWSER: Apps set as the system browser become the handler for web content requests.
  • ROLE_DIALER: The default Phone dialer can send SMS messages, and can handle outgoing calls/call logs.
  • ROLE_SMS: The default SMS app can send and recieve text messages (shocker, I know), and read contacts.
  • ROLE_HOME: This is for the default app launcher, and doesn't include any special permissions.
  • ROLE_MUSIC: The default music app has full control over files in the 'Music' folder in the internal storage, even files created by other apps.
  • ROLE_GALLERY: The default photo app has full access to files in the 'Photos & Videos' media directory, again including files created by other apps.
  • ROLE_EMERGENCY: This is only mentioned in documentation for RoleManager, and there are no details about what it's for or what permissions it grants. Android Q allows users to set default apps for emergency info, so this is probably the role associated with that default.

Google will almost certainly add more roles as time goes on, but this is definitely a nice change. Roles should lead to fewer permissions prompts for users, and more predictable functionality for developers.

  • Source:
  • Android Developers (1,
  • 2)