Uses Permissions
Go Up to Project Options Dialog Box
Contents
Project > Options > Uses Permissions
Use this dialog box to specify the permissions that your Android application requires to work. RAD Studio adds the permissions you specify in the AndroidManifest.xml file.
- Caution: Carefully review the list of permissions that are configured for your Android application. You should disable permissions that your application does not need, because:
- Android devices prompt your users to accept every requested permission when they run your application for the first time.
- Application stores such as Google Play may use permissions to filter out applications.
- For example, if your application requires the Call phone permission (which is required by default), application stores might not let users install your application on tablets.
For example:
- InterBase requires certain permissions:
- Internet: Allows applications to access network sockets. If you are building Client/Server apps accessing remote InterBase databases, this permission is a must-have. This permission is also required by InterBase "call home" silent license registration.
- Read external storage/Write external storage: Allows access to the external storage location where InterBase files, including your database files, are delivered. This permission is required for applications to perform read/write operations.
- Some FireMonkey components require certain permissions. For example:
- TCalendarEdit requires Read calendar and Write calendar permissions.
- TLocationSensor requires Access coarse location and Access fine location permissions.
Some Basic Android Permissions are Set for All FireMonkey Android Apps
New Android applications have the following required permissions set by default:
- Access coarse location
- Access fine location
- Call phone
- Camera
- Internet
- Read calendar
- Read external storage
- Write calendar
- Write external storage
- Read phone state
INTERNET Permission Is Always Set for the Development Configuration
Your Android apps have several Uses Permissions that are set by default, including the INTERNET permission.
- When you build an Android app with the Configuration set to Development (in the Project Manager), the INTERNET permission is always implicitly set, even if you disable the INTERNET permission on Uses Permissions. This is because the RAD Studio debugger requires the INTERNET permission.
- For the Application Store configuration, however, you can disable the INTERNET permission using Project > Options > Uses Permissions.
Here is the Project Manager with the Development configuration node set for an Android app:
Dialog Box Field Descriptions
| Options | Description |
|---|---|
|
Target, Apply, Save |
See Target Options. |
|
Common items |
Basic Uses Permissions
The following uses permissions can be used as required for most Android applications. Some of the most commonly used basic permissions are preset by RAD Studio when you create an Android app.
| Permission Symbol | Permission | Description |
|---|---|---|
|
ACCESS_COARSE_LOCATION |
Access coarse location |
Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi. |
|
ACCESS_FINE_LOCATION |
Access fine location |
Allows an app to access precise location from location sources such as GPS, cell towers, and Wi-Fi. |
|
ACCESS_LOCATION_EXTRA_COMMANDS |
Access location extra commands |
Allows an application to access extra location provider commands. |
|
ACCESS_MOCK_LOCATION |
Access mock location |
Allows an application to create mock location providers for testing. |
|
ACCESS_NETWORK_STATE |
Access network state |
Allows applications to access information about networks. |
|
ACCESS_WIFI_STATE |
Access wifi state |
Allows applications to access information about Wi-Fi networks. |
|
ADD_VOICEMAIL |
Add voicemail |
Allows an application to add voicemails into the system. |
|
AUTHENTICATE_ACCOUNTS |
Authenticate accounts |
Allows an application to act as an AccountAuthenticator for the AccountManager. |
|
BATTERY_STATS |
Battery stats |
Allows an application to collect battery statistics. |
|
BIND_ACCESSIBILITY_SERVICE |
Bind accessibility service |
Must be required by an AccessibilityService, to ensure that only the system can bind to it. |
|
BIND_DEVICE_ADMIN |
Bind device admin |
Must be required by device administration receiver, to ensure that only the system can interact with it. |
|
BIND_INPUT_METHOD |
Bind input method |
Must be required by an InputMethodService, to ensure that only the system can bind to it. |
|
BIND_REMOTEVIEWS |
Bind remoteviews |
Must be required by a RemoteViewsService, to ensure that only the system can bind to it. |
|
BIND_TEXT_SERVICE |
Bind text service |
Must be required by a TextService. |
|
BIND_VPN_SERVICE |
Bind vpn service |
Must be required by an VpnService, to ensure that only the system can bind to it. |
|
BIND_WALLPAPER |
Bind wallpaper |
Must be required by a WallpaperService, to ensure that only the system can bind to it. |
|
BLUETOOTH |
Bluetooth |
Allows applications to connect to paired Bluetooth devices. |
|
BLUETOOTH_ADMIN |
Bluetooth admin |
Allows applications to discover and pair Bluetooth devices. |
|
BROADCAST_STICKY |
Broadcast sticky |
Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast. |
|
CALL_PHONE |
Call phone |
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed. |
|
CAMERA |
Camera |
Required to be able to access the camera device. |
|
CHANGE_CONFIGURATION |
Change configuration |
Allows an application to modify the current configuration, such as locale. |
|
CHANGE_NETWORK_STATE |
Change network state |
Allows applications to change network connectivity state. |
|
CHANGE_WIFI_MULTICAST_STATE |
Change wifi multicast state |
Allows applications to enter Wi-Fi Multicast mode. |
|
CHANGE_WIFI_STATE |
Change wifi state |
Allows applications to change Wi-Fi connectivity state. |
|
CLEAR_APP_CACHE |
Clear app cache |
Allows an application to clear the caches of all installed applications on the device. |
|
DISABLE_KEYGUARD |
Disable keyguard |
Allows applications to disable the keyguard. |
|
EXPAND_STATUS_BAR |
Expand status bar |
Allows an application to expand or collapse the status bar. |
|
FLASHLIGHT |
Flashlight |
Allows access to the flashlight. |
|
GET_ACCOUNTS |
Get accounts |
Allows access to the list of accounts in the Accounts Service. |
|
GET_PACKAGE_SIZE |
Get package size |
Allows an application to find out the space used by any package. |
|
GET_TASKS |
Get tasks |
Allows an application to get information about the currently or recently running tasks. |
|
GLOBAL_SEARCH |
Global search |
Allows the global search system to access the data of specific content providers. Typically Global search is used when the provider has some permissions protecting it (which global search would not be expected to hold), and is added as a read-only permission to the path in the provider where global search queries are performed. The Global search permission cannot be held by regular applications; it is used by applications to protect themselves from all other applications except for global search. |
|
INTERNET |
Internet |
Allows applications to open network sockets. |
|
KILL_BACKGROUND_PROCESSES |
Kill background processes |
Allows an application to call killBackgroundProcesses(String). |
|
MANAGE_ACCOUNTS |
Manage accounts |
Allows an application to manage the list of accounts in the AccountManager. |
|
MODIFY_AUDIO_SETTINGS |
Modify audio settings |
Allows an application to modify global audio settings. |
|
NFC |
NFC |
Allows applications to perform I/O operations over NFC. |
|
PROCESS_OUTGOING_CALLS |
Process outgoing calls |
Allows an application to monitor, modify, or abort outgoing calls. |
|
READ_CALENDAR |
Read calendar |
Allows an application to read the user calendar data. |
|
READ_CALL_LOG |
Read call log |
Allows an application to read the user call log. |
|
READ_CONTACTS |
Read contacts |
Allows an application to read the user contacts data. |
|
READ_EXTERNAL_STORAGE |
Read external storage |
Allows an application to read from external storage. |
|
READ_HISTORY_BOOKMARKS |
Read history bookmarks |
Allows an application to read (but not write) the user browsing history and bookmarks. |
|
READ_PHONE_STATE |
Read phone state |
Allows read only access to phone state. |
|
READ_PROFILE |
Read profile |
Allows an application to read the user personal profile data. |
|
READ_SMS |
Read SMS |
Allows an application to read SMS messages. |
|
READ_SOCIAL_STREAM |
Read social stream |
Allows an application to read from the user social stream. |
|
READ_SYNC_SETTINGS |
Read sync settings |
Allows applications to read the sync settings. |
|
READ_SYNC_STATS |
Read sync stats |
Allows applications to read the sync stats. |
|
READ_USER_DICTIONARY |
Read user dictionary |
Allows an application to read the user dictionary. |
|
RECEIVE_BOOT_COMPLETED |
Receive boot completed |
Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. |
|
RECEIVE_MMS |
Receive MMS |
Allows an application to monitor incoming MMS messages, to record or perform processing on them. |
|
RECEIVE_SMS |
Receive SMS |
Allows an application to monitor incoming SMS messages, to record or perform processing on them. |
|
RECEIVE_WAP_PUSH |
Receive WAP push |
Allows an application to monitor incoming WAP push messages. |
|
RECORD_AUDIO |
Record audio |
Allows an application to record audio. |
|
REORDER_TASKS |
Reorder tasks |
Allows an application to change the Z-order of tasks. |
|
SEND_SMS |
Send SMS |
Allows an application to send SMS messages. |
|
SET_ALARM |
Set alarm |
Allows an application to broadcast an Intent to set an alarm for the user. |
|
SET_TIME_ZONE |
Set time zone |
Allows applications to set the system time zone. |
|
SET_WALLPAPER |
Set wallpaper |
Allows applications to set the wallpaper. |
|
SET_WALLPAPER_HINTS |
Set wallpaper hints |
Allows applications to set the wallpaper hints. |
|
SUBSCRIBED_FEEDS_READ |
Subscribed feeds read |
Allows an application to allow access the subscribed feeds ContentProvider. |
|
SUBSCRIBED_FEEDS_WRITE |
Subscribed feeds write |
Allows an application to allow write the subscribed feeds ContentProvider. |
|
SYSTEM_ALERT_WINDOW |
System alert window |
Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications. |
|
USE_CREDENTIALS |
Use credentials |
Allows an application to request authtokens from the AccountManager. |
|
USE_SIP |
Use SIP |
Allows an application to use SIP service. |
|
VENDING_BILLING |
Vending billing (In-app Billing) |
Allows using the In-app Billing service. See the Android documentation for additional information. |
|
VIBRATE |
Vibrate |
Allows access to the vibrator. |
|
WAKE_LOCK |
Wake lock |
Allows using PowerManager WakeLocks to keep processor from sleeping or screen from dimming. |
|
WRITE_CALENDAR |
Write calendar |
Allows an application to write (but not read) the user calendar data. |
|
WRITE_CALL_LOG |
Write call log |
Allows an application to write (but not read) the user contacts data. |
|
WRITE_CONTACTS |
Write contacts |
Allows an application to write (but not read) the user contacts data. |
|
WRITE_EXTERNAL_STORAGE |
Write external storage |
Allows an application to write to external storage. |
|
WRITE_HISTORY_BOOKMARKS |
Write history bookmarks |
Allows an application to write (but not read) the user browsing history and bookmarks. |
|
WRITE_PROFILE |
Write profile |
Allows an application to write (but not read) the user personal profile data. |
|
WRITE_SETTINGS |
Write settings |
Allows an application to read or write the system settings. |
|
WRITE_SMS |
Write SMS |
Allows an application to write SMS messages. |
|
WRITE_SOCIAL_STREAM |
Write social stream |
Allows an application to write (but not read) the user social stream data. |
|
WRITE_SYNC_SETTINGS |
Write sync settings |
Allows applications to write the sync settings. |
|
WRITE_USER_DICTIONARY |
Write user dictionary |
Allows an application to write to the user dictionary. |
- The documentation in the Description column of the table above is licensed under Apache 2.0. Copyright © Android Open Source Project.
Advanced Uses Permissions
The following uses permissions are only necessary for advanced Android features, and most applications should not need any of them.
| Item Symbol | Items | Description |
|---|---|---|
|
ACCESS_CHECKIN_PROPERTIES |
Access checkin properties |
Allows read/write access to the "properties" table in the checkin database, to change values that get uploaded. |
|
ACCESS_SURFACE_FLINGER |
Access surface flinger |
Allows an application to use SurfaceFlinger's low level features. |
|
ACCOUNT_MANAGER |
Account manager |
Allows applications to call into AccountAuthenticators. |
|
BIND_APPWIDGET |
Bind appwidget |
Allows an application to tell the AppWidget service which application can access AppWidget data. |
|
BRICK |
Brick |
Required to be able to disable the device (very dangerous!). |
|
BROADCAST_PACKAGE_REMOVED |
Broadcast package removed |
Allows an application to broadcast a notification that an application package has been removed. |
|
BORADCAST_SMS |
Broadcast sms |
Allows an application to broadcast an SMS receipt notification. |
|
BROADCAST_WAP_PUSH |
Broadcast WAP PUSH |
Allows an application to broadcast a WAP PUSH receipt notification. |
|
CALL_PRIVILEGED |
Call privileged |
Allows an application to call any phone number, including emergency numbers, without going through the Dialer user interface for the user to confirm the call being placed. |
|
CHANGE_COMPONENT_ENABLED_STATE |
Change component enabled state |
Allows an application to change whether an application component (other than its own) is enabled or not. |
|
CLEAR_APP_USER_DATA |
Clear app user data |
Allows an application to clear user data. |
|
CONTROL_LOCATION_UPDATES |
Control location updates |
Allows enabling/disabling location update notifications from the radio. Not for use by normal applications. |
|
DELETE_CACHE_FILES |
Delete cache files |
Allows an application to delete cache files. |
|
DELETE_PACKAGES |
Delete packages |
Allows an application to delete packages. |
|
DEVICE_POWER |
Device power |
Allows low-level access to power management. |
|
DIAGNOSTIC |
Diagnostic |
Allows applications to RW to diagnostic resources. |
|
DUMP |
DUMP |
Allows an application to retrieve state dump information from system services. |
|
FACTORY_TEST |
Factory test |
Run as a manufacturer test application, running as the root user. Only available when the device is running in manufacturer test mode. |
|
FORCE_BACK |
Force back |
Allows an application to force a BACK operation on whatever is the top activity. |
|
HARDWARE_TEST |
Hardware test |
Allows access to hardware peripherals. Intended only for hardware testing. |
|
INJECT_EVENTS |
Inject events |
Allows an application to inject user events (keys, touch, trackball) into the event stream and deliver them to ANY window. |
|
INSTALL_LOCATION_PROVIDER |
Install location provider |
Allows an application to install a location provider into the Location Manager. |
|
INSTALL_PACKAGES |
Install packages |
Allows an application to install packages. |
|
INTERNAL_SYSTEM_WINDOW |
Internal system window |
Allows an application to open windows that are for use by parts of the system user interface. |
|
MANAGE_APPLICATION_TOKENS |
Manage application tokens |
Allows an application to manage (create, destroy, Z-order) application tokens in the window manager. This is only for use by the system. |
|
MASTER_CLEAR |
Master clear |
Allows you to call CheckinService.masterClear(), which resets the device settings to factory defaults and removes any user data. |
|
MODIFY_PHONE_STATE |
Modify phone state |
Allows modification of the telephony state - power on, mmi, etc. This is only for use by the system. |
|
MOUNT_FORMAT_FILESYSTEMS |
Mount format filesystems |
Allows formatting file systems for removable storage. |
|
MOUNT_UNMOUNT_FILESYSTEMS |
Mount unmount filesystems |
Allows mounting and unmounting file systems for removable storage. |
|
READ_FRAME_BUFFER |
Read frame buffer |
Allows an application to take screen shots and more generally get access to the frame buffer data. |
|
READ_LOGS |
Read logs |
Allows an application to read the low-level system log files. |
|
REBOOT |
Reboot |
Required to be able to reboot the device. |
|
SET_ACTIVITY_WATCHER |
Set activity watcher |
Allows an application to watch and control how activities are started globally in the system. |
|
SET_ALWAYS_FINISH |
Set always finish |
Allows an application to control whether activities are immediately finished when put in the background. |
|
SET_ANIMATION_SCALE |
Set animation scale |
Modify the global animation scaling factor. |
|
SET_DEBUG_APP |
Set debug app |
Configure an application for debugging. |
|
SET_ORIENTATION |
Set orientation |
Allows low-level access to setting the orientation (actually rotation) of the screen. |
|
SET_POINTER_SPEED |
Set pointer speed |
Allows low-level access to setting the pointer speed. |
|
SET_PROCESS_LIMIT |
Set process limit |
Allows an application to set the maximum number of (not needed) application processes that can be running. |
|
SET_TIME |
Set time |
Allows applications to set the system time. |
|
SIGNAL_PERSISTENT_PROCESSES |
Signal persistent processes |
Allows an application to request that a signal be sent to all persistent processes. |
|
STATUS_BAR |
Status bar |
Allows an application to open, close, or disable the status bar and its icons. |
|
UPDATE_DEVICE_STATS |
Update device stats |
Allows an application to update device statistics. |
|
WRITE_APN_SETTINGS |
Write apn settings |
Allows applications to write the apn settings. |
|
WRITE_GOOGLE_SERVICES |
Write Google services |
Allows an application to modify the Google service map. |
|
WRITE_SECURE_SETTINGS |
Write secure settings |
Allows an application to read or write the secure system settings. |
- The documentation in the Description column of the table above is licensed under Apache 2.0. Copyright © Android Open Source Project.