Privacy and Permissions Management
Understand platform-specific permission models and design app flows to respect user consent and privacy by balancing functionality, and minimal data access.
We'll cover the following...
When we think of permissions, it’s easy to picture simple prompts: “Allow access to location?” or “Enable microphone?” But in mobile System Design, permissions are far more than just OS dialogs. They’re architectural decisions that shape how our app behaves, how users trust it, and whether it’s even allowed in the app store. Let’s consider a simple scenario:
We’re building a habit-tracking app. To provide personalized nudges, we’d like access to the user’s location and notification system. But what if the user says no to both? Does the app still work? Can it degrade gracefully? More importantly, have we designed the system to ask for these permissions at the right time?
In today’s world, mobile apps often need access to sensitive data such as our location, contacts, camera, or photos to connect with people, track our health, navigate cities, store personal memories, and much more. While these features offer convenience and functionality, they also raise important questions about privacy.
A significant number of users (up to 30%)
As mobile System Designers, we must take privacy seriously. When users trust our apps with their personal information, they expect us to handle it responsibly and transparently.
Moreover, regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) impose strict guidelines on personal data collection and usage. Non-compliance can lead to substantial penalties and reputational harm.
We’ll explore how to work with permission models provided by mobile operating systems (OS) like Android and iOS, and how to design our apps to respect user privacy. This means asking for permission the right way, collecting only the data we need, and making sure users understand how their data is used.
Permission models in mobile systems
Every mobile OS has its own way of managing how apps request access to sensitive features like the camera, contacts, or location. These mechanisms are called permission models. As System Designers, it’s important that we understand how these models work. This helps us build applications that not only function well, but also respect user expectations and legal obligations regarding privacy.
Android permission model
Android treats permissions as runtime-granted capabilities. Apps must request permission when needed, and users can revoke them anytime. Since Android 6.0, this has been the standard, but more recent versions introduced tighter controls, some of which are mentioned below.
Foreground vs. background access: For example, location must first be granted for foreground use, then separately requested for background access.
Scoped storage and media ...