The AndroidManifest.xml is the passport of your Android app. It tells the system what your app is, what components it has, and most importantly, what it is allowed to do.
Declaring Permissions
Every permission your app needs must be declared in the manifest.
<manifest ... >
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<application ... >
...
</application>
</manifest>Install-Time vs. Runtime Permissions
Normal Permissions (Install-Time)
These are granted automatically when the user installs the app because they are considered low-risk.
Examples:
- INTERNET
- ACCESS_NETWORK_STATE
- VIBRATE
Dangerous Permissions (Runtime)
Since Android 6.0 (Marshmallow), critical permissions must be requested while the app is running. Even if you declare them in the manifest, you cannot use them until the user taps "Allow" on the system dialog.
Examples:
- CAMERA
- READ_CONTACTS
- ACCESS_FINE_LOCATION
Best Practices
- Request Later: Don't ask for everything on startup. Wait until the user taps the camera button to ask for Camera permission.
- Explain Why: If a user denies a permission, show a UI explaining why the feature won't work without it.
- Handle Denial: Your app shouldn't crash if the user says "No". It should gracefully disable that specific feature.
