Applications are sandboxed, have device-unique user ID and group ID

Permissions

App, through declarations in AndroidManifest.xml, requests access to:

  • user data (eg. contacts)
  • cost-sensitive APIs (eg. sending SMS)
  • system resources (eg. camera)

Permission types:

  • normal: OS grants them on installation (eg. FLASHLIGHT, VIBRATE, BLUETOOTH, …)
  • dangerous: OS asks user to grant access when functionality is about to be used (eg. READ_CONTACTS, SEND_SMS, …)
  • special: toggles in Special app access page in system (eg. MANAGE_EXTERNAL_STORAGE)
  • custom: permission for other apps to launch your app’s components (Activities, Services, BroadcastReceivers, ContentProviders)

Good practices:

  • request only needed permissions, use other apps through Intents if possible
  • show immediate benefits of granting permissions to users

Notifications

Shown in the Status (Notification) Bar
Support: custom icons, sound and visual alerts; shown in notification drawer, on lockscreen

Implementation of notification:

  • management: NotificationManagerCompat - notify(), cancel(), cancelAll()
  • building: NotificationCompat.Builder - setContentTitle(), setContentText(), setSmallIcon(), setContentIntent()

Notification channels (from API26): settings management for similarly-themed notifications

Good practices:

  • do not overuse, minimise interruptions