What is the difference between normal and dangerous permissions?

Normal permissions cover low-risk capabilities and are granted automatically at install with no user prompt. Dangerous permissions touch private data or sensors, so on Android 6.0 and later your app must request them at runtime and the user can deny or revoke them.

Which permissions need a runtime request?

Only dangerous permissions need requestPermissions at runtime, such as CAMERA, ACCESS_FINE_LOCATION, RECORD_AUDIO and READ_CONTACTS. Normal and signature permissions are granted without a prompt when declared in the manifest.

What are permission groups?

Dangerous permissions are organized into groups like LOCATION, CAMERA and CONTACTS. Granting any permission in a group historically granted the rest, but since Android 11 each permission is requested individually even within a group.

What is a signature permission?

A signature permission is granted only to apps signed with the same certificate as the app that defines it. It is used for trusted inter-app communication and cannot be obtained by an unrelated third-party app.

Do I still declare dangerous permissions in the manifest?

Yes. Every permission your app uses, dangerous or not, must be declared with a uses-permission element in AndroidManifest.xml. The manifest declaration plus a granted runtime request are both required for dangerous permissions to work.

Android Permissions Reference

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

Android permissions by protection level

Android gates sensitive capabilities behind permissions, each carrying a protection level that decides how it is granted. Normal permissions are auto-granted at install; dangerous ones require a runtime prompt the user can deny; signature permissions are limited to apps signed with the same key. This searchable reference lists common permissions with their level, group and runtime requirement.

How it works

Declare every permission in the manifest, then request dangerous ones at runtime:

<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />

if (checkSelfPermission(Manifest.permission.CAMERA) != PERMISSION_GRANTED) {
  requestPermissions(arrayOf(Manifest.permission.CAMERA), REQ_CODE)
}

A normal permission is granted at install with no prompt. A dangerous permission also needs the user to approve the runtime request, and they can revoke it later in Settings, so always check checkSelfPermission before use.

Tips and notes

Request a dangerous permission only when the feature that needs it is invoked.
Since Android 11, each permission is granted individually even within a group.
Handle denial gracefully — degrade the feature rather than crashing.
Background location (ACCESS_BACKGROUND_LOCATION) needs a separate, stricter flow.