Background
I remember that it was told (on one of Google's videos) that if the previous version of the app was updated to have targetSdk 23 on the new version, ALL permissions that were granted before - will stay granted now.
So, for example, if you installed an app with targetSdk 22, that required a permission to read from the contacts, then even after an upgrade of the app, to one with targetSdk 23, it will stay this way.
The reason is simple: the user already granted the permissions upon install.
The problem
According to what I've found, there is an exception to this rule:
If your app had the permission SYSTEM_ALERT_WINDOW , and now you upgrade to targetSdk 23, it gets revoked (reset), and you need to request it from the the user.
This behavior isn't mentioned anywhere in the docs:
- http://developer.android.com/reference/android/Manifest.permission.html#SYSTEM_ALERT_WINDOW
- http://developer.android.com/guide/topics/security/permissions.html
- http://developer.android.com/about/versions/marshmallow/android-6.0-changes.html
- http://developer.android.com/about/versions/marshmallow/android-6.0.html
And also not in any video I've watched.
The only thing that's mentioned about SYSTEM_ALERT_WINDOW permission, is that you need to handle them differently, using ACTION_MANAGE_OVERLAY_PERMISSION to request the permission, and Settings.canDrawOverlays(...) to check if the permission is granted
What I've tried
I tried to contact Google about this issue, and they said it's intentional:
I spoke with the development team and the behavior you're seeing is working as intended. This is documented here: http://developer.android.com/reference/android/Manifest.permission.html#SYSTEM_ALERT_WINDOW
The protection level of SYSTEM_ALERT_WINDOW was raised in Android M.
The questions
Are there other permissions that have this behavior?
What would happen, if the app had targetSdk 22/23, and there was an upgrade of the OS to Android 6 ? Will the SYSTEM_ALERT_WINDOW (or any other permission) get revoked?
Pretty sure other stuff will stay granted, but I'd like to ask anyway: What about other special permissions-like features, such as : SAF, admin, usage-access, accessibility access, notification access, ... ?
EDIT: about #2, here's the answer from Google (link here):
On OS upgrade the app should keep SYSTEM_ALERT_WINDOW. Pre-API 23 apps have the permission by default, as opposed to API 23 Apps that are off by default. However, there is a known bug that for API 23 Apps they were losing SYSTEM_ALERT_WINDOW on upgrade. The recommendation for a developer is to always check the status of SYSTEM_ALERT_WINDOW at start and if not granted, direct the user to Settings. We will be fixing the issue in a future release.
WRITE_SETTINGShas the same behavior as you describe, as it changed in the same way. "Will the SYSTEM_ALERT_WINDOW (or any other permission) get revoked?" -- I have no idea. I avoid those permissions like the plague. "What about other special permissions-like features" -- I wouldn't expect explicit opt-ins to be lost (accessibility service activation, notification service activation, device admin activation, etc.). Beyond that, I have no idea. – ThresherWRITE_SETTINGSis that they made the same change as they did withSYSTEM_ALERT_WINDOW-- users have to opt in manually through Settings > App > (Advanced gear icon). It stands to reason that it would behave the same in other respects. That being said, it is an educated guess, nothing more. – Thresher