GitLab

In M, permissions for apk's targeting 23+ have a static and dynamic setting.

static perms declare the domain of perms, but the user must interactively allow dangerous perms like read/write External Storage.

We can defeat the dynamic permissions, but there are some advantages to keeping it in place. For 3rd party apks, we can use dynamic perm settings to control app features without requiring a dev to disable a feature (such as using a camera, or internet access)

It would also allow "pay/request to enable" features in an apk, where the player account or buzztime settings control the feature through release of a permission. Access to payment api, etc.

Review the dynamic permission UI to see if it can be replaced with a REST api call or a separate Permission Manager with control coming from handshake or similar back end auth.