App permissions

Apps require permissions to access restricted functions, capabilities, and sensitive information on BlackBerry 10 devices.

Some examples of sensitive information are device information such as the PIN and the serial number, as well as information about contacts, calendar entries, and email messages. An app can also access information about the device's surroundings, such as location and positioning information. By using this information, you can develop apps that integrate with other apps that users already have on their devices, which helps you provide an exceptional user experience. However, some of this information is considered sensitive and requires special permission to access.

For example, users probably don't want just any app to be able to access their contact information, so they must grant your application access to the functionality that it needs.

The image to the right shows an example of a permission request. The BlackBerry 10 OS displays a dialog box automatically when a permission request is required, so you don't need to create it yourself in your app. For example, if your app requests access to use the camera and access to shared files, the dialog box prompts the user to allow the app to run with the specified user-granted permissions.

Screen showing multiple permissions in a dialog box on a device.

When your app starts for the first time, the BlackBerry 10 OS displays a dialog box to ask the user to grant the permissions that your app requires. The user is not asked to grant permission when the app runs the next time or even after upgrades or updates. If the user doesn't want to grant you a permission, the user can clear the check box beside the permission.

Here are some examples of restricted functions or capabilities that require permissions:

Peripheral access, such as the microphone or camera on the device
Personal information, such as calendar information
Platform features or capabilities, such as Hub Integration or headless apps

To help protect against potentially malicious code, if your app uses APIs that access restricted functionality without requesting permission, the API returns errors. For example, if your app tries to access a file in a shared folder and your app doesn't include the access_shared permission, you receive a "permission denied" error.

You specify app permissions in the bar-descriptor.xml file of your project. Each permission is included in a separate <permission> element in the file. There are two ways to specify permissions for your app. You can use the Permissions check boxes on the Application tab of your bar-descriptor.xml file or you can add permission elements manually on the Source tab of your bar-descriptor.xml file. For more information, see Specifying permissions.

Users might not grant certain permissions that your app needs to run correctly. If users don't grant these permissions, your app should handle this situation either by closing (with an appropriate error message so the user knows what's happened) or by continuing to run with limited functionality. To learn more, see Handling ungranted permissions.