This document describes several changes to the permissions model. These changes serve to enhance user privacy.
The following changes affect all apps running on Android Q, even if they target Android 9 (API level 28) or lower.
Restricted access to screen contents
To protect users' screen contents, Android Q prevents silent access to the
device's screen contents by changing the scope of the
CAPTURE_SECURE_VIDEO_OUTPUT permissions so that
Apps that need to access the device's screen contents should use the
API, which displays a prompt asking the user to provide consent.
User-facing permission check on legacy apps
If your app targets Android 5.1 (API level 22) or lower, users see a permissions screen when running your app on Android Q for the first time, as shown in Figure 1. This screen gives users the opportunity to revoke access to permissions that the system previously granted to your app at install time.
Physical activity recognition
Android Q introduces a new
runtime permission for apps that need to detect the user's movement, such as
walking, biking, or in a vehicle. This is designed to give users visibility of
how device sensor data is used in Settings.
If your app targets Android 9 (API level 28) or lower and specifies the
com.google.android.gms.permission.ACTIVITY_RECOGNITION permission in its
manifest file, the system auto-grants this permission to your app if needed.
However, the user can revoke this permission at any time in system settings.
Permission groups removed from UI
As of Android Q, apps cannot look up how permissions are grouped in the UI.