iOS & Android App Permissions Reference
Search and browse every iOS and Android permission in one place. Find the exact Info.plist key, Android manifest permission, protection level, usage description string, and best-practice timing for requesting each permission. Filter by platform and category to quickly find what you need for your mobile app.
Understanding Mobile App Permissions
Mobile app permissions are the gatekeepers between your application and a user's private data and device capabilities. Both iOS and Android require developers to explicitly declare which permissions their app needs, and users must grant those permissions before the app can access protected resources. Getting permissions right is critical for app approval, user trust, and privacy compliance.
iOS Permissions: Info.plist Keys
On iOS, every permission request requires a corresponding usage description key in your app's Info.plist file. Apple mandates that each key include a human-readable string explaining why the app needs access. If the usage description is missing or vague, Apple will reject the app during App Store review. Common keys include NSCameraUsageDescription for camera access, NSLocationWhenInUseUsageDescription for location while the app is in the foreground, and NSPhotoLibraryUsageDescription for reading photos. Starting with iOS 14 and later, Apple introduced more granular controls such as approximate location and limited photo library access, giving users finer control over what they share.
Android Permissions: Manifest Declarations and Runtime Requests
Android divides permissions into normal permissions (granted automatically at install) and dangerous permissions (requiring explicit user approval at runtime). Since Android 6.0 (API 23), dangerous permissions must be requested at runtime using the ActivityCompat.requestPermissions API. Android 13 introduced granular media permissions (READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, READ_MEDIA_AUDIO) replacing the older READ_EXTERNAL_STORAGE permission. Developers must declare all required permissions in the AndroidManifest.xml file and handle both the grant and denial cases gracefully in their code.
Best Practices for Requesting Permissions
Request permissions only when the user performs an action that requires them, not at app launch. Provide clear context explaining why the permission is needed before showing the system dialog. If a user denies a permission, degrade gracefully and offer alternative functionality where possible. Never request permissions your app does not actively use, as both Apple and Google audit permission usage during review. On iOS, a rejected permission prompt cannot be shown again; users must enable it manually in Settings. On Android, after two denials the system adds a "Don't ask again" option, so timing and context are essential.
Privacy and Compliance Considerations
Both platforms are moving toward stricter privacy controls. Apple's App Tracking Transparency framework requires explicit consent for cross-app tracking. Google's Privacy Sandbox initiative is reshaping how Android apps access advertising identifiers. For apps targeting the European Union, GDPR requires that permission requests align with lawful bases for data processing. Always document which permissions your app uses and why in your privacy policy, and ensure your permission usage aligns with the functionality described in your app store listing.