Beginning in Android 6 Marshmallow, users grand permissions to apps while the app is running, not when they install the app. This approach gives the user more control over the app’s functionality. Thus, he can choose to give the access to read contacts but not to the device location. Furthermore, users can revoke the permissions at any time, by going to the app’s Settings screen.

Note that system permissions are divided into two categories : normal and dangerous. Normal permissions are granted automatically. For dangerous permissions, the user has to give approval to your application at runtime. So, developers must manage permissions at runtime before using some dangerous features.

To manage permissions inside an application, we’re going to imagine we want to read contacts. This feature will use the READ_CONTACTS permission that is marked as dangerous. So, the first step is to check for READ_CONTACTS permission. If the permission has already been granted, you can use the feature that read contacts. If not, you have to request for permissions with a custom request code that will be named MY_PERMISSIONS_REQUEST_READ_CONTACTS in our example.

if (ActivityCompat.checkSelfPermission(this, Manifest.permission.READ_CONTACTS)
      != PackageManager.PERMISSION_GRANTED) {

    ActivityCompat.requestPermissions(this,
       new String[] { Manifest.permission.READ_CONTACTS },
       MY_PERMISSIONS_REQUEST_READ_CONTACTS);

} else {
    readContacts();
}

Note that when your application requests for permissions, the system shows a standard dialog box to user that cannot be customized. Now, you need to handle the permissions request response by overriding the onRequestPermissionsResult method :


@Override
public void onRequestPermissionsResult(int requestCode,
         @NonNull String[] permissions, @NonNull int[] grantResults) {

  switch (requestCode) {
    case MY_PERMISSIONS_REQUEST_READ_CONTACTS :
      if (grantResults.length > 0
         && grantResults[0] == PackageManager.PERMISSION_GRANTED) {

         readContacts();

      } else {

         if(ActivityCompat.shouldShowRequestPermissionRationale(this,
                Manifest.permission.READ_CONTACTS)) {
            new AlertDialog.Builder(this).
                setTitle("Read Contacts permission").
                setMessage("You need to grant read contacts permission to use read" +
                           " contacts feature. Retry and grant it !").show();
         } else {
            new AlertDialog.Builder(this).
                setTitle("Read Contacts permission denied").
                setMessage("You denied read contacts permission." +
                           " So, the feature will be disabled. To enable it" +
                           ", go on settings and " +
                           "grant read contacts for the application").show();
        }

     }

     break;
  }
}

Like you can see, managing permissions in your Android application is not really hard. As a bonus, you can enjoy this tutorial in video with more explanations on Youtube :