We know that to best protect your organizations and better serve your employees, you need increased control over the applications running on their mobile devices. With this launch, we’re doing just that. Going forward, G Suite admins can manage permissions that Android apps request at runtime, as opposed to at installation time (also known as “runtime permissions”). Note that this feature is only available for apps running in work profiles or on company-owned devices.
Generally, an app requests permission at runtime when it’s attempting to access sensitive data, like a user’s location, contacts, calendar, microphone, or storage. These permissions have to be explicitly granted by the user at that moment, and not just when the app is installed. See below for an example.
To help you better manage runtime permissions for Android apps*, we’re introducing two new settings in the Admin console for customers using Google Mobile Management.
The first will give G Suite admins three options for management of all runtime permissions on all Android apps: (1) allow runtime permissions automatically, (2) deny runtime permissions automatically, or (3) prompt the end user to choose whether to grant runtime permissions. The last setting is the default; it can be changed in the Admin console under Device Management > Android Settings > Apps and Data Sharing.
The second setting can be found under the App Distribution and Configuration options provided when an Android app is whitelisted. This setting will allow admins to manage runtime permissions for that specific app. For example, an admin can forbid the app to access the device’s location or contacts. Where there are conflicts, this setting will take priority over the app-wide setting mentioned above.
*IMPORTANT: Android apps will only request permissions at runtime if the device is running Android 6.0 (Marshmallow) or higher and the app itself targets API level 23 or higher. The second setting mentioned above will be greyed out in Admin console if the app doesn’t target API23+. If you’re unsure of whether an app will request runtime permissions, we recommend contacting the app developer.
Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release
Editions:
Available to all G Suite editions
Rollout pace:
Gradual rollout (up to 15 days for feature visibility)
Impact:
Admins only
Action:
Admin action suggested/FYI
More Information
Help Center: Manage apps on mobile devices
Help Center: Apply settings for Android mobile devices
Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates
Generally, an app requests permission at runtime when it’s attempting to access sensitive data, like a user’s location, contacts, calendar, microphone, or storage. These permissions have to be explicitly granted by the user at that moment, and not just when the app is installed. See below for an example.
To help you better manage runtime permissions for Android apps*, we’re introducing two new settings in the Admin console for customers using Google Mobile Management.
The first will give G Suite admins three options for management of all runtime permissions on all Android apps: (1) allow runtime permissions automatically, (2) deny runtime permissions automatically, or (3) prompt the end user to choose whether to grant runtime permissions. The last setting is the default; it can be changed in the Admin console under Device Management > Android Settings > Apps and Data Sharing.
The second setting can be found under the App Distribution and Configuration options provided when an Android app is whitelisted. This setting will allow admins to manage runtime permissions for that specific app. For example, an admin can forbid the app to access the device’s location or contacts. Where there are conflicts, this setting will take priority over the app-wide setting mentioned above.
*IMPORTANT: Android apps will only request permissions at runtime if the device is running Android 6.0 (Marshmallow) or higher and the app itself targets API level 23 or higher. The second setting mentioned above will be greyed out in Admin console if the app doesn’t target API23+. If you’re unsure of whether an app will request runtime permissions, we recommend contacting the app developer.
Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release
Editions:
Available to all G Suite editions
Rollout pace:
Gradual rollout (up to 15 days for feature visibility)
Impact:
Admins only
Action:
Admin action suggested/FYI
More Information
Help Center: Manage apps on mobile devices
Help Center: Apply settings for Android mobile devices
Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates