23

Different web sites (e.g.) explain that the iOS permission model works like this: All apps have a set of basic permissions (including Internet access). If an additional permission is required during runtime the user is asked whether to grant or deny it.

Which permissions does iOS know? What belongs to the basic permissions set? What can be done without user consent? Basically I am looking for a list similar to this one, just for iOS

Cœur
  • 37,241
  • 25
  • 195
  • 267
Jack Miller
  • 6,843
  • 3
  • 48
  • 66
  • I really feel that SO failed here. Marking a question with more than 20 upvotes and an accepted answer with more than 30 upvotes 6 years after asking as offtopic... And what is most important: Why isn't this question about a "practical, answerable problem that is unique to software development" --> [ontopic](https://stackoverflow.com/help/on-topic)? And 3rd: I am sure I wrote this comment already a while ago. Any reason for silently deleting it? – Jack Miller Oct 20 '22 at 06:37

4 Answers4

32

In contrast to other answers, there is an official list of permissions that are asked at runtime. It is in the iOS Security Guide (p. 84):

iOS helps prevent apps from accessing a user’s personal information without permission. Additionally, in Settings, users can see which apps they have permitted to access certain information, as well as grant or revoke any future access. This includes access to:

  • Contacts
  • Calendars
  • Reminders
  • Photos
  • Motion activity and fitness
  • Location Services
  • Apple Music
  • Your music and video activity
  • Microphone
  • Camera
  • HomeKit
  • Health
  • Speech recognition
  • Bluetooth sharing
  • Your media library

If the user signs in to iCloud, apps are granted access by default to iCloud Drive. Users may control each app’s access under iCloud in Settings. Additionally, iOS provides restrictions that prevent data movement between apps and accounts installed by an MDM solution and those installed by the user.

Since iOS 10 it is required to provide a description for the requested permission. In the developer documentation of the frameworks you will see if such a description is required and accessing it's API will lead to an permission prompt (or crash if not description is given), e.g. see the hint in the developer documentation of the Contacts framework:

Important

An iOS app linked on or after iOS 10.0 must include in its Info.plist file the usage description keys for the types of data it needs to access or it will crash. To access Contacts data specifically, it must include NSContactsUsageDescription.

Additionally, a good source of available permissions for each iOS/macOS version is in the Information Property List Key Reference (search for UsageDescription contained in words).

There is at least one other undocumented permission that requires user consent at runtime:

Max
  • 1,387
  • 1
  • 15
  • 29
  • Nice, finally something official! However, reading "This includes..." I take it that this list is not complete, either. For example, I assume that there is a permission for accessing the user's geolocation which is not listed, though. – Jack Miller Sep 29 '16 at 18:08
  • @JackMiller That is true, maybe because location services are described in the previous paragraph. A difference would be that there are different permissions for location such as "Always" and "When using". But then however for HealthKit there is a more fine-grained control as well. It could definitely be more thorough. – Max Sep 30 '16 at 16:04
  • @JackMiller The document in the first link has been changed. The above snippet is now on page 85 and I think it update over the time. So it's better to mention the section name Privacy Controls instead of page number – Sanyasirao Mopada Jan 23 '19 at 04:43
  • @SanyasiraoMopada Since there is a quote, it is probably better to keep updating the answer. A newer revision of the source might result in the quoted section being updated as well – including changes to permissions listed in this answer. – Max Jan 23 '19 at 07:39
5

All the keys you can add to your info.plist file are listed in Apple documentation and described.

For most background modes you need to add a key in Info.plist to indicate that the app wants to run code while in the background.

But this information is not used to ask user permission, only for ensuring device compatibility.

Only some services require user permission (like Geolocation and Notifications services), which are automatically asked to the user the very first time your application attempt to use the corresponding API.

Community
  • 1
  • 1
BoilingLime
  • 2,207
  • 3
  • 22
  • 37
  • There are several permissions (such as accessing the mic) that, if you do not have the appropriate key in _info.plist_, cause an immediate shutdown of your app. The user is only prompted to give permission if the keys are present in the first place. – Larry OBrien Aug 24 '16 at 19:24
1

It seems that there is no official list available.

So far I found these permissions, where the bold ones are basic permissions:

  • Internet access
  • accessing Geolocation
  • using notifications services (receiving and/or showing?)
  • talking to other apps
  • accessing camera
  • accessing microphone
  • accessing phone contact list
  • accessing calendars
  • accessing photos
  • scheduling reminders
Larry OBrien
  • 8,484
  • 1
  • 41
  • 75
Jack Miller
  • 6,843
  • 3
  • 48
  • 66
0

Anything that is within your sandbox you can do. So internet access and storing files are allowed by default but trying to talk to another app for example reading the camera roll or showing push notifications are not.

James Campbell
  • 3,511
  • 4
  • 33
  • 50
  • "Anything within my sandbox." That is guessing which I want to avoid. I am looking for some (official) documentation. – Jack Miller Apr 27 '15 at 13:09
  • 2
    There isn't any kind of list that apple provide you have to find the separate bits of permissions scattered about i'm afraid. – James Campbell Apr 27 '15 at 16:24
  • Currently no internet access ([`com.apple.security.network.client`](https://developer.apple.com/documentation/bundleresources/entitlements/app_sandbox)) is granted by default. The only entitlement granted by default is User-selected files ([`com.apple.security.files.user-selected.read-only`](https://developer.apple.com/documentation/bundleresources/entitlements/app_sandbox)). Entitlements are configured/granted by developers as part of the sandbox configuration whereas permissions are granted by the user. The default sandbox configuration is subjective to change. – Max Dec 11 '19 at 12:59