Permissions

Guide to Implementing and Handling Runtime Permissions for Location in Your Android SDK (CafSmartAuth)

In Android, certain permissions, especially those related to sensitive data like location, require runtime approval from users. This guide explains how to check and request location permissions programmatically in your SDK, CafSmartAuth, using the checkPermissionStatus function provided below.

Why CafSmartAuth Requires Location Permissions

CafSmartAuth requires access to the user’s location as part of its fraud prevention features, ensuring an additional layer of security by verifying location-based information. Android distinguishes between two types of location access, allowing users to control the precision of the location data they share:

• ACCESS_FINE_LOCATION: Required for precise location information from GPS, which is essential for detecting potentially fraudulent activities with high accuracy.

• ACCESS_COARSE_LOCATION: Provides approximate location data based on Wi-Fi and cellular networks, suitable for basic location checks.

With these permission levels, users can provide the minimum required access for fraud prevention, while CafSmartAuth ensures compliance with Android's data privacy practices.

Step-by-Step: Adding and Using checkPermissionStatus

1. Add Permissions to the Manifest

   In your app's AndroidManifest.xml, include both location permissions:

   Copy

   <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
   <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />

   These manifest declarations allow the app to request these permissions but don’t automatically grant them.

2. Define a Request Code Constant

   To identify the permission request, use a constant for the request code:

   Copy

    companion object {
        private const val REQUEST_CODE = 1234
    }

3. Create and Use checkPermissionStatus to Handle Permissions

   The checkPermissionStatus function checks if permissions have been granted and, if not, requests them from the user. This is essential for compliance with Android’s runtime permission model introduced in Android 6.0 (API level 23).

   Here’s the code and an explanation of how it works:

   Copy

    private fun checkPermissionStatus() {
        // Check for ACCESS_FINE_LOCATION permission
        if (ContextCompat.checkSelfPermission(
                this,
                Manifest.permission.ACCESS_FINE_LOCATION
            ) != PackageManager.PERMISSION_GRANTED
        ) {
            // Request the ACCESS_FINE_LOCATION permission if it hasn't been granted
            ActivityCompat.requestPermissions(
                this,
                arrayOf(Manifest.permission.ACCESS_FINE_LOCATION),
                REQUEST_CODE
            )
        }
   
        // Check for ACCESS_COARSE_LOCATION permission
        if (ContextCompat.checkSelfPermission(
                this,
                Manifest.permission.ACCESS_COARSE_LOCATION
            ) != PackageManager.PERMISSION_GRANTED
        ) {
            // Request the ACCESS_COARSE_LOCATION permission if it hasn't been granted
            ActivityCompat.requestPermissions(
                this,
                arrayOf(Manifest.permission.ACCESS_COARSE_LOCATION),
                REQUEST_CODE
            )
        }
    }

   • ContextCompat.checkSelfPermission: This checks if the app has a specific permission. If the permission isn’t granted, it returns PackageManager.PERMISSION_DENIED.

   • ActivityCompat.requestPermissions: Requests the specified permission(s) from the user, displaying a system dialog for approval.

4. Handle the Permission Result

   When requesting permissions, you can handle the result in onRequestPermissionsResult to manage user responses appropriately.

   Copy

    override fun onRequestPermissionsResult(
        requestCode: Int,
        permissions: Array<out String>,
        grantResults: IntArray
    ) {
        super.onRequestPermissionsResult(requestCode, permissions, grantResults)
        if (requestCode == REQUEST_CODE) {
            if ((grantResults.isNotEmpty() && grantResults[0] == PackageManager.PERMISSION_GRANTED)) {
                // Permission was granted.
            } else {
                // Permission was denied.
            }
        }
    }

5. Call checkPermissionStatus at the Right Time

   You might want to call checkPermissionStatus within onResume or when location functionality is triggered, ensuring permissions are checked before they’re needed.