Manage Android App Runtime Permissions in G Suite

To best protect your organization and better serve your employees, you need increased control over the applications running on their mobile devices even outside the office premises. Now, G Suite admins can manage permissions that Android apps request at runtime. But this feature is only available for apps running in work profiles or on company-owned devices.

Generally, an app requests permission at runtime when it attempts to access sensitive data, like a user’s location, contacts, calendar, microphone, or storage. These permissions have to be explicitly granted by the user at that moment.

To manage runtime permissions Google has introduced two settings as listed below:

1. G Suite admins get  three options for management of  runtime permissions on all Android apps: 

(1) allow runtime permissions automatically, 

(2) deny runtime permissions automatically, or 

(3) prompt to the end user to choose whether to grant runtime permissions. 

“Prompt user” is the default function, it can be changed in the Admin console under Device Management > Android Settings > Apps and Data Sharing.

2. The second setting is present in the “App Distribution and Configuration” options provided when an Android app is whitelisted. This setting will allow admins to manage runtime permissions for that specific app. 

For example, an admin can use the app to access the device’s location or contacts. This setting will override the app-wide setting mentioned above, in case of any rule conflicts.