What will happen to un-updated apps that executes code that requires a permission that the user dis-allowed in Android 6.0 Marshmallow

Question

I am wondering about the new Android 6.0 Marshmallow feature that lets users explicitly set which permissions an app is allowed to use. My question is how this affects existing apps that has uses set of permissions.

For example, an un-updated application [Target-sdk-version < 23] has manifested permissons to use the camera, but the user manually disallow it. What will happen to the app when it executes code that uses the permission? Will it just crash?

I assume that new applications will have to check if they have permission before they execute code that depends on the permission - my question is about apps that are not changed to handle these cases.

Answer 1

my question is about apps that are not changed to handle these cases

The implied assumption is that the targetSdkVersion will be lower than 23. Anyone who sets their targetSdkVersion to 23 or higher must change their app to handle runtime permissions, as they will never be able to get the dangerous permissions otherwise.

In that case, quoting myself from my book:

Apps with a targetSdkVersion below 23, on the surface, behave on Android 6.0+ as they would on an older device: the user is prompted for all permissions, and the app is granted those permissions if the app is installed.

However, the user will still be able to go into Settings and revoke permissions from these apps, for any permissions the app requests that are in one of the runtime permission groups.

Generally, you will wind up ignoring the issue. All your calls to methods protected by permissions that the user revoke will still "work", insofar as they will not throw a SecurityException. However, you just will not get any results back or have the intended effects. So, for example, if you try to query() the ContactsContract ContentProvider, and the user revoked your access to contact-related permissions, the query() will return an empty Cursor. This is a completely valid response, even ignoring the permission issue, as it is entirely possible that the user has no contacts. Your app should be handling these cases gracefully anyway. Hence, in theory, even if you do nothing special regarding the lost permissions, your app should survive, albeit with reduced functionality for the user. Dave Smith outlines the expected results for legacy apps calling methods sans permission.