Authorization on Android

There are two levels of permissions for Android apps. These protect both the user and apps.

  • All data types need OAuth permissions before your app can read and write to them.
  • Data types that use sensitive Android system features need Android permissions, in addition to OAuth permissions, before your app can access them.

Android permissions

Android permissions aim to protect the privacy of an Android user. They prompt the user when apps want to access data types for sensitive data like contacts or photos, and system features like location or step detection. Users grant these permissions when first downloading your app.

If your app needs access to any of these data types (a subset of the Google Fit data types), request the relevant Android permission before requesting the OAuth permissions. See step 2 of requesting authorization below.

Example of the Android permissions consent screen
Figure 1.The Android permissions consent screen.

OAuth scopes

Scopes are groups of data types that a user can authorize an app to access. They help users understand what kinds of data an app wants to access. They also make it easier to give apps permission to use that data by not having to approve each individual data type. Users grant these permissions once they've downloaded your app.

To ask for these permissions, you just need to add which data types your app needs access to in a FitnessOptions instance. When your app asks to use any of the Google Fit data types, Android automatically checks which scopes they belong to and asks the user for authorization to those scopes. See step 3 of requesting authorization below.

Example of the OAuth scopes consent screen
Figure 2.The OAuth scopes consent screen.

Requesting authorization

To use Google Fit data types, request authorization by completing these steps:

  1. Register your Android app with a project in the Google Developers Console.

  2. Check if your app needs access to these data types. If it does, request the relevant Android permissions.

  3. Add which data types your app needs access to when connecting to the fitness service. Check the Getting started guide example to see how to do this.

Data types that need Android permissions

To access these physical activity data types, you'll need to request the ACTIVITY_RECOGNITION Android permission:

  • To record these data types:

    • com.google.step_count.delta
    • com.google.step_count.cumulative
    • com.google.step_count.cadence
    • com.google.activity.segment
    • com.google.calories.expended
  • To read these data types:

    • com.google.step_count.delta
    • com.google.step_count.cumulative
    • com.google.step_count.cadence
    • com.google.activity.segment
    • com.google.activity.exercise

To access these these data types, you'll need to request the ACCESS_FINE_LOCATION Android permission:

  • To read these data types:
    • com.google.distance.delta
    • com.google.location.sample
    • com.google.location.bounding_box
    • com.google.speed

Requesting Android permissions

Learn about requesting Android permissions, the physical activity recognition permission, and the fine location permission.

To access the physical activity data types above with the Google Fit APIs, you'll need to implement logic to handle requesting Android permissions for both Android 10 and previous versions of Android.

Android 10

So your app can target API level 29 or above, request the ACTIVITY_RECOGNITION runtime permission from the user, and register the permission in the application manifest file.

<uses-permission android:name="android.permission.ACTIVITY_RECOGNITION"/>
  1. Check if the permission is granted:

    if (ContextCompat.checkSelfPermission(thisActivity, Manifest.permission.ACTIVITY_RECOGNITION)
              != PackageManager.PERMISSION_GRANTED) {
          // Permission is not granted
    }
    
  2. If permission isn't already granted, request the permission:

    ActivityCompat.requestPermissions(thisActivity,
                arrayOf(Manifest.permission.ACTIVITY_RECOGNITION),
                MY_PERMISSIONS_REQUEST_ACTIVITY_RECOGNITION);
    
  3. Add the permission to the manifest file.

    <uses-permission android:name="android.permission.ACTIVITY_RECOGNITION"/>
    

Android 9 and below

So your app can target API level 28 or below:

  1. Request the com.google.android.gms.permission.ACTIVITY_RECOGNITION permission.

  2. Add the permission to the manifest file.

    <uses-permission android:name="android.gms.permission.ACTIVITY_RECOGNITION"/>
    

User authorization flow

The order users see and grant permissions in
Figure 3.The authorization flow for users.

This is how users experience this authorization flow:

  1. Android permissions: Users see what Android permissions your app has requested before downloading it.
  2. Check and connect: Once downloaded, they grant or deny these permissions. Your app checks if permissions were granted before requesting access to other data types.
  3. OAuth scopes request: Google prompts the user to grant your app the OAuth scopes needed for the data types it wants to access.
  4. Access applied: Your app can access the data types that belong to the scopes the user has granted permission for.