Assigned

Bug

Status Update

No update yet.

Description

ri...@gmail.com

created issue #1

May 20, 2022 08:06AM

NOT security related.

Using:

Health Connect client lib androidx.health:health-connect-client:1.0.0-alpha01
Health Connect app v 0.1.226.448096249.3-release
Android 11 on Nokia 7.2

and the following code, taken from the Android developer guide (https://developer.android.com/guide/health-and-fitness/health-connect/get-started):

val requestPermissions =
 registerForActivityResult(HealthDataRequestPermissions()) { granted ->
   if (granted.containsAll(PERMISSIONS)) {
     // Permissions successfully granted
   } else {
     // Lack of required permissions
   }
 }

fun checkPermissionsAndRun(client: HealthConnectClient) {
 lifecycleScope.launch {
   val granted = client.permissionController.getGrantedPermissions(PERMISSIONS)
   if (granted.containsAll(PERMISSIONS)) {
     // Permissions already granted
   } else {
     requestPermissions.launch(PERMISSIONS)
   }
 }
}

What should happen:

When I call checkPermissionsAndRun(client), a permission activity from Health Connect app should be displayed and result returned after user interaction with that activity.

What happens:

When I call checkPermissionsAndRun(client), a permission activity from Health Connect is displayed only the first time after Health Connect app installation. Subsequent calls do not call up the permission request activity and only directly return the result.

There are three cases when this is a problem:

when the user didn't grant the permissions on the first launch of the permissions request activity, but would want to grant them later
when the user did grant the permissions, but revoked them in the meantime manually in the Health Connect app, but would want to grant them when encountering relevant content in app
when permissions were revoked programmatically, so that the user can grant them again

There is no way now for the developer to ask for the permissions if not granted for the first time, which I believe is a bug.

Comments

vi...@google.com <vi...@google.com> May 20, 2022 11:19AM

Assigned to an...@google.com.

ga...@google.com <ga...@google.com> #2May 20, 2022 12:01PM

Reassigned to ga...@google.com.

Hello,

I'm only a little familiar with Power Apps. Is your app a mobile app or a web app?

This link lists out the alternatives.

The primary recommended alternative for the Google Fit REST API is Health Connect.

If your app does not work on Android mobile devices, you can also consider the Fitbit Web API.

ri...@gmail.com <ri...@gmail.com> #3May 25, 2022 07:40PM

Es muy parecido a una webapp

El mié, 22 may 2024, 15:48, <buganizer-system@google.com> escribió:

- Show quoted text -

ga...@google.com <ga...@google.com> #4May 25, 2022 08:52PM

Thanks for confirming this, really helpful.

You raise good questions here, and I think at the moment it may be a challenge at the least to identify that third time. Equally, we need to explore guidance should it be necessary for the user to be directed to the HC app.

We're actively exploring this topic, and I hope you'll understand if it takes us a little while to iterate on this behaviour. Will update this bug at that time.

ri...@gmail.com <ri...@gmail.com> #5May 26, 2022 06:08AM

Many thanks for the activity on this, glad to help! We're looking forward for updates.

ga...@google.com <ga...@google.com> Sep 28, 2022 08:23AM

Status: Won't Fix (Obsolete)

er...@gmail.com <er...@gmail.com> #6Sep 6, 2023 01:49AM

Why is it marked as "Won't fix"? Have you fixed this issue or any further option If we want to ask the permission again?

de...@gmail.com <de...@gmail.com> #7Sep 25, 2023 01:27PM

Usually with permissions we can find out if the user denied us the permission too many times and thus can show some kind of dialog and/or jump into the settings of the app in question. I would do the same here (and jump to the health connect app) but I can't find out in advance whether a call to requestPermissions.launch(PERMISSIONS) will result in the permission dialog being opened or not (and my callback being triggered right away).

The tipp from here:

For now, if you want to determine whether you're app has requested a particular permission before, you'll need to keep track of that within your app.

is not viable because one would need to keep track of that between installations of the app, because if an app is deinstalled and then reinstalled the call to requestPermissions.launch(PERMISSIONS) still does not open up the HC app once the permission sheet was cancelled twice or more.

es...@gmail.com <es...@gmail.com> #8Oct 19, 2023 01:12PM

I know it was marked as Obsolete, but I see that my question is relative to the discussion from this thread and I don't want to spam with duplicates.

You previously mentioned the general logic of internal permissions handling:

As background to help as to why, here's how requesting permissions currently works: When the Permissions UI is launched from your app, if you click cancel, then a counter is incremented for each of the permissions that you requested. If that counter reaches a limit (currently 2), then subsequent requests to launch the Permissions UI for that permission will not work, and you'll just get the empty permissions result.

Do you know whether this approach was changed during Android 14 upgrade?

For Android 13 and lower - clicking Cancel button twice results in avoiding all the subsequent runs (until the permissions are being reset manually). But it does not increment the counter when I give just a few permissions (like, 3 out of 10). I can call this request as much as I want granting at least 1 permission and clicking Allow, not Cancel.

For Android 14 - I see the same behavior for Cancel treatment. But now it seems that clicking Allow with just a portion of permissions also increments the counter. I can only perform 2 requests with 1 permission in each, with all the following requests being skipped.

Tested on Pixel 6.

Message last modified on Oct 23, 2023 01:07PM

da...@gmail.com <da...@gmail.com> #9Feb 22, 2024 09:21AM

To chip in in the discussion:

there are legit use cases where an app may want to request permissions more than once. An app may want to request permissions progressively, as features within the app are discovered or activated by the user. This is actually a best practice: don't ask permissions upfront for everything, but do it gradually, as required.

I find the counter quite problematic in this regard. I understand that one doesn't want to allow apps to request permissions forever, but why should the counter be permanent? Why not reset it after, for example, 24h?

pr...@fitbudd.com <pr...@fitbudd.com> #10Jun 26, 2024 09:57AM

I agree with #9 about gradually asking for permission. We have a similar case in our app, where the backend decides which health metrics the app needs to sync for a given user.

Message last modified on Jun 26, 2024 09:58AM

tu...@gmail.com <tu...@gmail.com> #11Nov 29, 2024 11:51AM

To highlight another use case, apps may introduce new permissions over time, which could be important for users who haven’t previously granted certain permissions. However, the same issue arises when new permissions are added: many users are unable to access the permissions screen if they haven’t initially granted all permissions. As a result, users cannot manage or grant the newly added permissions through Health Connect, leading to potential usability and functionality gaps.

ga...@google.com <ga...@google.com> Nov 29, 2024 12:08PM

Reassigned to an...@google.com.

br...@google.com <br...@google.com> Dec 2, 2024 12:59AM

Status: Assigned (reopened)

IssueTracker

Health Connect permissions dialog not shown on subsequent requests

Status Update

Description

What should happen:

What happens:

Comments

vi...@google.com <vi...@google.com> May 20, 2022 11:19AM

ga...@google.com <ga...@google.com> #2May 20, 2022 12:01PM

ri...@gmail.com <ri...@gmail.com> #3May 25, 2022 07:40PM

ga...@google.com <ga...@google.com> #4May 25, 2022 08:52PM

ri...@gmail.com <ri...@gmail.com> #5May 26, 2022 06:08AM

ga...@google.com <ga...@google.com> Sep 28, 2022 08:23AM

er...@gmail.com <er...@gmail.com> #6Sep 6, 2023 01:49AM

de...@gmail.com <de...@gmail.com> #7Sep 25, 2023 01:27PM

es...@gmail.com <es...@gmail.com> #8Oct 19, 2023 01:12PM

da...@gmail.com <da...@gmail.com> #9Feb 22, 2024 09:21AM

pr...@fitbudd.com <pr...@fitbudd.com> #10Jun 26, 2024 09:57AM

tu...@gmail.com <tu...@gmail.com> #11Nov 29, 2024 11:51AM

ga...@google.com <ga...@google.com> Nov 29, 2024 12:08PM

br...@google.com <br...@google.com> Dec 2, 2024 12:59AM

Issue 233239418

Description

What should happen:

What happens:

Issue summary

Comments

vi...@google.com <vi...@google.com> May 20, 2022 11:19AM

ga...@google.com <ga...@google.com> #2May 20, 2022 12:01PM

ri...@gmail.com <ri...@gmail.com> #3May 25, 2022 07:40PM

ga...@google.com <ga...@google.com> #4May 25, 2022 08:52PM

ri...@gmail.com <ri...@gmail.com> #5May 26, 2022 06:08AM

ga...@google.com <ga...@google.com> Sep 28, 2022 08:23AM

er...@gmail.com <er...@gmail.com> #6Sep 6, 2023 01:49AM

de...@gmail.com <de...@gmail.com> #7Sep 25, 2023 01:27PM

es...@gmail.com <es...@gmail.com> #8Oct 19, 2023 01:12PM

da...@gmail.com <da...@gmail.com> #9Feb 22, 2024 09:21AM

pr...@fitbudd.com <pr...@fitbudd.com> #10Jun 26, 2024 09:57AM

tu...@gmail.com <tu...@gmail.com> #11Nov 29, 2024 11:51AM

ga...@google.com <ga...@google.com> Nov 29, 2024 12:08PM

br...@google.com <br...@google.com> Dec 2, 2024 12:59AM

Add comment

Issue metadata