Guidelines for privacy-aware apps
Location, camera, microphone, contacts, etc., are resources that can access the user's personal data or cost the user money, so they are considered sensitive resources. In Windows 10, privacy settings let the user dynamically control access to sensitive resources.
Privacy settings are managed in the Settings app (see the Privacy settings page). At any time, sensitive resources can be turned off or access to those resources can be revoked. Thus, your app must be prepared to handle these changes gracefully - you can't assume your app will always have access to a sensitive resource.
For example, in the following image the user has configured their camera privacy settings to deny access to the Contoso app but grant access to all other apps. In this state, the Contoso app cannot access the camera even though it has specified the
webcam capability. To the Contoso app, it's as though the camera doesn't exist.
Permissions for accessing sensitive resources are controlled on a per-user, per-app, per-resource basis. In other words, two users can set different privacy settings for the same app and each user can give the same app different permissions on different devices (for example, one set of permissions on their PC and a different set of permissions on their phone).
Important For each sensitive resource, there is a 1:1 mapping to a corresponding app capability. App capabilities allow apps to use APIs that access sensitive resources. For more information about which app capabilities map to which types of resources, see App capability declarations.
Don't create your own prompt UI, as was recommended in Windows Phone 8. This will lead to double prompting for the same resource (your prompt UI plus the prompt from Windows 10).
- Don't create your own on/off toggles, which was required for some sensitive resources in Windows Phone 8 and 8.1.
Don't access a sensitive resource until it's needed.
Don't assume that a sensitive resource is available or that your app has permission to use it.
Do check access to a sensitive resource before attempting to use it.
Do be prepared to be denied access to a sensitive resource. Note that each capability may handle access denial different. See Handling when access is denied for more.
If an API exists to request access to a sensitive resource, use that API before accessing it. For more info, see Prompting for access to resources.
If access to a sensitive resource is denied, provide a convenient link to the appropriate settings page in the Settings app. For more info, see Launch the Windows Settings app.
Some resources, such as location, require your app to prompt the user for permission before they access the resource. Windows provides the UI prompt, but your app triggers it by calling RequestAccessAsync or similar API. Here's an example of an app named Contoso requesting access to the user's location.
In this example, the app called RequestAccessAsync before accessing the user’s location. When requesting access, your app must be in the foreground and RequestAccessAsync must be called from the UI thread. Until the user grants your app permission to the resource, your app can't access location data.
Even if a user grants permission at the prompt, they may change their mind at any time. Always check for permission before attempting to access the resource. If APIs aren't available to check for permission, use error handling for cases when access is denied.
The first time an app attempts to access the following sensitive resources, the operating system will prompt the user for permission. Each of these resources is prompted in one or more regions.
|Sensitive resource||App capability||Settings URI scheme|
Important Some regions require more prompts than others. Even if a prompt is not required in your local region, always use request access APIs when available (call them from the UI thread of your foreground app before accessing the resource).
Access to each sensitive resource is managed in the Settings app. At any time, the user can turn off that resource or deny your app access to it. What happens to your app when it's denied a resource depends on what kind of resource it is.
Each capability may handle access denial different. During testing of your app, use the Settings app to grant and deny access to resources to see that your app responds appropriately.
- App capability declarations
- Launch the Windows Settings app
- Get current location
- Capture photos and video with MediaCapture
- Contacts and calendar