The PermissionController module enables updatable privacy policies and UI elements (for example, the policies and UI around granting and managing permissions).

About PermissionController

The APK handles permission-related UI, logic, and roles to allow access for apps for specific purpose. It controls the following:

  • Runtime permission granting (including granting to system apps)

  • Runtime permission management (including grouping of permissions)

  • Runtime permission usage tracking

  • Roles

In Android 9, such permissions were part of In Android 10, the Package Installer app is split into sections to enable the permissions logic to be updated. As an updatable Mainline module, PermissionController:

  • Interacts with the framework only via stable @SystemApi (no @hide API usage).

  • Handles permission-related intents with priority > 0.

  • Exposes a mechanism for enabling OEMs to customize theming.

  • Provides services to which the system and applications can bind, including role management, permission revocation, and basic permission information (for Settings).

  • Supports auto-revoke for unused apps (new in Android 11).

Auto-revoke for unused apps

In Android 11, the PermissionsController module can automatically revoke runtime permissions for apps that haven't been used for an extended period of time. Apps targeting SDK 30 or higher have auto revoke enabled by default, while apps targeting SDK 29 or lower have auto revoke disabled by default. When enabled, auto-revoke affects all runtime permissions but exempts all pre-granted permissions, including policy- and system-fixed permissions and permissions granted by default or by role. For details, refer to Auto-reset permissions from unused apps.

Package format

The PermissionController module is delivered as an APK file.


OEMs can customize the permissions UI theme (colors, margins, fonts, and drawables) using runtime resource overlays (RROS).