Home Blog

You don't have to ask for the library permission to let the user upload a photo from their gallery

If you ever worked on a mobile app, you probably asked the users for permissions to access personal data or sensors. The most commonly asked permission is probably the library one. It’s also one we should probably never ask for.

Let’s take for example the use case of uploading a profile picture: we want the user to select a photo from their library and upload it to an endpoint. You may think you need to ask for the library permission but you don’t. Both Android and iOS provide native views to let the user select a photo and give you that photo, without ever having access to the other photos in the library. We ask the OS “let the user pick a photo and give it to me”. It’s similar to what happens when a user clicks on a <input type="file"/>, the website only has access to the selected file.

So why are apps asking for that?

I have two reasons for that:

Genuine ignorance

As application developers, we’re used to asking for permissions, if we see that the library we’re using has one function to ask for the library permission, and one function to ask for a photo from the library, we think we need to ask for the permission first and so we do it in good faith, never actually using it afterwards.

Custom picker

The second reason is that some applications decide to use a custom UI for the picker. To do so they can’t ask the OS for “one photo” anymore, they need to ask for the whole library permission, display all the photos in a custom UI and handle the selection manually. It’s a lot of work but it can give value to the user, for example most messaging apps display the latest photos of the gallery as soon as you click on the attachment icon without the user having to leave the app. It’s handy, not necessary, but handy.

If you want to go this route: please also support the native permissionless picker, more on why in the rest of the article.

Privacy concerns

Let’s pretend we’re a courier and we need to pick up a package for a return from a house: when we arrive we ring the bell and ask for the package. We don’t enter the house, we don’t need to, it’s the person that brings the package to us.

The same thing should apply in the mobile app world when asking the user for a photo, we should ask him and wait outside of the library. Or at least that’s what we should do.

A lot of apps ask for the entire library permission.

That’s like the courier asking for the key to the house.

It’s reasonable that the person wouldn’t give him the key, as it is reasonable that most users1 don’t want to grant the library permission.

The problem is, most apps don’t do that, you either give the app the permissions to your whole library2, or you can’t use the feature. I tested with WhatsApp and Twitter, both required permissions. They do use native pickers, and I would say that yes, they did add some value with their picker, but if that value is enough to give them the keys to your whole library that’s up to you.


  1. Or at least users that know what the implications of giving that permission

  2. Yes, technically with iOS ≥ 14 you can grant the permission limited to the photos you want, but not only that is a worse experience for the user compared to the native picker, but the app also has nothing to do with it, that improvement was made by the OS. It’s also easy to answer the question “would the app use the native picker if it wasn’t for that?”, just open the android app and discover that they probably don’t use it there.