Privacy is a key for handling health data. Samsung Health Android SDK enables your application to access health data based on the user’s consent.

Instant Permission

A very sensitive data type like a health document requires gaining instant permission. Instant permission is created for one-time data access. An app that handles a health document has to call the instant permission API whenever it needs to access data.

Related APIs are:

Permission Manager

The SDK’s supported data types except health document need to gain permission through PermissionManager’s APIs.

An application needs to declare proper permissions for handling required health data types and to handle SecureException when the application cannot gain a user consent because the user can withdraw consent at any time. See PermissionManager for permission declaration and request.

Samsung Health reads declared permissions of the application manifest file when it initializes. You can check it in Samsung Health > Settings > Data permissions > [App] as the following figure.

On the other hand, an application needs to make a permission setting menu separately. The application calls a permission request API with required permission keys and the health data framework pops up the permission UI on the application. The flow can be preceded after the user approves or denies the data type usage. The user may change permission for each data type at any time.

In this time, items of the permission UI and Samsung Health’s setting menu can be different. Make sure that the following are same:

  • Declared permissions in manifest

  • Permission keys for the permission request API

The user consent is limited to the device. Even if multiple devices use the same Samsung account, the application has to acquire the user consent on each device independently.

Figure: Privacy and user permission