From Nielson Norman Group: https://www.nngroup.com/articles/permission-requests/
Summary: Mobile permission requests are often poorly designed. Consider the content and timing of these requests, avoid dark patterns, and enable users to reverse their decision.
What Are Permission Requests and Why Have Them?
An app must request permission before accessing resources such as the camera, current location, or microphone, on the user’s mobile device. The app sends (via the operating system) a request in the form of a modal dialog , asking the user to grant or decline access.
There are slight differences in how these requests are presented across mobile operating systems. As you can see from the example above, in iOS the user is asked for access to the microphone, whereas in Android the user is asked for permission to record audio. Moreover, in iOS, the modal dialog contains what’s called a purpose string , which describes why the app is requesting access. This type of information is not present in Android. It’s up to Android designers to ensure that the rationale behind the request is introduced before the modal dialog appears .
Permission requests give users perceived and actual control over their personal (and potentially sensitive) data. The decision to allow access can be a significant one, as the app often retains access to the resource until users uninstall the app or deliberately revoke the permission in their device’s permission settings. As a result, users need to trust that the app won’t ever maliciously access resources.