App permissions Redirect 1

The permissions field in the app manifest controls the app's access to various sensitive APIs on the device (sometimes called WebAPIs). The permissions are described in the following tables.

Privileged apps have all the permissions of hosted apps plus more. Certified apps have all the permissions of privileged and hosted apps plus more. For more information on app types, see Types of packaged apps.

If you use the App Manager to test your app, it will display an easy to read table of which permissions are allowed, denied, or require a prompt on the current device or simulator you are connected to.

Hosted app and privileged app permissions

Manifest permission API name Description Minimum app type required access property Default granted Platform
alarms Alarm Schedule a notification, or schedule an application to be started. hosted none Allow FxOS
audio-capture GetUserMedia Obtain MediaStream from audio input devices, e.g. microphone.  This is needed to allow audio capture in Firefox OS 1.2+. hosted none Prompt (even for certified Apps) FxOS
audio-channel-alarm Audio Policy Alarm clock, calendar alarms. privileged none Allow FxOS
audio-channel-content Audio Policy Music, video. hosted none Allow FxOS
audio-channel-normal Audio Policy UI sounds, Web content, music, radio. hosted none Allow FxOS
audio-channel-notification Audio Policy New email, incoming SMS. privileged none Allow FxOS
browser Browser Enables the app to implement a browser in an iframe. privileged none Allow FxOS
contacts Contacts Add, read, or modify contacts from the address book on the device and read contacts from the SIM. privileged readonly, readwrite, readcreate, or createonly Prompt for all installed App types. FxOS
desktop-notification mozNotification for Gecko <22, Notification for Gecko 22+ Display a notification on the user's desktop. Note that this has changed, so for Gecko <22 (Firefox OS <1.2) you need to use mozNotification, while for Gecko 22+ (Firefox 1.2+) you need to use Notification. hosted none Prompt for Web content. Allow for all installed App types. FxOS, Android,
Desktop
device-storage:music Device Storage Add, read, or modify music files stored on the device. privileged readonly, readwrite, readcreate, or createonly Prompt FxOS
device-storage:pictures Device Storage Add, read, or modify picture files stored on the device. privileged readonly, readwrite, readcreate, or createonly Prompt FxOS
device-storage:sdcard Device Storage Add, read, or modify files stored on the device's SD card. privileged readonly, readwrite, readcreate, or createonly Prompt FxOS
device-storage:videos Device Storage Add, read, or modify video files stored on the device. privileged readonly, readwrite, readcreate, or createonly Prompt FxOS
fmradio FM Radio Control the FM radio. hosted none Allow FxOS
geolocation Geolocation Obtain the current location of the user. hosted none Prompt (even for certified Apps) FxOS, Desktop, Android
keyboard Keyboard Allows the app to act as a virtual keyboard by listening to focus change events in other apps. privileged none Allow FxOS
mobilenetwork Mobile Network Obtain mobile network information (MCC, MNC, etc.). privileged none Allow FxOS
push Simple Push Enable an app to wake up to receive notification. hosted none Allow FxOS
storage Storage Utilize storage (appcache, pinned apps, IndexedDB) without size limitations. See appcache, IndexedDB. hosted none Allow FxOS,
Desktop
systemXHR SystemXHR Allows anonymous (no cookies) cross-origin XHR without the target site having CORS enabled. Similar to the TCP Socket API but restricted to XHR, not just raw sockets, so it is slightly less risky. See XMLHttpRequest. privileged none Allow FxOS
tcp-socket TCP Socket Create TCP sockets and communicate over them. privileged none Allow FxOS,
Desktop
video-capture GetUserMedia Obtain MediaStream from video input devices, e.g. camera.  This is needed to allow  video capture in Firefox OS 1.4+. hosted none Prompt (even for certified Apps) FxOS

Certified app permissions

The following permissions require a certified app and are granted implicitly without prompting the user. Most app developers will not be able to use certified apps, because they are intended for system-level apps.

Manifest permission API name Description Minimum app type required access property Platform
attention Attention Screen Allow content to open a window in front of all other content. Used by telephone and SMS. certified none FxOS
audio-channel-ringer Audio Policy Incoming phone calls. certified none FxOS
audio-channel-telephony Audio Policy Phone calls, VoIP calls. certified none FxOS
audio-channel-publicnotification Audio Policy Forced camera shutter sounds. certified none FxOS
background-sensors Background Sensor Ability to listen to proximity sensor events in the background. (All apps recieve these events in the foreground.) certified none FxOS
backgroundservice Background Services Enable an app to run in the background and perform tasks like syncing or responding to incoming messages. certified none FxOS
bluetooth   Low level access to Bluetooth hardware. certified none FxOS
camera Camera

Take photos, shoot video, record audio, and control the camera.

Note: The reason that camera is limited to certified apps is that the sandbox that apps run in prevents access to the camera hardware. Our goal is to make it available to third party apps as soon as possible, but we don't have time to do that in the initial release.

certified none FxOS
cellbroadcast   Fires an event when a specific type of cell network message is received (an emergency network notification). certified none FxOS
device-storage:apps Device Storage Add, read, or modify files stored in the apps location on the device.

When this is used, the webapps-manage permission is also required alongside it (see below.)
certified read FxOS
embed-apps Embed Apps Ability to embed apps in mozApp frames. certified none FxOS
idle Idle Notify the app if the user is idle. certified none FxOS
mobileconnection Mobile Connection Obtain information about the current mobile voice and data connection. certified none FxOS
network-events Network Events Monitor network uploads and downloads. certified none FxOS
networkstats-manage Network Stats Manage Obtain statistics of data usage per interface. certified none FxOS
open-remote-window Open out-of-process windows Allows normal window.open calls, but the resulting window is opened in a new process. certified none FxOS
permissions Permissions Allow an app to manage other permissions of other apps. certified none FxOS
power Power Management Turn the screen on or off, control CPU, device power, and so on. Listen for and inspect resource lock events. certified none FxOS
settings Settings Configure or read device settings. certified readonly or readwrite FxOS
sms WebSMS Send and receive SMS messages. certified none FxOS
telephony WebTelephony Access all telephony-related APIs to make and recieve phone calls. certified none FxOS
time TimeManager Set current time. Time zone information is controlled by the Settings API. Formerly called systemclock. certified none FxOS
voicemail Voicemail Access voicemail. certified none FxOS
webapps-manage Open Webapps Obtain access to the navigator.mozApps.mgmt API to manage installed Open Web Apps.

Required alongside the device-storage:apps permission (see above.)
certified none FxOS, Desktop, Android
wifi-manage WiFi Management Enumerate available WiFi networks, get signal strength, connect to a network. certified none FxOS
wappush WAP Push Receive WAP Push messages. certified none FxOS

See also

The permissions table is where the permissions are defined in the Firefox code.

Many of these APIs are being worked on and others are coming in the future. For more information on work in progress see the WebAPI page on MozillaWiki.

Document Tags and Contributors

Contributors to this page: Sheppy
Last updated by: Sheppy,