Authorization on Android

User consent is always required before your app can read or write fitness data. To obtain authorization, complete the following steps:

  1. Register your Android app with a project in the Google Developers Console.
  2. Specify which data types you want your app to access when connecting to the fitness service.
  3. To access data types for physical activity when running on Android 10 or later, your app must get an Android permission.

Authorizing data types

In Google Fit, scopes are groups of data types that a user authorizes an app to access. When your app requests permission for specific data types, Android determines which scopes those data types belong to and asks the user for authorization.

screen capture of consent screen
Figure 1: The consent screen.

Android Permissions

For all apps running on Android 10 your app must request the following Android permissions to access physical activity data using the fitness APIs in addition to the scopes described above.

If your app targets SDK level 29 or above: your app must request the ACTIVITY_RECOGNITION runtime permission from the user. The permission should be registered in the application manifest:

<uses-permission android:name="android.permission.ACTIVITY_RECOGNITION"/>

The app should check if the permission is granted already:

if (ContextCompat.checkSelfPermission(thisActivity, Manifest.permission.ACTIVITY_RECOGNITION)
          != PackageManager.PERMISSION_GRANTED) {
      // Permission is not granted
}

To request the permission:

ActivityCompat.requestPermissions(thisActivity,
                  arrayOf(Manifest.permission.ACTIVITY_RECOGNITION),
                  MY_PERMISSIONS_REQUEST_ACTIVITY_RECOGNITION);

Learn more about requesting Android runtime permissions.

If your app targets SDK level 28 or below, it must specify the com.google.android.gms.permission.ACTIVITY_RECOGNITION permission in its manifest file.

The following data types of physical activity are protected by the above Android permissions:

  • RecordingAPI - for recording the following data types:

    • com.google.step_count.delta
    • com.google.step_count.cumulative
    • com.google.step_count.cadence
    • com.google.activity.segment
    • com.google.calories.expended
  • HistoryAPI - for reading the following data types:

    • com.google.step_count.delta
    • com.google.step_count.cumulative
    • com.google.step_count.cadence
    • com.google.activity.segment
    • com.google.activity.exercise

Authorization flow

The authorization flow is the following:

  1. For apps targeting SDK level 29 or higher, and wanting access to the physical activity data types listed above, your app requests ACTIVITY_RECOGNITION runtime permission.
  2. Android system prompts the user to grant your app the Physical Activity permission.
  3. Your app should confirm that the user allowed the permission before proceeding to the next step.
  4. Your app requests a connection, for one or more data types, to the fitness service.
  5. Google prompts the user to grant your app the required scopes.
  6. If the user consents, your app can access fitness data of the requested types.

The specific scopes requested from the user depend on the data types that your app specifies when connecting to the service.

For an example on how to specify data types when connecting to the service, see Getting Started. For more information about data types, see Fitness Data Types.