Skip to main content

Time to Update Your Permissions UX

By Jason Grigsby

Published on January 3rd, 2018


Google launched a big change to its permissions modal design with Chrome 63 in early December. I don’t think these changes have garnered enough attention in the web community. You may want to make some changes to your website quickly.

The change has to do with the way Chrome asks for permission from users for sensitive information like the phone’s location, access to camera, or the ability to send push notifications. These permission modals used to look like:

Previous Android permission could be dismissed by selecting the X or tapping another area of the screen.

At Chrome Dev Summit in November, Chris Wilson shared internal data that 90% of Chrome permission prompts are dismissed or ignored. That’s to say, people aren’t making a choice about whether to share their location or not. They’re simply hitting the X to close the window or tapping elsewhere on the screen to get rid of the modal.

90% of permission prompts are dismissed or ignored.
Chris Wilson presenting at Chrome Dev Summit. The video is worth watching.

People ignoring the prompts is problematic for two reasons:

  1. By not making a decision about the permission, the user will be bothered again and again by the website.
  2. If people blocked requests regularly, website authors might change how they ask for permission. But because people primarily ignore the prompts, there is no incentive for website authors to be careful about when they ask for permission. Instead, many sites ask for invasive permissions on the first page load.

Which brings us to the changes made to these prompts in Chrome 63. Now when you ask for permission, the modal will take up the full screen and users will have to choose to either accept the permission or block it.

Best Buy immediately asks for permission to access a user's location. Now, users will have to block of allow that permission before they can proceed to the site content.

While this seems like a subtle change, removing the ability for people to ignore or dismiss the permissions prompt will force websites to change because there is a steep price to pay if someone blocks a permission request.

Once someone blocks your permission request, you don’t get to ask again. That’s it. Game over. You lose.

For example, Best Buy asks for permission to access a visitor’s location immediately upon hitting the home page. In the past, people could just dismiss the modal and access the content. Now they’ll be forced to make a decision whether or not they want to share their location with Best Buy before seeing any of the content on the site.

Ideally, Best Buy, and websites like it, will update to only ask permission when there is a high likelihood that someone will say yes. Maybe only ask for location information when someone visits the store locator page.

Better yet, tell the person in the content of the page why granting permission would be useful and then provide them with a button in the page. Only after the person selects the button would you finally ask the browser to grant you permission.

Google’s hope is that the penalty of getting blocked forever will cause websites to consider more carefully when they ask for permission. As it stands now, too many websites are asking for your hand in marriage on the first date.


Šime Vidas said:

It’s worth mentioning that, once the user blocks a permission, they can reset it in Settings. However, it’s far from simple: they have to go to Site Settings, select the permission (e.g. Location), find the website in the “Blocked” list, select it, and finally press the “Clear & reset” button twice.