Testing runtime permissions in a mobile app: states, on-the-fly revocation, and edge cases
Permissions aren't 'granted or not' — they're a state matrix. A five-state model, pre-permission priming, graceful fallback on denial, process death on on-the-fly revocation, background and precise/approximate location, ATT and limited Photos on iOS, 'Don't ask again' on Android, verifying via Proxyman traffic, and a 12-point checklist.