If you use Android and the option appears for “Allow limited access” to your photosYou're facing one of the platform's most significant privacy changes. Starting with Android 14, the system allows apps to access only the images and videos you choose, without opening your entire gallery at once. This change improves your privacy and alters how developers and users manage permissions.
In these lines we explain, in detail, how limited access works in Android, what permissions are involved (such as READ_MEDIA_IMAGES, READ_MEDIA_VIDEO and READ_MEDIA_VISUAL_USER_SELECTED), what implications this has for apps, how to act if an app asks for permission repeatedly, what Google Play recommends to developers, and how it all integrates with the Google Photos app and manufacturers' galleries.
What does limited photo access mean in Android 14?
Android 14 brings "Access to selected photos", a feature that allows users to grant an app access only to selected photos. specific images and videos from your library. This replaces the old "all or nothing" approach and reduces the risk of data exposure if an app experiences a security issue or misbehaves.
This behavior is triggered when the app targets Android 14 (API level 34) or higher. If the app uses the system photo picker, it may offer a coherent and private experience without requesting storage permissions. If, on the other hand, the app maintains its own gallery, it must adopt the permission READ_MEDIA_VISUAL_USER_SELECTED to manage reselection and partial access.
If the app does not adopt the new permission, Android runs it in a compatibility modeIn that mode, when you choose "Select photos and videos", the access granted is temporary during the session; when you exit the app, the system can revoke those permissions later, which explains why some users see the notification repeated.
How apps should adapt: ​​permissions and flows
Apps with their own selector need to request the appropriate permissions in the manifest, adjusting to the Android version of each device. In short, we're talking about READ_EXTERNAL_STORAGE (up to Android 12L), from READ_MEDIA_IMAGES y READ_MEDIA_VIDEO (from Android 13), and from READ_MEDIA_VISUAL_USER_SELECTED to control reselection and partial access in Android 14+ when the app targets API 34 or later.
The runtime request should also vary. In Android 14+, it's advisable to request all the necessary permissions in a single operation to avoid multiple system dialoguesAdditionally, if the app only works with video, it can only request READ_MEDIA_VIDEO along with READ_MEDIA_VISUAL_USER_SELECTED so that the selection dialog only shows videos.
Google recommends displaying a clear button in the UI so the user can expand or change the selection When you choose limited access, you won't be surprised to see the system permissions dialog box again.
Create or customize your own gallery selector with MediaStore
If you prefer to keep your own selector, you should consider that it entails further development and maintenanceYour app will need to request storage permissions consistent with the system version, and manage reselection with READ_MEDIA_VISUAL_USER_SELECTED in Android 14+ and update the interface so that the user can grant access to a different set of photos and videos whenever they want.
In the manifesto, a typical example It would differentiate between devices with Android 12L or lower, Android 13+, and Android 14+ with the new capability of limited access:
<!-- Hasta Android 12L (API 32) -->
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" android:maxSdkVersion="32"/>
<!-- Desde Android 13 (API 33) -->
<uses-permission android:name="android.permission.READ_MEDIA_IMAGES"/>
<uses-permission android:name="android.permission.READ_MEDIA_VIDEO"/>
<!-- Para reselecciĂłn y control de acceso limitado en Android 14+ (API 34+) -->
<uses-permission android:name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED"/>
At runtime, the app must request the correct permissions according to Build.VERSION.SDK_INTFor Android 14+, you would ask READ_MEDIA_IMAGES, READ_MEDIA_VIDEO y READ_MEDIA_VISUAL_USER_SELECTED, adjusting the list based on the content you actually need (images only, video only, or both).
Apps that don't need permission to write to shared storage
Since Android 10 (API 29), apps no longer need storage permission to create files in shared storage. In other words, your app can save photos, record videos or download PDFs without requesting read permission. If your use case only "writes" and doesn't query the gallery, remove the permission request and limit its scope with maxSdkVersion=28 for READ_EXTERNAL_STORAGE in the manifest.
Control of new partial access: statuses and checks
Your app must distinguish whether it has full, partial, or denied access and act accordingly. In Android 13 (API 33), if the user grants READ_MEDIA_IMAGES/VIDEOWe're talking about full access. On Android 14+, if only full access was granted READ_MEDIA_VISUAL_USER_SELECTEDAccess is partial to the selected elements. Up to Android 12 (API 32), having READ_EXTERNAL_STORAGE This implies full access to the public part of the storage.
It is important to remember that the user can change the permission status from settings at any time, even between onStart and onResumeTherefore, avoid saving the permission status in persistent storage: check it in real time every time you are going to operate.
How to browse the library with MediaStore
Once the appropriate permission (full or partial) has been confirmed, you can use MediaStore and ContentResolver To view images or videos. Starting with Android Q, it's recommended to use the volume control. EXTERNAL_VOLUME to encompass all storage volumes, and sort by date added to show the most recent content first.
A typical pattern involves executing the query in an I/O thread and, for production, adding paging with the Paging library To keep the app running smoothly when the number of items is very high, keep the result in memory while the app is in the foreground and refresh after `onResume` in case the user changed permissions.
How to check the user's last selection (Android 15 and backport)
In Android 15 and Android 14 with recent Google Play system updates, there is a query flag to retrieve only the last selection from the user when access is partial. Enabling QUERY_ARG_LATEST_SELECTION_ONLY In the query arguments, your app can focus on the newly granted elements, optimizing loading and UX.
This approach depends on the framework's extension version, so it's advisable to check that you meet the required level (for example, getExtensionVersion(U) ≥ 12) before using the flag to avoid breaking compatibility with devices that do not yet have it.
What happens when the device is updated to Android 14
If an app was already installed and the device It's being updated to Android 14The system retains full access to photos and videos that were previously granted. For example, if READ_MEDIA_IMAGES and READ_MEDIA_VIDEO permissions were granted in Android 13, these permissions are maintained when upgrading to Android 14.
The same applies to previous installations with older permits such as READ_EXTERNAL_STORAGE or even WRITE_EXTERNAL_STORAGE (on devices with Android 12 or earlier): after the update and when the app is already pointing to API 34, the system automatically grants READ_MEDIA_IMAGES and READ_MEDIA_VIDEO permissions for preserve accessHowever, permissions can be revoked at any time by the user or device policies.
Best practices for working with limited access
Do not persistently store the permission state (or in SharedPreferences nor in DataStoreThis status may become out of sync due to automatic permission resets, app hibernation, or changes in settings. Always check in real time with ContextCompat.checkSelfPermission() before accessing.
Don't assume the app has full access. If you cache results from Media StoreThese settings may become outdated if the user changes from full to limited access. Check them when needed and refresh them when you return to the foreground to reflect the new access level.
It deals with access to URI as temporary When the user chooses “Select photos and videos”. In limited access, the system may expire access; your app must gracefully handle the loss of access to a specific URI, regardless of its authority.
Request only what you need: if your workflow only requires video, ask READ_MEDIA_VIDEO plus the selection permission. If you need images and video, then request both; the system dialog will only display the requested content types, improving clarity and user confidence.
To avoid multiple conversations, request it in the same transaction. READ_MEDIA_VISUAL_USER_SELECTED, the relevant “read media” permission (IMAGES/VIDEO) and, if applicable, ACCESS_MEDIA_LOCATIONAdd explicit access to the interface so that the user can expand or modify their selection whenever they wish.
Compatibility mode: why it sometimes asks you every day
If an app continues to use its own selector and has not adopted READ_MEDIA_VISUAL_USER_SELECTEDAndroid puts it into compatibility mode. In the initial selection, if you choose "Select photos and videos," the system grants temporary permissions valid for the duration of the session. When the app goes into the background, those permissions are revoked. end up expiring And, upon reopening, the app has to request them again.
This explains the typical case of a user who chooses "Allow limited access" and sees the window every time they open the gallery app. If the app isn't prepared for the new workflow, that limited access won't be maintained. PersistentThe alternatives are: update to a version of the app that already supports the new permission, use the photo picker from the system within the app (when available), or grant full access if you trust the app and need to avoid the reminder.
Google Photos and the manufacturer's default gallery
Google Photos can share access with the default gallery app of brands like Xiaomi, OPPO, OnePlus or RealmeBy allowing this, the gallery can display all photos that are backed up to your account, and Photos receives limited data such as your email address or the backup status (as happens when Facebook asks for access to your mobile photos).
This access is requested via a pop-up notification, and you can change it from the Google Photos settings or the gallery app. If you remove access, to reactivate it you'll have to do so in the gallery itself (sometimes it appears as...). “cloud synchronization” or similar). Keep in mind that, depending on the gallery, deleting from that app may also delete items from Google Photos.
To delete an item from your device without affecting the backup, go to Google Photos, select the image or video, and use “Remove from device”You also have the "Free up space" function to delete from local storage while keeping copies in the cloud.
If you edit or delete from photos.google.com or another device, the changes may not be reflected instantly in your phone's gallery. Google Photos includes a shortcut called “Review unsynchronized changes” to help you align both sides.
Regarding albums: renaming them in the manufacturer's gallery does not create an equivalent album in Google Photos. In some OEMs (for example, LivingAlbum metadata can be backed up if Photos backup is enabled. If you stop using devices from the same manufacturer for 6 months, this data may be deleted (you'll receive an email notification).
Duplicates matter too. The manufacturer's gallery can show multiple local copies of a photo, while Google Photos shows only one. If you delete from Google Photos, you'll be asked if you want to remove it. all local copiesIf you delete from the gallery, you might delete a local copy and the one from Photos, but other local copies might remain intact.
Configure and review permissions from Settings on Android
From Settings > Apps > > Permissions You can grant or revoke access to the camera, microphone, photos and videos, location, and more. For sensitive permissions like camera or location, Android offers options such as "Only while using" or "Always ask."
The permissions manager (Settings > Security and privacy > Privacy > Permissions managerThis allows you to see which apps have each permission and change it centrally. You can also enable Android automatically revoke permissions for apps you haven't used in a while.
Potentially dangerous permissions: accessibility, administrator, and more
Some permits require special caution. The one for Accessibility It allows you to observe and perform actions on behalf of the user; it's essential for those who need it, but also very attractive to malware that tries to spy on or control the device. Google is increasingly restricting its use and activation. To find out which apps to avoid, consult the blacklist of fraudulent apps.
The permission of device administrator It allows for the application of powerful policies (blocking, resetting, preventing uninstallation). Its use is less common today outside of business environments, but in the wrong hands it can be devastating, as it can erase all data from the mobile device.
The permission of Show over other apps (draw over) enables useful bubbles and overlays, but also overlay attacks to steal credentials if used maliciously. Only grant it when you understand why the app needs it.
Access to todos los archivos (All files access) and media management (Manage media) permissions have broad scope. Google Play restricts them to very specific cases (file managers, backups, antivirus, editors, migration, etc.). Granting them indiscriminately allows for extensive reading, modification, and deletion of files.
The permit to install apps from unknown sources This permission is granted to the app that initiates the installation. It's not automatic (you must confirm), but when combined with overlays or other tricks, it could lead to the installation of unwanted software. Use it wisely.
Google Play policy for photo and video permissions
Google Play has tightened its policy regarding widespread access to photos and videos in shared storage. Apps with occasional or infrequent use must now use the system photo selector; READ_MEDIA_IMAGES/VIDEO is only allowed to be kept with a solid justification of primary use or broad access (managers/galleries, editors, UGC platforms…).
Key date: the policy was announced on 28th October 2023Between September 18, 2024, and January 22, 2025, developers using READ_MEDIA_IMAGES/VIDEO must submit a declaration to the Play Console or remove those permissions and migrate to a selector. From May 28, 2025, all apps must comply, or risk further action. removal from Google Play.
Policy FAQ: Uploading a profile picture or photo for a specific procedure is considered "one-off use"; social media, communication, or multimedia editors are not. Having your own filter does not justify general access, as you only access what the user chooses. There is an exception for enterprise device management.
Practical tips if you choose "Allow limited access" and it asks you every time
If you choose limited access and the app keeps asking for permission daily, it's very likely that the app is in compatibility mode (does not implement READ_MEDIA_VISUAL_USER_SELECTED). In this mode, the permission is temporary and expires when the app is closed or after a period of time in the background.
What can you do? Update the app to its latest version (developers are migrating to the new permissions), use the photo picker from the system when the app offers it, or grant full access if you trust the system and need to avoid constant notifications. For developers, the solution is to implement the new permission and offer a UI control to reselect content when the user wishes.
This change isn't a system failure; it's an evolution to protect your privacy. In return, apps must adapt to this limited access. be persistent and comfortable for everyday wear. If you want additional measurements, learn how to use temporary images.
All of the above fits with a clear trend: Android drives the minimum access requiredTransparency and user decision-making are key. With the photo picker, apps that only need specific files no longer justify broad permissions; with user selection permission in Android 14+, galleries and editors can make the leap to well-designed limited access without sacrificing functionality.
