For example, when your user is changing settings or flipping through search results. In such cases you can use Inline Keyboards that are integrated directly into the messages they belong to. Unlike with custom reply keyboards, pressing buttons on inline keyboards doesn't result in messages sent to the chat.
Instead, inline keyboards support buttons that work behind the scenes: When callback buttons are used, your bot can update its existing messages or just their keyboards so that the chat remains tidy. Check out these sample bots to see inline keyboards in action: Commands present a more flexible way to communicate with your bot.
The following syntax may be used:. Commands can use latin letters, numbers and underscores. Here are a few examples:. Messages that start with a slash are always passed to the bot along with replies to its messages and messages that mention the bot by username. If multiple bots are in a group, it is possible to add bot usernames to commands in order to avoid confusion:.
This is done automatically when commands are selected via the list of suggestions. Please remember that your bot needs to be able to process commands that are followed by its username. In order to make it easier for users to navigate the bot multiverse, we ask all developers to support a few basic commands. Telegram apps will have interface shortcuts for these commands. Users will see a Start button when they first open a conversation with your bot. Help and Settings links will be available in the menu on the bot's profile page.
You can use bold, italic or fixed-width text, as well as inline links in your bots' messages. Telegram clients will render them accordingly. Bots are frequently added to groups in order to augment communication between human users, e.
This is especially true for work-related groups. A bot running in privacy mode will not receive all messages that people send to the group. Instead, it will only receive:. On one hand, this helps some of us sleep better at night in our tinfoil nightcaps , on the other — it allows the bot developer to save a lot of resources, since they won't need to process tens of thousands irrelevant messages each day.
Privacy mode is enabled by default for all bots, except bots that were added to the group as admins bot admins always receive all messages. It can be disabled, so that the bot receives all messages like an ordinary user. We only recommend doing this in cases where it is absolutely necessary for your bot to work — users can always see a bot's current privacy setting in the group members list. In most cases, using the force reply option for the bot's messages should be more than enough.
So what messages exactly will my bot get? Telegram bots have a deep linking mechanism, that allows for passing additional parameters to the bot on startup. It could be a command that launches the bot — or an auth token to connect the user's Telegram account to their account on some external service. Each bot has a link that opens a conversation with it in Telegram — https: You can add the parameters start or startgroup to this link, with values up to 64 characters long.
We recommend using base64url to encode parameters with binary and other types of content. Following a link with the start parameter will open a one-on-one conversation with the bot, showing a START button in the place of the input field. If the startgroup parameter is used, the user is prompted to select a group to add the bot to. As soon as a user confirms the action presses the START button in their app or selects a group to add the bot to , your bot will receive a message from that user in this format:.
Suppose the website example. Here's what they could do to enable notifications for a user with the ID Some bots need extra data from the user to work properly. Bots can ask a user for their location and phone number using special buttons. Note that both phone number and location request buttons will only work in private chats. When these buttons are pressed, Telegram clients will display a confirmation alert that tells the user what's about to happen. BotFather is the one bot to rule them all.
It will help you create new bots and change settings for existing ones. The BotFather will ask you for a name and username, then generate an authorization token for your new bot. The Username is a short name, to be used in mentions and telegram. Usernames are characters long and are case insensitive, but may only include Latin characters, numbers, and underscores. The token is a string along the lines of Millions choose Telegram for its speed.
To stay competitive in this environment, your bot also needs to be responsive. In order to help developers keep their bots in shape, Botfather will send status alerts if it sees something is wrong. If we get abnormally low readings, you will receive a notification from Botfather.
Your bot is sending much fewer messages than it did in the previous weeks. This is useful for newsletter-style bots that send out messages without prompts from the users. The larger the value, the more significant the difference. Malicious apps could use this to disable security apps.
This permission is provided by the Android OS itself , and is not available to third-party-apps. Applications that require some type of authentication from accounts that are "connected" to the device. A list of the accounts are ususally displayed so you can choose the account to use with the application.
An evil app could use this permission to spy on you what are you using? Not for use by normal apps. It is not made officially available yet up to Android 4. This permission does not seem to have any risk associated with it. It will allow an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: Other than that however, most apps should not need this permission.
Typically it used when the provider has some permissions protecting it which global search would not be expected to hold , and added as a read-only permission to the path in the provider where global search queries are performed.
This permission can not be held by regular applications; it is used by applications to protect themselves from everyone else besides global search. Not available to third party apps. List accounts for the user to chose from when using a Google service Bad Cop: Sniff and snoop, find "valid mail adresses" to abuse for other purposes e.
Automatic sign-in to use Google Services in the interest of the user Bad Cop: The protection level assigned seems to differ between devices. Intended only for hardware testing. Without this permission, you can only deliver events to windows in your own process. Malicious apps may use this to take over the device.
It is used to control and restrict access to media — e. Malicious apps may use this to add new apps with arbitrarily powerful permissions. This is a custom permission for the default Android Laucher the home screen. It would allow an app to put an icon or shortcut there. While not dangerous, this can sometimes be a sign of a potentially malicious or adware app, which could e.
This permission is not available to third party applications. Such an app can e. An example would be the lockscreen app, which needs to access the profile pictures of all users in order to show the "switch users" GUI see here. Not for use by third party apps. Any application that accesses the internet for any reason will have to request this permission.
This is of course required to loads ads which is why most apps request this , but can also be used to spy on personal data. Special caution is advised when this permission is requested at the same time as others which access personal data.
Be aware mails can contain sensible personal information! This permission is a bit of a tricky one. Often this is used by what are called "task killers". Conversely this permission has some potential to maliciously close anti-virus or other security related apps. This should be treat caution. Few users should ever need an app with this permission. Rather, it could be an indicator of malicious intent especially if not requested by a task killer or system performance tuning app. This permission just enables an app to provide counter information to the launcher.
Usually this is done by mail apps. No risks known so far. Malicious apps could use this to place misleading icons on your homescreen — e. Like when you log in to facebook, it adds your account to the Account Manager accounts. For further details, see e.
This is only for use by the system. Should never be needed for normal apps. For use only by the device side MTP implementation. Restricted to system apps. Not for use by third-party applications due to privacy of media consumption. Restricted to system apps and those signed with the same key as the ROM.
But the network could be switched to a different carrier, roaming or the radio de activated, without informing the user. The permission can also be used to intercept incoming calls. The primary danger with this permission is that it could be used to erase data from an SD card or other similar storage in your phone. This is also not a permission any normal app should need. This permission just allows for connecting to SD cards for reading and writing.
While not a risk itself, this is also not a permission any normal app should need. The distance which NFC is able to work is only a few centimeters so that devices or a device and a tag must effectively be touching each other to communicate. Due to the distance, this technology is not particularly dangerous.
However it does present a small risk and it is something that should used with caution. Most likely refers to app statistics, e. Deprecated at API level 9 Gingerbread. This would allow an app to see what numbers are called and other personal info. This might be required for e. Malicious apps could however use this to slow down the system. This permission should be treated with great caution. Many email attachments contain highly sensitive and personal or financial information. This permission is of moderate to high importance.
While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access.
Additionally, it's good to keep in mind that calendar events can, and often do contain contact information. Some more detailed background and preventive measures can be found in the following XDA article: Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps.
Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: Developers can use this content provider to display label information to the user. This permission was granted to all apps by default up to Android 4. This changed with Android 4. If an application already requests write access, it will automatically get read access as well.
An MP3 player of course should have access to your music files stored there — but along with that, it could also access all other data stored on the card. Which means, you should never store sensible data unencrypted on your SDCard. Not being able to find any documentation Gmail is, after all, closed source , I can neither tell the difference nor what they expose.
Applying some deduction to related permissions and their discussions, this post on Android. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps. This allows the application to read what any other applications have logged, which might contain sensitive and even personal data.
Lacking documentation, I again can guess here only; it seems to be bound to the "Me" contact in your address book. This permission is automatically granted to apps targeted at Android 1. This is a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile. Messenger apps might want to pick the profile picture from here. No documentation found, hints welcome! Android Icon Hijacking Good Cop: This permission is mostly a privacy concern.
Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS replacment" apps such as Handcent and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device.
This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen. Check the app permission. This is a new permission introduced with Android 4. By granting this permission you are giving an app the ability to read not only your information, but any updates posted by people in your social circles.
This permission mostly allows the application to know if you have background data sync such as for Facebook or Gmail turned on or off. Might be a indicator that the app wants to adjust its behavior accordingly and respect your wishes concerning when to sync and when not. Note that this only allows access to the sync settings — not to synchronized data.
There is a minor risk that some personal information could be gleaned from the sync stats, but the information is unlikely to be valuble. Sync in this case relates to syncing of contacts and other types of media on the phone.
This should really only be required by an IME , or a dictionary editor like the Settings app. This would allow an app to read words added to your custom dictionary. Oftentimes this is abbreviations like "brb" that you might add for typing text messages. Unless you save personal information in your dictionary, this permission is of almost no risk. This permission will allow an application to tell Android to run the application every time you start your phone.
While not a danger in and of itself, it can point to an applications intent. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them.
As such, the use of this facility should be explicitly declared to make that visible to the user. Reserved for system apps. Any app that can read your MMS messages could gather a lot of information about you.
More details on this permission can be found a. However, there seems to be a broadcast intent android. While this permission is not typically dangerous, it is a potential tool for eavesdropping.
However recording audio has legitimate uses such as note taking apps or voice search apps. As a side note recording audio is typically a significant drain on the battery. Malware could use this to push some ads o. System Tools si 0 Allows an application to request installing packages. As this action launches the application installer, the user should be asked to confirm each install.
This permission is deprecated, and should no longer be used. It will allow an application to tell Android to 'kill' the process of another application. However, any app that is killed will likely get restarted by the Android OS itself. Malicious apps can use this to confuse other apps that download files. Only available to system apps. This most likely refers to the possibility to reject incoming calls with an SMS. This could let an application send an SMS on your behalf, and much like the phone call permission, it could cost you money by sending SMS to for-pay numbers.
Certain SMS numbers work much like numbers and automatically charge your phone company money when you send them an SMS. Malicious apps may completely compromise the system.
Normally used for debugging purposes only. Should not be requested by third-party apps. This permission seems to be of low risk because it doesnt allow the setting of the alarm directly. Rather it allows the opening of the alarm app on the phone. Gives an app the opportunity to enable debugging for other apps.
Malicious code could thus delete other apps. Deprecated with API level 7, it no longer has any effect. Not for use by third-party apps. Should pose no risk except you maybe late to work. Low risk, if any except for shocking background images, maybe.
Lacking documentation, the best guess is this is about settings for size and position. This is a protected permission so unless you're building your own ROM that includes replacing the status bar then I don't think this is the permission you want. This would give an app access to RSS feeds that you have subscribed to. If you do, this permission is akin to letting an app have access to your browser history. It could glean interests and preferences and other semi-personal information.
This permission allows an app to show a "popup" window above all other apps, even if the app is not in the foreground. Almost no apps should require this permission unless they are part of the Android operating system. An example of a system alert would be the alert you are shown when your phone or tablet is out of battery and is about to shut down. SE "Drawing over other apps" tasker.
For details, please see the corresponding page on the project site. Useful for infrared remote controls. This app may use the "credentials" to log into an account. In most cases, "credentials" just means the corresponding authenticator creates a fitting token and hands that over though, how to deal with that is left to the authenticator. When using an account for the first time, the Account Manager should make sure the user is asked whether he permits this.
For details, see e. It allows an application to directly bill you for services through Google Play. Users will be required to confirm any purchase made however this is potentially costly. Users should beware of games and other free apps with in-app billing. Should only be found with payed apps, but poses no risk with others either. As it states, this permission lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
Of course this has strong effects on battery endurance, especially when used frequently. Malicious applications could monitor, redirect or modify network packets without your knowledge.
A malicious app theoretically could use it to connect you to a different carrier. Apps using this permission can add calendar events, but not read them. However, a malicious app can cause a lot of confusion if you suddenly find a lot of calendar alerts in your notification bar. Malicious apps may use this to erase or modify your call log.
This permission is not much of a danger by itself, but rather could be used to hide other malicious behavoir. However it has a legitimate purpose for dialer replacements or voice over IP apps like Google Voice.
This will allow applications to read, write, and delete anything stored on your phone's SD card. This includes pictures, videos, mp3s, documents and even data written to your SD card by other applications. However, there are many legitimate uses for this permission. Many people want their applications to store data on the SD card, and any application that stores information on the SD card will need this permission unless they restrict themselves to their app specific directory provided by the system.
Any app targeting Android 1. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column. This includes sending and deleting.
Browsing habits are often tracked through regular computers, but with this permission you'd be giving access to more than just browsing habits. The API reference not only gives no closer information, but not even mentions the permission at all. A guess is it refers to the owner data one can place on the lock screen.
This permission should only be seen on Android system apps and possibly wireless carriers or hardware manufacturer pre-installed apps. Global settings are pretty much anything you would find under Android's main 'settings' window. However, a lot of these settings may be perfectly reasonable for an application to change. Typical applications that use this include: This permission appears to be an offshoot from the "send SMS" permission. This should allow an app to write, but not send an SMS message.
Users should still be cautious of this permission however. Many kinds of malware lure users into sending SMS to special for-pay numbers costing them money. Malware could use this to spread messages on behalf of the user.
This permission relates to backup and sync of certain types of information like contacts. It allows an app to write settings for how that account and the data are sync and backed up. This is a common permission for social services or contact managers or any other type of app with an account associated with it.
Alone, this permission doesn't allow an app access to contacts or other sensitive data. Rather, it just relates to how that data is backed up. Nevertheless, care should be taken as always. This alows an app to add custom words to your user dictionary, so auto-correction will consider it the next time you type it. Permissions that provide direct access to the hardware on the device that has an effect on battery life.
Permissions that are related to the other applications installed on the system. Permissions that can be used to make the user spend money without their direct involvement — e. Group of permissions that are related to development features. Permissions that provide direct access to the hardware on the device. Permissions that allow an application to send messages on behalf of the user or intercept messages being received by the user.
Permissions that are associated with accessing microphone audio from the device. Permissions that provide access to networking services. Permissions that provide access to information about the device user such as profile information. Permissions that are associated with accessing and modifying telephony state: Permissions that provide access to the user's social connections, such as contacts, call logs, social stream, etc.
Permissions that are related to system APIs. Low risk or "Standard". The app must be signed with the same certificate as the ROM itself. Like "signature"; but it also can be a "normal system-app". The ROM must be signed with a development key. Allows an app to access approximate location derived from network location sources such as cell towers and Wi-Fi. Allows the app to access the download manager and to use it to download files.
Allows the app to access the download manager's advanced functions. A good example for poor documentation, as even books on Android application development state: Allows an application to create mock location providers for testing, and is intended for development use in e.
Allows applications to access information about networks, including if a network is available or just connecting , what type of network the device is connected to, if any WiFi, 3G, LTE , if it's in Roaming, and also reasons for a failed connection attempt if any. Enables an app to toggle your notification policy, e.
Allows the app to retrieve, examine, and clear notifications, including those posted by other apps. An app with this permission obviously wants to use "root powers". Allows an application to use SurfaceFlinger's low level features.
This could be requested by any application that uses internet access. Allows applications to call into AccountAuthenticators. Allows an app to receive periodic updates of your activity level from Google, for example, if you are walking, driving, cycling, or stationary.
Allows apps to accept cloud to device messages sent by the app's service Amazon Device Messaging — like GoogleCloudMessaging. Allows an application to act as an AccountAuthenticator for the AccountManager. Permits an app to manage backups of another app. Allows the application to participate in the system's backup and restore mechanism. Enables an app to paint numbers on icons, using the "Badge Service" described with badge. Allows an application to collect battery statistics.
Allows the holder to bind to the top-level interface of an accessibility service. Allows an application to tell the AppWidget service which application can access AppWidget's data. Allows the holder to send intents to a device administrator. Allows the holder to bind to the top-level interface of an input method. This permission gives access to the JobService and allows the Android system to run the application in the background when requested.
Must be required by an NotificationListenerService , to ensure that only the system can bind to it. Must be required by a PrintService , to ensure that only the system can bind to it. Allows the holder to bind to the top-level interface of a widget service. Allows the holder to bind to the top-level interface of a text service e.
Allows the holder to bind to the top-level interface of a Vpn service. Allows the holder to bind to the top-level interface of wallpaper.
Allows applications to connect to paired bluetooth devices. Allows applications to pair bluetooth devices without user interaction. Allows the app to access data from sensors you use to measure what's happening inside your body, such as heart rate. Required to be able to disable the device very dangerous! Can broadcast data messages received from the Internet to apps registered to listen for them.
Allows an application to broadcast sticky intents. Allows apps to accept cloud to device messages sent by the app's service GoogleCloudMessaging.
Allows apps to send cloud to device messages GoogleCloudMessaging. Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed. Allows an application to call any phone number, including emergency numbers, without going through the Dialer user interface for the user to confirm the call being placed.
Required to be able to access the camera device. Allows an application to capture audio output. Allows an application to capture secure video output. Allows an application to capture video output. Allows an app to change whether an application component other than its own is enabled or not. Allows an application to modify the current configuration, such as locale.
Allows applications to change network connectivity state. Allows applications to enter Wi-Fi Multicast mode. Allows applications to change Wi-Fi connectivity state. Allows the app to connect the device to and disconnect the device from WiMAX networks. Allows an application to clear the caches of all installed applications on the device.
Allows an application to clear user data. Permits an app to collect customer metrics for Amazon, on how an app is used. Allows applications to disable the keyguard. Allows to queue downloads without a notification shown while the download runs.
Allows an application to retrieve state dump information from system services. Allows this application to access your email database, including received messages, sent messages, usernames and passwords.
Allows an application to expand or collapse the status bar. Run as a manufacturer test application, running as the root user. Allows access to the flashlight. Allows the app to forcibly stop other apps.