So, I'm out running here, and I've got this app on my phone called Straa. Straa is tracking my phone's location, and it's also allowing me—if I stop and see something pretty—to take a picture with my phone and add it to the app.

So, how does this work? On one side of the equation, you've got your app. I've represented it here as a block of code because, of course, that's what your app really is under the hood—even though in Bubble, we're never actually writing that code ourselves.

Then, what you also have is the operating system, or, as it's sometimes abbreviated, OS, for the device that your user is running your app on. This operating system controls access to what we call the device resources. That might be your camera or photo library. It might be your location—the location of the device. It might also be the ability to use push notifications that appear within the context of the user's native app.

The operating system makes sure these resources are secure by default, so that any old app can't just get access to your camera or location willy-nilly. That would be an obvious privacy and security risk. Instead, these resources are locked behind closed doors. Right? So, here are the doors, which are, by default, closed.

What actually has to happen is the application first has to ask the operating system for permission to access the user's native device resources. When it does that, your users will see a little message pop up on their screen asking them to give permission to the specified resource. If they hit “Accept,” that door will open, and the application will be able to receive, for example, images right from the resource—they’ll be passed through that door.

Conversely, if the app wants to access the device’s location, it will ask the operating system to, in turn, ask the user to grant permission to that particular device resource. If the user does grant that permission, the door opens, and the app gets access to the specified resource.

One little caveat: when we ask the user for access to one of their device resources, depending on the resource, they have a choice as to how much access they want to give us. For example, in the case of location services, they might choose to give access just this one time. After we get their location, the door will close. Or, they might say, “Hey, you can access my location whenever you like,” in which case the app is free to get the location from the user's device at any time.

By the way, in the case of location, that would be some mixture of GPS signal, internet signal, and things of that nature. But for simplicity, just think of it as the phone's hardware providing the location of the device. The point here is that the application can now access that data whenever it likes—but it is the user who explicitly allows the application to do so.

The user can also, at any time within their device’s settings, revoke the permission, effectively closing access to that resource. The next time the application requests that resource or data, it won’t be able to access it. The app can then display a corresponding message to the user, like, “Hey, in order to use this feature, you need to grant us access.”

This is what we're doing conceptually. Let's jump into Bubble now. Over the next few lessons, we'll see, practically speaking, how our application can access these device resources.