In our app we just added the following permission : android.permission.QUERY_ALL_PACKAGES
on top of other pre-exisitng permissions.
This permission is a sensitive permission so we did everything that needed to be done in the Play Console.
Anyways, now we can publish the app in the Play Store so that is sorted.
Unfortunately we experience strange behavior, specifically during a clean install of this new app version everything works as expected. So functionality depending from this permission is working just fine.
But if this permission is introduced whilst executing an update of the app the functionality which depends from this permission is not working appropriately. It actually behaves like the permission has not been granted. When I do look in the Settings->App info screen regarding all the app permissions I do so see the query all packages permission...
We are at a loss here.
Does a newly introduced permission work right away after an app update ?
This is not a permission that needs to be requested (or granted) during runtime, or at least that is what we think.
Does anyone have experience regarding this different behaviour during an app install or an app update ?
Related
Google Play again rejected my app because I'm apparently using REQUEST_INSTALL_PACKAGES permission in my app. I never had this permission ever, I never had this issue before.
I checked merged manifest to find that kind of permission. There is none.
I've added
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
tag into my AndroidManifest.xml to be certain that my App is not using this kind of permission EVER. Even Merged Manifest is not containing that permission and at the bottom of the Merged Manifest there is Android Studio warning that I'm removing something that is not even present in my app:
Warning uses-permission#android.permission.REQUEST_INSTALL_PACKAGES was tagged at AndroidManifest.xml:25 to remove other declarations but no other declaration present MyApp.app main manifest (this file), line 24
So either I'm missing something or their app validation is broken and Google is false-flagging my app validation for some unknown reason.
There has to be some serious issues with their validation methods past 2 weeks because amount of issues I've got with my app is unacceptable. App has same permissions and using same libraries and their version for past 2 years and I never had any issues like this before.
And I'm not sure what else I can do to get my app validated and accepted again.
If you have previous builds with REQUEST_INSTALL_PACKAGES permission in the Open, Closed, or Internal testing you need to upload a new build without REQUEST_INSTALL_PACKAGES permission to Internal testing and then promote it to production.
If this solution does not work for you check the permissions used in your app at Google Play console. If REQUEST_INSTALL_PACKAGES is not shown there you must contact them and explain your problem and request again.
I'm working on a project based on cloud backup which saves and restore user's call log. It was working fine for the previous version but now getting following warning. I added a description before taking permission from the user but still getting the warning.
Your app is requesting the following permission which is used by less
than 1% of functionally similar apps: WRITE_CALL_LOG
Users prefer apps that request fewer permissions and requesting
unnecessary permissions can affect your app's visibility on the Play
Store. If these permissions aren't necessary, you may be able to use
alternative methods in your app and request fewer permissions. If they
are, we recommend providing an explanation to users of why you need
the permissions. Learn more
Note: This guidance is based on a comparison with functionally similar
apps, which change over time as new apps get published and existing
apps change behavior. Therefore the warning may change even if you
don't change your permission usage.
Its a warning. If you need that permission (and it seems your app does), then you're fine. If you didn't really need it, you should remove it. Google isn't going to scan your description to see if you explain it, that level of AI isn't really possible yet. So you'll continue to get the warning.
There is an app called bodyweight fitness on the play store without any permissions. It is available on git hub as well:
https://github.com/mazurio/bodyweight-fitness-android
I used the files from git hub and compiled the apk myself with Android Studio (without changing the files). When I try to install the self compiled app apk, it tells me that it will use the INTERNET though the play store app did not. There is no reason why this app should need any internet connection. Thus I removed this line from the AndroidManifest.xml
<uses-permission android:name="android.permission.INTERNET" />
After compiling and installing the app, it still tells me that it will use INTERNET. Does someone know why and how I can remove this permission?
PS: I asked the developer as well, but I got no response yet.
update:
You are right, it is added from another part aswell: crashlytics.
And you are right aswell about the hidden permission. It is shown in
the app details when the app is installed and it is shown in the play
store when you click on the "permissions" button.
Each android lib contains manifest file with package, permissions, acitivities etc so your app will show all permissions from dependencies. You may check final manifest creation log at {projectDir}/{moduleDir}/build/outputs/logs/manifest-merger-*-report.txt
This log will contain something like that
uses-permission#android.permission.INTERNET
ADDED from {myModulePath}/app/src/main/AndroidManifest.xml:6:5-67
MERGED from [net.hockeyapp.android:HockeySDK:4.1.1] /Users/devindi/.android/build-cache/ce70c6f87efc05633a59a88fccdb712db509e22d/output/AndroidManifest.xml:12:5-67
MERGED from [com.crashlytics.sdk.android:crashlytics:2.6.8] /Users/devindi/.android/build-cache/424d420499b90aec0a26ab1b5f575e318d0342b9/output/AndroidManifest.xml:9:5-67
MERGED from [com.crashlytics.sdk.android:beta:1.2.5] /Users/devindi/.android/build-cache/be2498e53f6aa976b3927954da943b23f0a800f6/output/AndroidManifest.xml:9:5-67
MERGED from [com.crashlytics.sdk.android:crashlytics-core:2.3.17] /Users/devindi/.android/build-cache/e5b1b150113ac2f0789b76a886f379cdafa8af2b/output/AndroidManifest.xml:52:5-67
MERGED from [com.crashlytics.sdk.android:answers:1.3.13] /Users/devindi/.android/build-cache/c86f3a3daec296cb6a32deb0b3d0c3f1370a024f/output/AndroidManifest.xml:9:5-67
MERGED from [io.fabric.sdk.android:fabric:1.3.17] /Users/devindi/.android/build-cache/0a51b13dbc46dc870c598edab9d128bf8f26a8d4/output/AndroidManifest.xml:29:5-67
As you see I requested network permission at my manifest and hockeyapp, crashlytics, fabric libs requested same permission also. https://developer.android.com/studio/build/manifest-merge.html
To force permission remove just add tools:node=”remove” to your permission declaration like that:
<uses-permission android:name=”android.permission.INTERNET” tools:node=”remove” />
This is because the INTERNET permission is a "harmless" permission. This means that you don't have to ask the user for permission, and that it will not show in the Google Play Store
Since Android 5.0, permissions have a "protection level". Some are dangerous, and some are normal. Normal means that you as an app developer do not have to ask the user for permission, and that it will not show in Google Play. Dangerous means that Google Play displays it and that you have to ask the User for permission.
Source and further reading: Android Developers
There is a difference between apps installed during development via your Android Studio, apps installed from an APK and apps installed from Google Play Store. Some permissions are granted automatically in the latter case, like for example the Internet or drawing on top of other apps. You need to take this into account while planning your deployment strategy.
I have an app in the Play store, but I want to add a user permission to the next release. Does the phone throw up the app permission screen for the added permissions?
Usually, the app permissions don't change and it is autoupdated or manually updated in a single step. But what happens when you add permissions? I've tried to Google it but can't find an answer.
(I realize this is not a code question, but it surely must be an important one for Android developers faced with this problem).
Does the phone throw up the app permission screen for the added permissions?
Yes. However, it shows all permissions, with the new ones highlighted with the word "New".
If an application changes its permissions, the Android market will generally mark it for manual update. Is this true if the change is only to remove a permission that was previously required by an app? Or will any change to the permissions mark the app for manual update?
EDIT
I tried it out today. Removed a permission from the app and put it up on the market. I had also ticked the 'auto update' feature in the mkt page. Although it did not automatically update the app, it did not say 'manual update' in the mkt page.
Removing permissions does not prevent auto-upgrades.
Adding a permission might prevent auto-upgrade, but not all permissions do. A good heuristic is to look at the protectionLevel of the permission; "dangerous" permissions will prevent auto upgrade, "normal" in general will not, but it's good to test with a small test bench app.
Third-party permissions are typically "normal" or "signed", and "signed" are treated same as "normal" with regards to auto upgrade.
Also, as of v4.1.6 Google Play app does show apps that require manual acceptance of new permissions in a separate "Manual Update" section. They are listed along all other updates, and the GP app will just show the new permissions dialog when user tries to update them.