Problem with QUERY_ALL_PACKAGES in play console - android

i have an APP published in play store. This APP has a lib that uses the QUERY_ALL_PACKAGES permission.
So, i remove this permission in my AndroidManifest.xml
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" tools:node="remove"
tools:ignore="QueryAllPackagesPermission" />
After that i uploaded a new version to the play console, but it still keeps saying that the QUERY_ALL_PACKAGES permission is present.
My new build: 3603
Note that the QUERY_ALL_PACKAGES permission does not exist in this build
It seems that somehow the problem is still being associated with the previous version where it still had the QUERY_ALL_PACKAGES permission.
ps: BUILD 3494 is a older build
In short, I can't upload a version with updated permissions, because it still asks to fill in the form to use QUERY_ALL_PACKAGES, even removing this permission.
can anyone help?

I had the same issue as well, I ended up following this user's recommendation Updating an app that has sensitive permissions on the Google Play Console . I checked the app functionality, in the description I said I didn't need the functionality anymore with my newest release. I uploaded a bogus youtube video link. After about 5 min I was able to release the newest version without the QUERY_ALL_PACKAGES permission.

I was facing same issue because of my third party packages using Query all packages permission to Solve this
If you are using linux or unix based os then just go to location where flutter third party packages are installed in my case loaction is
~/snap/flutter/common/flutter/.pub-cache/hosted/pub.dartlang.org
Just run the following command in terminal
grep -r QUERY_ALL_PACKAGES *
this will gives all packages pubspec.yaml file path that uses query all packages permission remove or replace that packages

I believe this question describes the same problem, and it was answered.
QUERY_ALL_PACKAGES permission issue while my app doesn't contain it

According to google policy your All active Bundle versions need to be compliant as per google policy,
You just need to update the new version and increase the version number of Your App in all the production and testing(Internal/closed/Open) if any to deactivate the versions using QUERY_ALL_PACKAGES.
Follow this video
https://www.youtube.com/watch?v=mwTefutgXSU

Related

Unable to publish latest build because of sensitive permission issue

Google not allowed to roll out new build. Giving error sensitive permission issue.
In my flutter app, 'android.permission.REQUEST_INSTALL_PACKAGES' sensitive permission was added by 'open_file' plugin. Earlier i can upload build, but as per google current policy need to declare sensitive permission.
So I removed sensitive permissions which are not required in my app and tried to publish again. Still google didn`t allow to publish the latest build because this permission has been found in my previous testing build. I tried to change the testing build but didn't succeed. When i tried to change testing build that time google show sensitive permission issue in my previous production & previous testing build.
Please suggest me, how can i publish the new build.
Use open_filex package, Remove 'android.permission.REQUEST_INSTALL_PACKAGES' permission from android manifest and upload latest build in app console.
Open filex package has Removed REQUEST_INSTALL_PACKAGES permission in Android to comply with GooglePlay publish policies.

Android app update rejected by google play store because of REQUEST_INSTALL_PACKAGES permission

Is anyone got rejected from google play because of REQUEST_INSTALL_PACKAGES permission ?
I removed this permission from my app even removed plugin which used it but still got this rejection.
I checked all android manifest files, even all logs there is no REQUEST_INSTALL_PACKAGES permission
I had the same issue. Actually, there will be some other older build which is containing REQUEST_INSTALL_PACKAGES permission in the Testing(OPEN, CLOSED, INTERNAL) section that's why they are rejecting the app.
You can find such a build in the Policy Status section of the app console.
Btw, To fix this you have to suspend all such kinds of builds.
One way of doing it is, Take a fresh build and upload it to Internal Testing then promote this build to OPEN testing & after then promote it to production from the OPEN testing section.
This way it will exclude the older build and your fresh build will be approved. Added Screenshot for reference.
It may be in some library that you are using, which cannot be controlled, so remove it by add this to your AndroidManifest.xml:
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES"
tools:node="remove"/>

REQUEST_INSTALL_PACKAGES

Status: Approved with Issues - Further Action Required
We found issues with your app. You need to review and take action as described below, so that your app is not impacted in the future.
Issue found: Use of permission is not directly related to the core purpose of the app.
We found that your app is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed to be used. Specifically, the use of the permission is not directly related to the core purpose of the app.
Additionally, follow these steps to bring your app into compliance:
Please remove the use of REQUEST_INSTALL_PACKAGES permission from your app.
About the Request Install Packages Permission
Starting September 29, 2022, your app must be in compliance with the REQUEST_INSTALL_PACKAGES permission or your app may face additional enforcement actions. The REQUEST_INSTALL_PACKAGES permission allows an application to request the installation of app packages. To use this permission, your app’s core functionality must include:
Sending or receiving app packages, AND
Enabling user-initiated installation of app packages.
Permitted functionalities include any of the following:
Web browsing or search
Communication services that support attachments
File sharing, transfer or management
Enterprise device management
The REQUEST_INSTALL_PACKAGES permission may not be used to perform self updates, modifications, or the bundling of other APKs in the asset file unless for device management purposes. All updates or installing of packages must abide by Google Play’s Device and Network Abuse policy and must be initiated and driven by the user.
For more help addressing this issue, read more in our Help Center.
If your app does not install other apps externally, simply add the following permission to the manifest.
<uses-permission
android:name="android.permission.REQUEST_INSTALL_PACKAGES"
tools:node="remove"/>
I faced the same issue a month ago. This is related to the open_file package using REQUEST_INSTALL_PACKAGES permission in the manifest.
Issue: https://github.com/crazecoder/open_file/issues/204
The recommended solution is to use this fork: https://github.com/bertoldofonseca/better_open_file
I faced the same issue yesterdey. This permission used by open_file package.
you can user alternative packages such as better_open_file or open_filex or you can by pass this permission by adding belove code to AndroidManifest.xml:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="{you package name}"
xmlns:tools="http://schemas.android.com/tools">
and in permissions section add this code:
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
good luck
If you are going to delete this permission from manifest of your app. You need to do these:
REMEMBER It's unnecessary to remove any pub.dev package which uses REQUEST_INSTALL_PACKAGES permission, after adding this to your manifest
android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
because, they remove all such kinda permission from merged manifest file(make sure that manifest opening tag involve xmlns tools like that
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="YOU_APP_PACKAGE_NAME">
ONE OF THE MOST IMPORTANT STEP:
You need to update all Open Testing, Internal testing and Closed testing (all tracks even if they are not active). Update your Production channel too. You can check that you updated all required ones in Policy -> App content -> App bundles and APKs using sensitive permissions section. If section is not shown here, then you updated all tracks and channels
AFTER DOING JUST THESE SIMPLE BUT REQUIRED STEPS, YOUR NEW VERSION WILL BE ACCEPTED. GUARANTEED
Remove the permission from your manifest and in-app functionality.
Double check that your app is compliant with all other Developer Program Policies.
Sign in to Play Console and submit the update to your app.
Alternatively, you may also choose to deactivate these versions to avoid additional enforcements that could occur. You may follow the given steps to deactivate the non-compliant app bundles or APKS:
Go to your Play Console.
Select the app.
Go to the track where the non-compliant APK or app bundle is.
Near the top right of the page, click Create new release. (You may need to click Manage track first) If the release with the violating APK is in a draft state, discard the release.
Under the new release page, you can choose to: A) Upload a new, compliant APK/app bundle and make sure the new release is rolled out 100% to completely deactivate the non-compliant APK. B) Not upload any new APK/app bundle (publish an empty release to just deactivate the non-compliant old version).
Regardless of what you choose in step 5, please make sure that the non-compliant version of APK/app bundle is under the Not included section of this new release. For further guidance, please see the "Not included (app bundles and APKs)" section in the Play Console Help article.
To save any changes you make to your release, select Save.
When you've finished preparing your release, select Review release.
If the non-compliant APK is released to multiple tracks, repeat steps 3-8 in each track.
Experienced the same issue a week ago. Check your builds in the Internal Testing or any other environments. Because I received the same email, but there was no information about where exactly this permission exists. Because I removed it from production build. But when I wrote to policy status technical support - they answered that the issues in the build in the Internal testing environment. I updated the build for Internal Testing and app in production was accepted.
I don't know why I have to update build in the Internal testing, because I haven't updated it for months.
But rules are rules.

App update upload failed 14 times on Google Play

I'm having a really hard time getting new app updates on Google Play:
Before that, I successfully uploaded my app first version (1.0.0) and got approved (April 16, 2021), then I got user feedback regarding Android 11 because it was not possible. read some files, after a while of researching I added the MANAGEMENT_EXTERNAL_STORAGE permission to AndroidManifest.xml and uploaded the updated version 1.0.1 but was rejected because Google does not allow the use of the above permission & asked to remove it. waive this right.
Issue: Access to device storage not required The feature you
identified does not require unrestricted access to device storage.
There are other privacy friendly options for accessing files in shared
storage, such as using the system file picker, or, on the use case,
you can follow the recommendations for receiving data from other apps
listed here. Please update your app so that the feature uses a privacy
friendly alternative and remove All Files Access
(MANAGE_EXTERNAL_STORAGE) permission.
I continued to do more research and found it was directed as "Change Target SDK 30 -> 29 and Remove MANAGEMENT_EXTERNAL_STORAGE permission from AndroidManifest.xml", I followed and re-uploaded again but still denied, to now the number of times i have tried up to 14 times (tried always build .aab & .apk) but nothing changed...
I don't know if there is a better solution so hopefully someone can help me and most importantly why did I remove the permission but Google still reported the reason as above?
Thanks everyone.
Steps to follow:
1.Remove MANAGE_EXTERNAL_STORAGE
2.change version code and version name
3 change api level and build level to 30
4.clean build
Genreate signed Apk
It should work now

Why HMS PushKit needs android.permission.REQUEST_INSTALL_PACKAGES

Recently I've added HMS PushKit SDK with this gradle code:
implementation "com.huawei.hms:push:5.0.4.302"
After That I've noticed that my application added to the list of apps with access to install apps from unknown source (special permission). I checked the AndroidManifest.xml file of one of this library's dependency (com.huawei.hms.base.availableupdate) and saw that it has this special permission:
<!-- If it is Android 8.0, the targetSdkVersion of the application compilation configuration>=26, please be sure to add the following permissions -->
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" />
So Why PushKit needs this permission? I don't want my app to use this permission. And If I remove it with this code is there gonna be a problem (crash):
<uses-permission
android:name="android.permission.REQUEST_INSTALL_PACKAGES"
tools:node="remove"/>
UPDATE
If you remove this permission, it will not be affected on Huawei phones,but the HMS Core APK may not be installed on non-Huawei phones.
can it cause to crash in our app because of upgrade failure?--no,Only will make the application cannot be automatically upgraded,have to uninstall and download the new version.
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" />
This permission is used to update the HMS Core and push kit APK. Push kit strongly depends on the HMS Core and push kit APK. If this permission is not granted, applications may fail to be installed, and causing upgrade failures of the HMS and push kit`s APK.
Therefore, this permission is mandatory.
android.permission.REQUEST_INSTALL_PACKAGES is a permission that allows a framework or a component on Android, to refer to an external (maven most often) repository, in order to minimise the final installation apk size for the end user by installing source code remotely, instead of packaging it all inside the same apk (for initial download).
Be careful with this permission, because if it is enabled, not on your app, but rather a dependency, it will be rejected. This is because if there are any security issues with your dependency, there is no way for google to pick this up, when you upload the app bundle onto the store. This is because of a remote download of the source code, instead of it being packaged inside the same apk that google can strip.
As a result google will not accept this apk, and it will be rejected (just because google does not know, and has no way of knowing if there is any malicous code being included in the final end user package).
You can try to fork this library, and remove the permission from the manifest, but then you will encounter missing method exceptions.
Your best bet in this case is to find another library that does not install extra source code from a remote maven repository, in order to avoid a google play store rejection.
Looking at this package, it looks like it's an SDK built on top of the Android SDKs. If there is a way for you to get around this, and work directly on the google android sdk, while also making it so the customer does not notice, then that should be fine. At the end of the day the customer does not care how you do it, as long as it works.

Categories

Resources