Here is the email I received from Google Play. I added QUERY ALL PACKAGES permission to the manifest file so that all the features would function properly in Android 11 or later. But in reality, I simply require a portion of the permission to implement those functionalities. So, if the "QUERY ALL PACKAGES" permission is withdrawn and another core permission is added in manifest file, do we still need to submit a permission declaration?
DEVELOPER UPDATE
Hello Google Play Developer,
If your app requires the QUERY_ALL_PACKAGES permission, you need to
submit the declaration form in Play Console by July 20. Otherwise, you
will not be able to submit new apps or app updates.
Action required:
If your app does not require use of the QUERY_ALL_PACKAGES permission, you must remove the permission from your app manifest.
If your app requires use of the QUERY_ALL_PACKAGES permission, you’ll need to provide a description and short video of the core
feature in your app that requires this permission. To prepare for the
questions you’ll need to answer, review this Help Center article.
You have until July 20 to submit the declaration or remove the
permission from your app manifest. Apps that fail to meet the policy
requirements or do not submit the declaration form may be removed from
Google Play starting July 20.
Thank you for continuing to partner with us to make Google Play a safe
platform for you and your users.
Thank you,
The Google Play team
Try these solutions if you don't need QUERY_ALL_PACKAGES permission
https://stackoverflow.com/a/73104066/10657559
https://stackoverflow.com/a/72774358/10657559
Updating an app that has sensitive permissions on the Google Play Console
In my case I have submitted declaration form in play console like below
Go to Google Play Console , under Policy area -> App Content -> click Manage button under Sensitive permissions and API
Here lists all sensitive permission used in our app -> click Manage button under corresponding permission
Fill the declaration form
I have submitted this 3 weeks ago and I haven't met with any issues from Google Play Console so far.
Related
i got the following notification when i upload Flutter my app to Google console.
We found that your manifest file contains the REQUEST_INSTALL_PACKAGES permission.
Starting September 29, 2022, apps that use this permission will not be able to submit >updates for review until they have completed a new sensitive permission declaration.
This declaration will be available in Play Console on August 31, 2022. You'll need to >declare which permitted functionality your app provides, tell us about a core feature in >your app that uses the permission, and provide a video showing its use.
You must remove this sensitive permission from your manifest if your app does not use >the permitted functionalities, or if you no longer use this permission. To learn more, >watch this PolicyBytes video.
Permission description
https://support.google.com/googleplay/android-developer/answer/12085295?hl=en
I checked the Mainefest. The permission is not declared there! How can i delete it!? It does not exist.
If you are using android studio try command + shift + f and type REQUEST_INSTALL_PACKAGES. Select project from the top section. It will display all codes that use this key. Remove the package if its not being used.
Hello Shareef Dweikat,
It seems like you are using a 3rd library that's using this permission
It could be a Huawei SDK
Please double check inside the following path:
app/build/intermediates/merged_manifests
I'm publishing an Android app on Google Play Store and I have enabled sms permission in the manifest. After publishing it, Google rejected the app with the below information:
Issue: Violation of Permissions policy After reviewing your app, we
found that it doesn’t qualify to use the requested permissions for the
following reason(s):
Based on our review, we found your app’s expressed user experience did
not match your declared core functionality {Default SMS handler (and
any other core functionality usage while default handler), Default
Phone handler (and any other core functionality usage while default
handler)}. Please remove these permissions from your app.
Default handler capability was listed on your declaration form, but
your app does not appear to have default handler capability. Please
submit a revised declaration form.
As of the recent change to the application privacy policy, to view sms messages, your application must be the default sms handler. As stated in this reminder by Google.
You can submit a declaration for outlining why your app uses the sms permissions but it's unlikely that they will accept it, only a few use cases get approved.
You can remove this permission from manifest and remove run-time asking permissions and after updating your version code and version name. you have to push your app on alpha,beta or Internal test track first and then move it to production.
just add sms call permission in your manifest with tools:node="remove" tag and remove it from asking at run-time.
<uses-permission android:name="android.permission.SEND_SMS" tools:node="remove" />
after adding this Google play console will not ask you to fill up the permission declaration form.
if you still faces any issues you can chat live with google play console team or communicate with them through mail
https://support.google.com/googleplay/android-developer/answer/7218994?hl=en
Wait for some time if you get message like "Chat support is currently not available." it will update after some time.
If you're using any SMS or CALL_LOG related permission you need to submit a Permissions Declaration Form for your app.
check this and this for more info
There are two answers to this question
Answer 1.
If you roll out a release using the Google Play Developer Publishing API and Google Play has not previously approved your APK or App Bundle's use of high risk or sensitive permissions, you will receive an error.
To continue managing releases using the Publishing API, you must either remove any high risk or sensitive permission requests from your app and create a new release with the revised APK or App Bundle or prepare and roll out your release using the Play Console web UI, following these steps:
Upload your APK or App Bundle with high risk or sensitive permissions requested
Complete the Permissions Declaration Form as above
Complete the rollout of the release using the Play Console web UI
If you still need the sms permission as well as other sensitive permission declaration in you manifest,
You can also Fill and submit a Permissions Declaration Form for your app and create a new case during the process. Google will review your reasons for requesting those permissions and get back to you. Do not rollout a new update until you've received a reply from Google else, your app will be rejected again.
If you still need the sms permission to be declared in your manifest, you can fill the Permissions Appeal Form by clicking on the link below:
https://support.google.com/googleplay/android-developer/contact/permissions
While I am updating an app on Play store. I am getting following error according to the new policy of Google:
I have also checked all the options that are available, but again and again, Google rejects my application.
I am new to Android.
Issue: Violation of Permissions policy
After reviewing your app, we found that it doesn’t qualify to use the requested permissions for the following reason(s):
Based on our review, we found your app’s expressed user experience did not match your declared core functionality {SMS-based financial transactions (e.g., 5 digit messages), and related activity including OTP account verification for financial transactions and fraud detection}. Please remove these permissions from your app.
This is my manifest containing permissions I have declared
SMS permission is no more allowed to read OTP as android is going to give this feature to users out of the box.
You have to register as a messaging app to get SMS and CALL_LOG permissions.
So recently, Google changed its policies, read it at XDA
Same thing happened with my app, It got removed from play store, for using SMS features.
You need to remove those permissions from Android Manifest and if you need to send a message to someone, you need to use Intents to form a message and fill out the messaging app and user has to manually send the message.
Or if you are trying to access SMS permission for automatic OTP, there are other ways to do it.
As it turns out, you need to fill a form. Read this article from Google and refer to this answer on StackOverFlow
Do not update your minSdkVersion in this release. You need to rollout removal of permissions for all of your users.
Try deactivating previous versions of your apk on play console. If you updated minSdkVersion of your app and did not deactivate older apks, older devices are still served the apk with permissions.
This worked for me!
I am working on an app where I am using a custom permission as defined by another developer in their SDK.
According to Google, if we add a pre-defined permission, such as <uses-permission android:name="android.permission.INTERNET" />, then, when a user updates the app, they will be prompted to approve this new permission. This happens before the app is updated; if the user does not accept, the app is not updated.
Now, we want to add in this custom permission. Will the Play Store still ask users to accept this new permission prior to updating the app when we release the new version on the Play store?
Yes all permissions are required to be approved by the user. If the updated version has new permissions : grouped or others, they need to be approved by user.
From Google's policies:
Users who wish to have full control over new individual permissions being added to an app can review individual permissions for an app at any time, or may consider turning off auto-updates for one or more apps. Any permissions that are not part of a permissions group, including those that are not shown in the main permissions screen, will be shown in the "Other" group.
Update
From M the permission model will change. Users will control the permissions at runtime. Good for users but more work for developers, as now we have to handle the permission denial. Read more here.
When people download your app they have to accept the permissions that you set in your manifest.
If you set a new permission in the android manifest of your app, then people who have downloaded your app will need to accept the new permission first. So if you update your app and you have new permission it won't auto update and people need to first accept it in the google play store.
From Google's support page:
When an app updates, it may need to use additional
capabilities or information controlled by permissions.
If you have automatic updates enabled, you won't need to review or
accept these permissions as long as they are included in a permissions
group you already accepted for that app.
If the app needs access to an additional permissions group, you'll be
asked to accept the update, even if you've set an app to update
automatically.
If you prefer to review each update manually, you can change your
update settings.
Yes, Google play will ask users to approve custom permissions.
Google clearly mentions that
"If the app needs access to an additional permissions group, you'll be asked to accept the update, even if you've set an app to update automatically."
and
"Developers may automatically add additional permissions within each group"
Since custom permissions do not belong do any permission group, they are shown in other permissions and when updating an app if new permissions are added to others group, play store will ask users to approve those permissions.
Official Source: https://support.google.com/googleplay/answer/6014972 (open link and click on other)
This page says "Note: If an app adds a permission that is in the "Other" group, you'll always be asked to review the change before downloading an update."
Scenario:
I have an app already deployed on Google Play.
For some internal reasons, we'll have a separate app (separate .apk) which define a custom permission on the manifest:
<permission
android:name="<my.app.package>.PERMISSION.extras"
android:protectionLevel="signature"/>
and the existing app will use this permission.
<uses-permission
android:name="<my.app.package>.PERMISSION.extras"/>
both apps are signed with our key and it the communication between the two apks is working fine.
Now the question:
because of this new custom permission, will Google Play:
require our users to go to Google Store -> My Apps -> <my.app> -> Update
or
just auto-update as usual, and it only cares about the new permissions if it is one of the android.permission.* permissions ?
Any well based information will be deeply appreciated.
To answer my own question I setup a small test.
test procedure:
created new google account, on a tablet and downloaded the app
added this new user to the G+ community for Alpha testers of the app.
on this user account, accepted to be an alpha tester
double checked that the app is with auto-update enabled.
pushed an update to the app with the new custom permission.
await for the cloud...
results:
on Google play developer console it shown the extra permission on both the total number of permissions and the list of permissions.
after a few hours the tablet auto-updated with no problems.
the custom permission are not shown on Google Play Store in the tablet
the custom permission are not shown on the tablet Settings -> Apps -> My App -> Permissions
so final answer:
custom permissions with signature level protection do not stop the auto-update from Google Play Store.
I believe custom permissions would fall under the category of "Other." Based off this page, you'll be asked to download the update when adding the permission. If the permission has already been approved, this may be different.
Whether or not the user has to manually go to the Play Store to get updates or if the app updates itself is also a different matter. This is dependent on the user settings within their Play Store application. You can refer to "App Updates" in the page linked previously. With Auto-Update enabled the user won't be prompted to approve permissions if the new permission group has been previously added (this may not apply in your case because it's a custom permission). No matter what, if your app is adding a new permission group, the user will be asked to accept the update.
I believe only if the user has auto updates disabled and notifications disabled for their Play Store application, will they need to manually go to the Play Store -> App -> Update.