My old version of my app contained QUERY_ALL_PACKAGES permission but after the Google email sent to me saying that I can't use this permission in my app so I deleted it and I check if my apps still have the permission or not and I'm sure that my app does not have the permission and Google still accepting my app with QUERY_ALL_PACKAGES permission issue saying that I must not use the permission that I already deleted.
you can check if I missed anything from screenshots in the bottom
release details from google play console
and
permission from a device after installing the app
I also tried to add the following line to my AndroidManifest.xml file
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" tools:node="remove" tools:ignore="QueryAllPackagesPermission" />
As we discussed in the comments, you need to also check your "Internal Testing", "Closed Testing", and "Open Testing" release tracks. If these tracks still contain versions of the app that use this permission, you'll need to create new releases to supersede those versions.
Also, understand that you might still get a rejection email even after you've updated all release tracks. This is because the automated review might finish for one track before the others. So the review fails because it's not yet considering the new versions on your other release tracks.
Related
Google Play again rejected my app because I'm apparently using REQUEST_INSTALL_PACKAGES permission in my app. I never had this permission ever, I never had this issue before.
I checked merged manifest to find that kind of permission. There is none.
I've added
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
tag into my AndroidManifest.xml to be certain that my App is not using this kind of permission EVER. Even Merged Manifest is not containing that permission and at the bottom of the Merged Manifest there is Android Studio warning that I'm removing something that is not even present in my app:
Warning uses-permission#android.permission.REQUEST_INSTALL_PACKAGES was tagged at AndroidManifest.xml:25 to remove other declarations but no other declaration present MyApp.app main manifest (this file), line 24
So either I'm missing something or their app validation is broken and Google is false-flagging my app validation for some unknown reason.
There has to be some serious issues with their validation methods past 2 weeks because amount of issues I've got with my app is unacceptable. App has same permissions and using same libraries and their version for past 2 years and I never had any issues like this before.
And I'm not sure what else I can do to get my app validated and accepted again.
If you have previous builds with REQUEST_INSTALL_PACKAGES permission in the Open, Closed, or Internal testing you need to upload a new build without REQUEST_INSTALL_PACKAGES permission to Internal testing and then promote it to production.
If this solution does not work for you check the permissions used in your app at Google Play console. If REQUEST_INSTALL_PACKAGES is not shown there you must contact them and explain your problem and request again.
Google Play Support keeps Rejecting the last deployment of my App.
Below I'm quoting the reason for the reject:
Issue found: Permission use is not directly related to your app's core
purpose. We found that your app is not compliant with how
REQUEST_INSTALL_PACKAGES permission is allowed to be used.
Specifically, the use of the permission is not directly related to the
core purpose of the app.
Additionally, follow these steps to bring your app into compliance:
Please remove the use of REQUEST_INSTALL_PACKAGES permission from your
app.
After removing an unused package that was using the REQUEST_INSTALL_PACKAGES permission, I tried to re-deploy but I've kept getting the app rejected.
I can confirm that the current list of used permissions does NOT include the REQUEST_INSTALL_PACKAGES.
On play.google.com, I checked the permission lists of the last uploaded versions (see attached screenshot).
I also unpacked the lastly uploaded SDK file (using apktool), and searched "REQUEST_INSTALL_PACKAGES" in the extracted folder; of course, no results were found.
Has anyone any suggestion on how to solve this issue?
The same issue occurred with me. My app's previous versions included this permission but in the latest update, I removed them but still received rejection message via mail. Then I found that in the other track (internal testing track), I had an apk with REQUEST_INSTALL_PACKAGES permission. This was the main cause of rejection of my app update. I observed that the form 'App bundles and APKs using sensitive permissions' was showing the internal track's apk information regarding the use of REQUEST_INSTALL_PACKAGES.
So, I tried to deactivate my previous internal track's apk with the new version (that didn't include any REQUEST_INSTALL_PACKAGE permission). Now when I open my form page 'App bundles and APKs using sensitive permissions' again.
Now, it showed that no app bundle or apk uses this sensitive permission.
Hope that it could solve this issue. I am too waiting for my update to be approved.
First step, Check in your manifest merger file if the specified
sensitive permission is shown. Check in release variant. (Most likely
not, if yes, remove this permission)
Second step, In playstore, Go to app bundles explorer and check if
any of the older app bundles have this permission and is still
active. If yes. you have to provide an update to this track. It is
unfortunate that Google play review email does not mention that issue can
be in an older app bundles or other tracks
Provide an update to playstore.
Note, If you want to forcefully remove this permission (if you do not care
which library is adding it)
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
If none of the above works. You have to write them an email and clarify.
I have received a mail from play store that "We are unable to approve your app’s use of QUERY_ALL_PACKAGES permission because the declared task can be done with a less broad app-visibility method." and this issue found in 5.2.0(74) version of my app.
I have removed the QUERY_ALL_PACKAGES from manifest file and verified in merged manifest to made sure that QUERY_ALL_PACKAGES were completely removed. I have updated the new version of the app (5.2.3(84)) to all the tracks of play store and submitted for a review. new app is rolled out to the production and still I am seeing a waring message from play store as below.
Permissions of newly submitted app doesn't contain QUERY_ALL_PACKAGES. See the below image
What am i missing why is that i am still seeing the warning message of app being removed?
I'm publishing an Android app on Google Play Store and I have enabled sms permission in the manifest. After publishing it, Google rejected the app with the below information:
Issue: Violation of Permissions policy After reviewing your app, we
found that it doesn’t qualify to use the requested permissions for the
following reason(s):
Based on our review, we found your app’s expressed user experience did
not match your declared core functionality {Default SMS handler (and
any other core functionality usage while default handler), Default
Phone handler (and any other core functionality usage while default
handler)}. Please remove these permissions from your app.
Default handler capability was listed on your declaration form, but
your app does not appear to have default handler capability. Please
submit a revised declaration form.
As of the recent change to the application privacy policy, to view sms messages, your application must be the default sms handler. As stated in this reminder by Google.
You can submit a declaration for outlining why your app uses the sms permissions but it's unlikely that they will accept it, only a few use cases get approved.
You can remove this permission from manifest and remove run-time asking permissions and after updating your version code and version name. you have to push your app on alpha,beta or Internal test track first and then move it to production.
just add sms call permission in your manifest with tools:node="remove" tag and remove it from asking at run-time.
<uses-permission android:name="android.permission.SEND_SMS" tools:node="remove" />
after adding this Google play console will not ask you to fill up the permission declaration form.
if you still faces any issues you can chat live with google play console team or communicate with them through mail
https://support.google.com/googleplay/android-developer/answer/7218994?hl=en
Wait for some time if you get message like "Chat support is currently not available." it will update after some time.
If you're using any SMS or CALL_LOG related permission you need to submit a Permissions Declaration Form for your app.
check this and this for more info
There are two answers to this question
Answer 1.
If you roll out a release using the Google Play Developer Publishing API and Google Play has not previously approved your APK or App Bundle's use of high risk or sensitive permissions, you will receive an error.
To continue managing releases using the Publishing API, you must either remove any high risk or sensitive permission requests from your app and create a new release with the revised APK or App Bundle or prepare and roll out your release using the Play Console web UI, following these steps:
Upload your APK or App Bundle with high risk or sensitive permissions requested
Complete the Permissions Declaration Form as above
Complete the rollout of the release using the Play Console web UI
If you still need the sms permission as well as other sensitive permission declaration in you manifest,
You can also Fill and submit a Permissions Declaration Form for your app and create a new case during the process. Google will review your reasons for requesting those permissions and get back to you. Do not rollout a new update until you've received a reply from Google else, your app will be rejected again.
If you still need the sms permission to be declared in your manifest, you can fill the Permissions Appeal Form by clicking on the link below:
https://support.google.com/googleplay/android-developer/contact/permissions
There is an app called bodyweight fitness on the play store without any permissions. It is available on git hub as well:
https://github.com/mazurio/bodyweight-fitness-android
I used the files from git hub and compiled the apk myself with Android Studio (without changing the files). When I try to install the self compiled app apk, it tells me that it will use the INTERNET though the play store app did not. There is no reason why this app should need any internet connection. Thus I removed this line from the AndroidManifest.xml
<uses-permission android:name="android.permission.INTERNET" />
After compiling and installing the app, it still tells me that it will use INTERNET. Does someone know why and how I can remove this permission?
PS: I asked the developer as well, but I got no response yet.
update:
You are right, it is added from another part aswell: crashlytics.
And you are right aswell about the hidden permission. It is shown in
the app details when the app is installed and it is shown in the play
store when you click on the "permissions" button.
Each android lib contains manifest file with package, permissions, acitivities etc so your app will show all permissions from dependencies. You may check final manifest creation log at {projectDir}/{moduleDir}/build/outputs/logs/manifest-merger-*-report.txt
This log will contain something like that
uses-permission#android.permission.INTERNET
ADDED from {myModulePath}/app/src/main/AndroidManifest.xml:6:5-67
MERGED from [net.hockeyapp.android:HockeySDK:4.1.1] /Users/devindi/.android/build-cache/ce70c6f87efc05633a59a88fccdb712db509e22d/output/AndroidManifest.xml:12:5-67
MERGED from [com.crashlytics.sdk.android:crashlytics:2.6.8] /Users/devindi/.android/build-cache/424d420499b90aec0a26ab1b5f575e318d0342b9/output/AndroidManifest.xml:9:5-67
MERGED from [com.crashlytics.sdk.android:beta:1.2.5] /Users/devindi/.android/build-cache/be2498e53f6aa976b3927954da943b23f0a800f6/output/AndroidManifest.xml:9:5-67
MERGED from [com.crashlytics.sdk.android:crashlytics-core:2.3.17] /Users/devindi/.android/build-cache/e5b1b150113ac2f0789b76a886f379cdafa8af2b/output/AndroidManifest.xml:52:5-67
MERGED from [com.crashlytics.sdk.android:answers:1.3.13] /Users/devindi/.android/build-cache/c86f3a3daec296cb6a32deb0b3d0c3f1370a024f/output/AndroidManifest.xml:9:5-67
MERGED from [io.fabric.sdk.android:fabric:1.3.17] /Users/devindi/.android/build-cache/0a51b13dbc46dc870c598edab9d128bf8f26a8d4/output/AndroidManifest.xml:29:5-67
As you see I requested network permission at my manifest and hockeyapp, crashlytics, fabric libs requested same permission also. https://developer.android.com/studio/build/manifest-merge.html
To force permission remove just add tools:node=”remove” to your permission declaration like that:
<uses-permission android:name=”android.permission.INTERNET” tools:node=”remove” />
This is because the INTERNET permission is a "harmless" permission. This means that you don't have to ask the user for permission, and that it will not show in the Google Play Store
Since Android 5.0, permissions have a "protection level". Some are dangerous, and some are normal. Normal means that you as an app developer do not have to ask the user for permission, and that it will not show in Google Play. Dangerous means that Google Play displays it and that you have to ask the User for permission.
Source and further reading: Android Developers
There is a difference between apps installed during development via your Android Studio, apps installed from an APK and apps installed from Google Play Store. Some permissions are granted automatically in the latter case, like for example the Internet or drawing on top of other apps. You need to take this into account while planning your deployment strategy.