Google Play Console (App Content section) declares that my published app makes use of
android.permission.QUERY_ALL_PACKAGES
and I want to remove this permission.
I checked my AndroidManifest.xml and the Merged Manifest but I cannot find it.
Where should I look at to find all permissions included by dependencies, libraries, ecc.?
Thank you.
I didn't find exactly where this permission was requested, but there is a simple way to remove it definitely: add this to AndroidManifest.xml
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" tools:node="remove" />
Also remember to check if in the alpha, beta, etc. tests. upload update that no longer has sensitive permissions.
https://bapspatil.medium.com/dear-googles-permissions-declaration-form-can-we-break-up-85bc6b62f690
You can find it in manifest with all other permissions and from there you can remove the line.
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" />
Related
I am using the reactiveBLE library (which is by the way excellent, thank you for that).
However, with the newer version, it brings its own manifest file, so I don´t have to add any permissions to mine. The manifest file of reactiveBLE and one of my app are supposed to be merged together when building the app.
Because different rules are needed for different APIs, reactiveBLE adjusts its permissions accordingly. It seems that for Bluetooth, android.permission.ACCESS_FINE_LOCATION and android.permission.ACCESS_COARSE_LOCATION are only needed for APIs 23 - 30.
The code is then (for example):
uses-permission-sdk-23
android:name="android.permission.ACCESS_FINE_LOCATION"
android:maxSdkVersion="30"
However, as I also include other location services (which do need these permissions for other APIs as well), I would have to remove the "android:maxSdkVersion="30" part. This is also recommended in the official documentation:
official documentation on how to remove maxSdkVersion
However, this is not possible, because the manifest file of reactiveBle is generated automatically each time I build something (and my changes are overwritten again).
The app is working fine, but I am getting errors in the Play Console when uploading the app to the Playstore.
Please advise how I can merge the manifest files properly, so I do not get an error when uploading to the Play Console.
Kind regards
René
This solution from reactiveBLE issues worked for me.
To prevent conflicts with you own permissions, in your AndroidManifest.xml file include:
<uses-permission-sdk-23 android:name="android.permission.ACCESS_FINE_LOCATION" tools:node="remove"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
<uses-permission-sdk-23 android:name="android.permission.ACCESS_COARSE_LOCATION" tools:node="remove"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
You will also need to add xmlns:tools="http://schemas.android.com/tools" in the manifest tag at the top of the file.
Good day.
In my cordova app I don't use ACCESS_BACKGROUND_LOCATION, and there is no any uses-permission strings about ACCESS_BACKGROUND_LOCATION in config.xml neither in AndroidManifest.xml, but when I try to upload APK into Google Play, it's failed and Google says that I use at least one feature that uses access to the location in background. I want to delete ACCESS_BACKGROUND_LOCATION clearly.
What I need to do?
I added
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" tools:node="remove" />
to AndroidManifest.xml. Is that enough?
I created and published an Android (incl. Android Wear support) app and set these permissions in the AndroidManifest.xml:
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
However, displaying the permissions in Google Play, these show up:
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.GET_ACCOUNTS
android.permission.INTERNET
android.permission.READ_EXTERNAL_STORAGE maxSdkVersion=18
android.permission.USE_CREDENTIALS
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
Where are they coming from? Can I get rid of them anyhow?
Where are they coming from?
They are coming from libraries that you are using in your project, most likely.
Can I get rid of them anyhow?
Principally, by stopping using those libraries. You can use the manifest merger report to help identify where the specific permissions are coming from.
That roster seems like it might be tied to the Play Services SDK, in which case you might also try using a more focused portion of that SDK.
Just wanted to do a small update in my app and got this message. Didn't really change much in my gradle/manifest file from the last time i updated.
Could it be a library conflict?
In order to deal with dublicates as the above you can use the manifest merger. In my case i had to use tools="replace" along with my permission which keeps the permission as is and it doesn't rty to merge it with permissions from other libraries.
e.g
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="replace" />
This link helped me understand the merger better
After updating my play-services-fitness api from 7.0.0 to 7.5.0 I noticed that when I go to upload a new build to the PlayStore it tells me that I am adding a new permission and 2 new features. I did not do this! What the heck.
After doing some research to pin down the culprit it was in fact play-services-fitness:7.5.0 that was to blame. By including that in your project (compile 'com.google.android.gms:play-services-fitness:7.5.0') and compiling it will inject the <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/> into your AndroidManifest.xml. So the PlayStore is correct, you are asking to use new permissions and features. You can confirm this by checking your build/intermediaries/manifests/full/[debug|release]/AndroidManifest.xml file. There you will see the new permission added. To remove this you simply add <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" tools:node="remove" /> to your own manifest and it will be stripped out during the manifest merge process.
You will crash if/when you do use a Fitness API that requires that permission but if you can guarantee that you won't use it then there you have it.