Google Recently Deleted my app because of new rules for location privacy.
I am using Mapbox library for maps and I have ACCESS_FINE_LOCATION permission, When I Upload new generated app to google play it says my app use background location and force me to the privacy tab for more information,
i dont have any BACKGROUND_LOCATION permission and doesn't use this feature , and all of my usages is for selecting user current location via map.
Still, google says I use background location.
BTW :
use this code to remove permission even it does not exists :
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" tools:node="remove" />
and still having problems.
what should I do?
I don't need background location permission and don't use it.
You can go to Merge Manifest tab in Android Studio to know the origin of permission.
refer to: Manage manifest
Most probably that Mapbox asking for this permission and you should exclude a feature to disable it.
I had the same issue.
My flutter app has 2 AndroidManifest.xml files:
profile/AndroidManifest.xml
main/AndroidManifest.xml
When I added permission removal to the profile/AndroidManifest.xml, nothing has changed. But after extending the main/AndroidManifest.xml file, Google Play Console stooped showing the ERROR and I was able to publish my app with Mapbox component again.
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="...">
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" tools:node="remove"/>
Related
I'm new to developing android apps, and this is my first one that I'm about to publish. The last step for me is adding permissions. I have to add permissions manually as I'm building the app through Phonegap. Anyway, I can't find what the specific permissions are required to ask of the user if you are going to use Firebase with Google Analytics and Google Admob. My app doesn't need any other permissions than for these services. (By the way, I am not adding these services via SDK, I am adding my app to these services online. However, I believe I still need to add app permissions.)
Only internet, you can add it in your Manifest:
<uses-permission android:name="android.permission.INTERNET" />
No need for runtime permissions for internet.
Recently I tried to publish an app in Google Play Store, but I am receiving the following error and my app is getting rejected every time.
I have removed all the SMS related permissions only basic permissions required are included in the app, and I have used some 3rd party libraries like PayPal, Payumoney.
Please find the reference link below for more information regarding the updated Google Policy:
Privacy, Security, and Deception
If you cannot disable adding this permission by a dependency you can explicitly remove it from merged manifest like this:
<uses-permission
android:name="android.permission.READ_PHONE_STATE"
tools:node="remove" />
There is an app called bodyweight fitness on the play store without any permissions. It is available on git hub as well:
https://github.com/mazurio/bodyweight-fitness-android
I used the files from git hub and compiled the apk myself with Android Studio (without changing the files). When I try to install the self compiled app apk, it tells me that it will use the INTERNET though the play store app did not. There is no reason why this app should need any internet connection. Thus I removed this line from the AndroidManifest.xml
<uses-permission android:name="android.permission.INTERNET" />
After compiling and installing the app, it still tells me that it will use INTERNET. Does someone know why and how I can remove this permission?
PS: I asked the developer as well, but I got no response yet.
update:
You are right, it is added from another part aswell: crashlytics.
And you are right aswell about the hidden permission. It is shown in
the app details when the app is installed and it is shown in the play
store when you click on the "permissions" button.
Each android lib contains manifest file with package, permissions, acitivities etc so your app will show all permissions from dependencies. You may check final manifest creation log at {projectDir}/{moduleDir}/build/outputs/logs/manifest-merger-*-report.txt
This log will contain something like that
uses-permission#android.permission.INTERNET
ADDED from {myModulePath}/app/src/main/AndroidManifest.xml:6:5-67
MERGED from [net.hockeyapp.android:HockeySDK:4.1.1] /Users/devindi/.android/build-cache/ce70c6f87efc05633a59a88fccdb712db509e22d/output/AndroidManifest.xml:12:5-67
MERGED from [com.crashlytics.sdk.android:crashlytics:2.6.8] /Users/devindi/.android/build-cache/424d420499b90aec0a26ab1b5f575e318d0342b9/output/AndroidManifest.xml:9:5-67
MERGED from [com.crashlytics.sdk.android:beta:1.2.5] /Users/devindi/.android/build-cache/be2498e53f6aa976b3927954da943b23f0a800f6/output/AndroidManifest.xml:9:5-67
MERGED from [com.crashlytics.sdk.android:crashlytics-core:2.3.17] /Users/devindi/.android/build-cache/e5b1b150113ac2f0789b76a886f379cdafa8af2b/output/AndroidManifest.xml:52:5-67
MERGED from [com.crashlytics.sdk.android:answers:1.3.13] /Users/devindi/.android/build-cache/c86f3a3daec296cb6a32deb0b3d0c3f1370a024f/output/AndroidManifest.xml:9:5-67
MERGED from [io.fabric.sdk.android:fabric:1.3.17] /Users/devindi/.android/build-cache/0a51b13dbc46dc870c598edab9d128bf8f26a8d4/output/AndroidManifest.xml:29:5-67
As you see I requested network permission at my manifest and hockeyapp, crashlytics, fabric libs requested same permission also. https://developer.android.com/studio/build/manifest-merge.html
To force permission remove just add tools:node=”remove” to your permission declaration like that:
<uses-permission android:name=”android.permission.INTERNET” tools:node=”remove” />
This is because the INTERNET permission is a "harmless" permission. This means that you don't have to ask the user for permission, and that it will not show in the Google Play Store
Since Android 5.0, permissions have a "protection level". Some are dangerous, and some are normal. Normal means that you as an app developer do not have to ask the user for permission, and that it will not show in Google Play. Dangerous means that Google Play displays it and that you have to ask the User for permission.
Source and further reading: Android Developers
There is a difference between apps installed during development via your Android Studio, apps installed from an APK and apps installed from Google Play Store. Some permissions are granted automatically in the latter case, like for example the Internet or drawing on top of other apps. You need to take this into account while planning your deployment strategy.
I've created a mobile game for iOS and Android that uses chartboost plugin to show advertisement and AdMob as well.
The thing is that I've created some permissions in the AndroidManifest in order to make this plugins work and one of this permissions is READ_PHONE_STATE which is asking for permission to read the call information to those who install the game. I don't like this because could generate distrust among users.
I've tried to delete the line that asks for this permission but when I do it the game crashes at the beginning, so, is there any way to remove this permission? Or do I have to keep it if I want to show advertisement?
I'm not sure about the chartboost plugin but I have created my own AdMob plugin and the only permissions that are required in the AndroidManifest file are:
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
This is when using Google Play services rather than the AdMob SDK.
Consider this as a wiki question.
While I setup my project to support Map V2, There has been a step to add MAPS_RECEIVE permission.
<permission
android:name="com.example.mapdemo.permission.MAPS_RECEIVE"
android:protectionLevel="signature"/>
<uses-permission android:name="com.example.mapdemo.permission.MAPS_RECEIVE"/>
Why we creating and consuming the permission from the app itself?
Is that google play services app interact using this permission ?
This permission can't takes care of these things?
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES"/>
I thought the use of custom permission is to allow other apps to launch/use our app's services/resources.
For future visitors:
This permission is now completely unnecessary. The latest update of
Google Play Services 3.1.59 made it useless. As a result, it can be
removed.
source
This is the same pattern you see when using Google Cloud Messaging (GCM) with its C2D_MESSAGE permission. The idea is to protect an endpoint in your application (e.g. a broadcast receiver) so that some other component (presumably part of the Maps API) can contact it securely (otherwise, another application could impersonate your application by using the same intent filter).
In this case, then, Maps API internally sets up such an endpoint (transparently to you) and can, with the use of this permission, that this endpoint cannot be impersonated (because to do so would require the permission, which is protected by your application signature).
This permission specifies your package name.
i.e.
<permission
android:name="package_name.permission.MAPS_RECEIVE"
android:protectionLevel="signature"/>
<uses-permission android:name="package_name.permission.MAPS_RECEIVE"/>
thus, the google API simply allows your project to recieve the map.
The permission tells where to use the API.
I found that this permission is still needed when using the debug certificate. When I exported and signed my application it worked fine, but it wouldn't work when I used the debug cert. I have the MD5 for both my debug cert and application cert associated with the same key. When I finally added these extra permissions, it worked. I am using a Moto X running 4.4 with everything up to date.