I'm encountering very strange problem. When I build apk or bundle dangerous permissions like write external storage is being added to manifest. I found out it when wanted to publish on play store, it gave me that warning. After extracting bundle I looked at manifest file and there were bunch of permissions which I don't use in my app.
Have anyone had this issue ever?
Thanks for everyone who directed me to the right place. So, the reason is because some of 3rd party libs used that permissions. There will be two options in this case:
Remove 3rd party lib which is using dangerous permission
In AndroidManifest.xml file add the following:
<uses-permission
android:name="android.permission.SomePermission"
tools:node="remove" />
During build process this will remove permission from final bundle or apk.
Related
I am using open_filex package especially to avoid this problem. I am confused because the permission is nowhere to be found in my particular Android manifests and manifest merge file.
I have tried to manually remove permission by tool:remove
tried open_file_safe library as well. Just stopped passing reviews for some reason, maybe something is connected to newer Android version (13).
Add the following line to your AndroidManifest in order to explicity remove the REQUEST_INSTALL_PACKAGES permission
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
and on your manifest tag add
xmlns:tools="http://schemas.android.com/tools"
so that it looks something like this:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="*" xmlns:tools="http://schemas.android.com/tools">
Then build your apk or aab and then upload it Google Play Store and then submit the build for release to ALL the tracks; Internal testing, Closed testing(Alpha & Track), Open testing and Production regardless of whether the track is active or not. This is a very important step. Your build will not be rejected.
When Uploaded App in Google play getting privacy issue in pre-launch report, how to get resolve this issue.
this is as a result of automatic comparison with similar apps, if you are sure that you are using IAP correctly do not worry about it and continue and way.
Clean and Rebuild your project and Add this line in your Manifest
file.
<uses-permission
android:name="com.android.vending.BILLING"
tools:node="remove" />
Furthermore,
Delete and Clear all the Caches from the Users Profile folders located in your system .android and .gradle Located: C:\Users\DELL\.android
Update and Download the latest SDK from the SDK Manager and delete the older, unused ones.
Update Gradle Wrapper.
distributionUrl=https\://services.gradle.org/distributions/gradle-7.3-all.zip
I've fixed this by researching merged manifest, text file which located in app\build\intermediates\manifest_merge_blame_file\{flavorBuildType}\manifest-merger-blame-{flavor}-{buildType}-report.txt
In this file we can see all permissions which are available in our compiled build + library which is bring this permission to merged permission list.
You can easily find which library brings permission which invoke the warning from play market:
In my case it was unused library, so as a result I've just removed unused library.
Also anouther solution - check newest version of the library and try to update (and check permissions with new library), for example in oldest version of dji sdk there is a lot of system permissions, but in new version the list was cleanuped.
Also you can remove the permission from thrird party libraries like:
<uses-permission
android:name="com.android.vending.BILLING"
tools:node="remove" />
But in this case ^ some part of functionality can be restricted.
I am trying to upload a apk to the google play store but its saying to my surprise that i am using the following permission:
Your APK is using permissions that require a privacy policy: (android.permission.RECORD_AUDIO).
so i searched the entire IDE for "android.permission.RECORD_AUDIO" but i cant find it. How can i find out which 3rd party is requesting this ? There should be a way to view in the manifest merger process all the manifest but when i hit shift twice and search manifest only the local manifest are showing up. The other is bit code and i cant view it.
In project build directory, there is a manifest merger report.
In my case, it is located under [ProjectRoot]/app/build/outputs/logs/manifest-merger-debug-report.txt
From this file, your can find where the permission is added. For example:
uses-permission#android.permission.RECORD_AUDIO
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:45:5-71
android:name
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:45:22-68
uses-permission#android.permission.CAMERA
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:49:5-65
android:name
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:49:22-62
You can use Merged Manifest[About] feature
Open AndroidManifest.xml -> Merged Manifest
If the library is open source you can check their source code for the permissions they have used.
They usually list the permission on their Read.me files.
Even if they are proprietary libs they will list the permissions they will be using otherwise their security is questionable.
While updating the apk file to google play store started getting this error Duplicate declarations of permission android.permission.INTERNET with different maxSdkVersions. Internet permission is only there in app manifest file and corresponding modules.
Also recently there is no SDK update as well, like play services or any third party.
The app does not define maxSdkVersions as well.
If any of you might have faced the similar issue please update.
This kind of problem occurs when you have declared a permission in your manifest that is also declared in one of the library that you are using. To rectify this issue you have to find that permission in all your libraries's manifests files. When you find it then remove one of them in your main Manifest like this:
can't upload apk: READ_EXTERNAL_STORAGE with different maxSdkVersions
Ok, so here that is worked for us:
<uses-permission-sdk-23 tools:node="removeAll"/>
Note you have to check that your app is not using sdk-23 specifically in your libraries.
I know(am I wrong?) that an Android app may request more permissions than specified in manifest file.
E.g. compiling with google play services, or some other third party libraries include permissions I am not aware of.
Is there a way to list all required permissions after building APK file?
I want to know of all requested permissions before publishing the app.
an Android app may request more permissions than specified in manifest file
on the manifest that the developer wrote him/herself yes, but on the manifest actually inside the .apk all the permissions are there
on android studio you can go to the manifest file and on the bottom left there's a little tab that says "merged manifest" that shows what your manifest will be on the final .apk.