I have built 5 app with different sign key and they are not on googleplay market.
And user downloads and installs my apps from little banner ad click ,which I put in my apps(Internal downloader and then install app AND NOT market link!).
I use "REQUEST_INSTALL_PACKAGES" to get install permission and android targetsdk is 28 .Is this permission dangerous to use? And would "googleplay protect" detects it as a dangerous app and show warning protection dialog when user installs it?
Any help will be appreciated.
Please take a look at my answer I posted below:
Why HMS PushKit needs android.permission.REQUEST_INSTALL_PACKAGES
I've given allot of detail into why not to use this permission, and how it poses a security risk for google, (so much to the point that they will reject the app, if any dependency has this permission on its manifest).
Related
Here is the email I received from Google Play. I added QUERY ALL PACKAGES permission to the manifest file so that all the features would function properly in Android 11 or later. But in reality, I simply require a portion of the permission to implement those functionalities. So, if the "QUERY ALL PACKAGES" permission is withdrawn and another core permission is added in manifest file, do we still need to submit a permission declaration?
DEVELOPER UPDATE
Hello Google Play Developer,
If your app requires the QUERY_ALL_PACKAGES permission, you need to
submit the declaration form in Play Console by July 20. Otherwise, you
will not be able to submit new apps or app updates.
Action required:
If your app does not require use of the QUERY_ALL_PACKAGES permission, you must remove the permission from your app manifest.
If your app requires use of the QUERY_ALL_PACKAGES permission, you’ll need to provide a description and short video of the core
feature in your app that requires this permission. To prepare for the
questions you’ll need to answer, review this Help Center article.
You have until July 20 to submit the declaration or remove the
permission from your app manifest. Apps that fail to meet the policy
requirements or do not submit the declaration form may be removed from
Google Play starting July 20.
Thank you for continuing to partner with us to make Google Play a safe
platform for you and your users.
Thank you,
The Google Play team
Try these solutions if you don't need QUERY_ALL_PACKAGES permission
https://stackoverflow.com/a/73104066/10657559
https://stackoverflow.com/a/72774358/10657559
Updating an app that has sensitive permissions on the Google Play Console
In my case I have submitted declaration form in play console like below
Go to Google Play Console , under Policy area -> App Content -> click Manage button under Sensitive permissions and API
Here lists all sensitive permission used in our app -> click Manage button under corresponding permission
Fill the declaration form
I have submitted this 3 weeks ago and I haven't met with any issues from Google Play Console so far.
I'm trying to release an app on google play console. There one declaration form which is required 19 option core functionality. But the problem is that I have to remove previous all permission.
When app review rejects my app send me auto-generated mail.
After reviewing your app, we found that it doesn’t qualify to use the requested permissions for the following reason(s):
Based on our review, we found your app’s expressed user experience did not match your declared core functionality Default SMS handler (and any other core functionality usage while default handler). Please remove these permissions from your app.
Default handler capability was listed on your declaration form, but your app does not appear to have default handler capability. Please submit a revised declaration form.
What I'm missing?
Please help me out.
Fill-up google docs for permission.
Make sure your permission is given in manifest and give the pop up in user level.
Contact google developers for Details.
See this
Google has blocked some permissions like READ_CALL_LOG, WRITE_CALL_LOG and SMS related permissions. Basically they are saying that if you are trying to send SMS or handle Calls like TrueCaller, submit your application we will take a look at it.
I think they are aiming for quality application that are developed by viable developer companies or individuals. Also, SMS phishing and similar harmful applications are automatically ereased from Play Store.
Also if you have a beta or alpha with permissions you need to remove them too. To be sure remove the apks with harmful permissions from artifact library to be sure.
While I am updating an app on Play store. I am getting following error according to the new policy of Google:
I have also checked all the options that are available, but again and again, Google rejects my application.
I am new to Android.
Issue: Violation of Permissions policy
After reviewing your app, we found that it doesn’t qualify to use the requested permissions for the following reason(s):
Based on our review, we found your app’s expressed user experience did not match your declared core functionality {SMS-based financial transactions (e.g., 5 digit messages), and related activity including OTP account verification for financial transactions and fraud detection}. Please remove these permissions from your app.
This is my manifest containing permissions I have declared
SMS permission is no more allowed to read OTP as android is going to give this feature to users out of the box.
You have to register as a messaging app to get SMS and CALL_LOG permissions.
So recently, Google changed its policies, read it at XDA
Same thing happened with my app, It got removed from play store, for using SMS features.
You need to remove those permissions from Android Manifest and if you need to send a message to someone, you need to use Intents to form a message and fill out the messaging app and user has to manually send the message.
Or if you are trying to access SMS permission for automatic OTP, there are other ways to do it.
As it turns out, you need to fill a form. Read this article from Google and refer to this answer on StackOverFlow
Do not update your minSdkVersion in this release. You need to rollout removal of permissions for all of your users.
Try deactivating previous versions of your apk on play console. If you updated minSdkVersion of your app and did not deactivate older apks, older devices are still served the apk with permissions.
This worked for me!
I am trying to build an android application which when installed through Google Playstore should have access to the runtime permissions like SMS Access, Contacts, Location Service without asking the user for it.
I know it is possible since I have seen it happen in a couple of Android Applications on Playstore like
Kotak 811 App
Standard Chartered Banking App
Does anyone know how this can be achieved even when the phone is running Android Nougat.
How to grant runtime permissions to an android application without prompting the user
AFAIK it is not possible
Please read Run Time Permissions
I am trying to build an android application which when installed through Google Playstore should have access to the runtime permissions like SMS Access, Contacts, Location Service without asking the user for it.
than you have to make targetSdkVersion lower than 23
Does anyone know how this can be achieved even when the phone is running Android Nougat.
That is not possible and if user manually revoke the dangerous permission you app will crash
What are the disadvantages of doing targetSdkVersion lower than 23
if user manually remove permission from your app than you app get crash in android api 23 and above
EDIT
you will not be able to ship updates to your app on the Play Store starting later in 2018
Meet Google Play's target API level requirement
I just received the result of the review of my android app that should use the user_groups permission. They said that my submission is not approved because
The user_groups permission is only approved for apps that let people use Facebook on platforms where Facebook is not already available.
If you're building an app on Android and iOS, for example, you won't be approved for this permission. Web, Desktop and TV apps will also not be granted this permission.
I understand the reason why my submission has been unapproved but searching on the Play Store, I can find a lot of reent app that actually have this permission granted (they show a list of user's group). So, there is a way to obtain this? Is there any other way to read user group's list?
Thank you in advance.
Those Apps are using an older Facebook App created before end of April 2014. They can still use v1.0 of the Graph API, and they don´t need to go through the review process until end of April 2015. They will stop working after that date, because they will not get approved with user_groups.
So there is no way to obtain this permission, unfortunately. Unless you still got a Facebook App created before end of April 2014, but it will definitely stop working after April 2015 so there is no point in using user_groups.