Here's the two different Permissions on web vs play store.
Web
App Store
Ive looked at the build/intermediate.manifests folder. There's no EXTERNAL_STORAGE in the Manifest
Same for the outputs/logs/manifest-merger files.
BNelow is the merged manifest
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE"
/>
<permission
android:name="com.formulaone.production.permission.C2D_MESSAGE"
android:protectionLevel="signature" />
<uses-permission android:name="com.formulaone.production.permission.C2D_MESSAGE" />
<uses-permission android:name="com.android.vending.BILLING" />
Is there any reason why this is different on web s app?
edit : Wrong permissions at Google Play
The app does use shared prefs, does that add the external_storage permission?
The Permission Request depends on many factors. Like if you're sending some data which requires storage permission, then you need to add READ_EXTERNAL_STORAGE permission
Also, the permissions on Web and Android varies
I think you are using wrong Android permissions
Here's a quick guide for Android Permissions
Related
i have made an update to my app present in playstore. my problem is that after publishing the update, on some phones(like mine "xiaomi Poco F1") when i installed the app, data usage restriction was turned on to wifi only.
So how to add permission to use mobile data.
Those are permissions on my app
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
I want to publish an app for sms and mms backup but google reject it all of the time.
This is the permissions on my manifest file.
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.READ_SMS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-feature android:name="android.hardware.telephony" android:required="true" />
When I send my app on the google play console, I have a warning
I don't want to set my app as the default sms and dialer app.
But I found this on the documentation :
So I register my app with the label : "Backup and restore transactions for users and archiving for the enterprise (time-limited / discontinuous)"
But my app continues to be rejected and I dont understand why
Follow these instructions to use high risk or sensitive permissions like READ_SMS -
https://support.google.com/googleplay/android-developer/answer/9214102?hl=en
I need to upgrade old android aplication from minSdkVersion="19" , so I need to handle all the permissions.
In the manifest, it requires some dangerous permissions.
e.g.:
<uses-permission android:name="android.permission.BLUETOOTH" /> <!-- normal -->
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" /> <!-- normal -->
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" /> <!-- normal -->
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> <!-- dangerous -->
<uses-permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" /> <!-- ??? -->
<uses-permission android:name="android.permission.WAKE_LOCK" /> <!-- normal -->
<uses-permission android:name="android.permission.INTERNET" /> <!-- normal -->
<uses-permission android:name="android.permission.VIBRATE" /> <!-- normal -->
<uses-permission android:name="android.permission.CAMERA" /> <!-- dangerous -->
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> <!-- dangerous -->
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" /> <!-- dangerous -->
<android:uses-permission android:name="android.permission.READ_PHONE_STATE" /> <!-- dangerous -->
<android:uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" android:maxSdkVersion="18" /> <!-- dangerous -->
How can I find in code where these dangerous permissions are needed? Is there a list of functions that depends on each permission?
Regarding MOUNT_UNMOUNT_FILESYSTEMS - where can I find if it is dangerous or normal?
Before answering the specific questions, let me say that if your app is to be used by normal users (i.e. download it from Google play or other stores) listing so many permissions will probably scare users away.
From the question it sounds like you inherit someone else's code, and some of those permissions are not even needed.
Another important thing to notice here is the difference between 3rd party apps (for example, apps you download from Google's play store) and phone-manufacturer apps (most of the apps installed on your phone when you buy it).
Manufacturer apps can use permissions that 3rd parties can't.
To your question:
I don't recall a complete list for functionalities with needed permission for each. Maybe someone else can enlighten both of us here :)
Code targeting Android M and above SHOULD wrap any "dangerous" behaviour with a check that permission is granted, using functions like ContextCompat.checkSelfPermission(Context, String) in order to avoid runtime SecurityExceptions.
But finding "dangerous" behaviors in old code is almost impossible, mainly because Android OS's agreement with the developers was "you just request those permissions in the manifest and I will make sure no runtime security exceptions will be thrown".
A manual search is in need here, I'm afraid.
Here is a complete list of all available permissions, from Android official documentation -
https://developer.android.com/reference/android/Manifest.permission
Notice that MOUNT_UNMOUNT_FILESYSTEM permission is ignored for 3rd party apps, so (unless you work for e.g. Samsung or Xiaomi) you can safely delete this permission from your manifest.
Also notice that it you request FINE_LOCATION permission there is no need to request also COARSE_LOCATION permission.
My problem is that I do not want to set a privacy policy for my app, I would rather remove all of the unnecessary permission requests.
I have removed the "READ_CONTACTS" permission from my AndroidManifest.xml, but when trying to upload to Play Store, it always says:
The apk has permissions that require a privacy policy set for the app, e.g: android.permission.READ_CONTACTS. [403]
It seems to me, that "READ_CONTACTS" permission is always added automatically.
Is there a way to remove this?
I only use the following permissions:
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
It was definitely a 3rd-party library issue.
I am using google-api-client to access Google calendar.
Following are the permissions in my manifest file.
<uses-permission
android:name="android.permission.INTERNET" />
<uses-permission
android:name="android.permission.GET_ACCOUNTS" />
<uses-permission
android:name="android.permission.USE_CREDENTIALS" />
<uses-permission
android:name="android.permission.MANAGE_ACCOUNTS" />
but I am getting such a warning message on the first run:
The following one or more applications request permission to access your account, now and in the future.
Google
.....#gmail.com
Google Calendar
Do you want to allow this request?
screenshot:
is there a way to avoid this message?
No you cannot avoid this message, this is to let the users know what applications are doing with their data.