I am trying to upload a apk to the google play store but its saying to my surprise that i am using the following permission:
Your APK is using permissions that require a privacy policy: (android.permission.RECORD_AUDIO).
so i searched the entire IDE for "android.permission.RECORD_AUDIO" but i cant find it. How can i find out which 3rd party is requesting this ? There should be a way to view in the manifest merger process all the manifest but when i hit shift twice and search manifest only the local manifest are showing up. The other is bit code and i cant view it.
In project build directory, there is a manifest merger report.
In my case, it is located under [ProjectRoot]/app/build/outputs/logs/manifest-merger-debug-report.txt
From this file, your can find where the permission is added. For example:
uses-permission#android.permission.RECORD_AUDIO
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:45:5-71
android:name
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:45:22-68
uses-permission#android.permission.CAMERA
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:49:5-65
android:name
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:49:22-62
You can use Merged Manifest[About] feature
Open AndroidManifest.xml -> Merged Manifest
If the library is open source you can check their source code for the permissions they have used.
They usually list the permission on their Read.me files.
Even if they are proprietary libs they will list the permissions they will be using otherwise their security is questionable.
Related
I added some libraries to an Android app and after upload to the Google Play Store I got this warning:
The main manifest file does not declare this permission, so I assume it comes from a library.
I then check out the source code of the previous version, which did not use this permission.
Looking at the merged manifest file in Android Studio, I still see the permission:
When I click on "Go to declaration" for this permission, it takes me to the main manifest file, which does not declare this permission.
I tried to clean and rebuild the project and restart Android Studio but the permission still shows in the merged manifest tab in Android Studio. It shows in the debug and release build variant.
Why is that?
After building your app you should be able to find a manifest merger report under app/build/outputs/logs. Among other things, this file lists the origin of every permission that has been added to the merged manifest.
While updating the apk file to google play store started getting this error Duplicate declarations of permission android.permission.INTERNET with different maxSdkVersions. Internet permission is only there in app manifest file and corresponding modules.
Also recently there is no SDK update as well, like play services or any third party.
The app does not define maxSdkVersions as well.
If any of you might have faced the similar issue please update.
This kind of problem occurs when you have declared a permission in your manifest that is also declared in one of the library that you are using. To rectify this issue you have to find that permission in all your libraries's manifests files. When you find it then remove one of them in your main Manifest like this:
can't upload apk: READ_EXTERNAL_STORAGE with different maxSdkVersions
Ok, so here that is worked for us:
<uses-permission-sdk-23 tools:node="removeAll"/>
Note you have to check that your app is not using sdk-23 specifically in your libraries.
I know(am I wrong?) that an Android app may request more permissions than specified in manifest file.
E.g. compiling with google play services, or some other third party libraries include permissions I am not aware of.
Is there a way to list all required permissions after building APK file?
I want to know of all requested permissions before publishing the app.
an Android app may request more permissions than specified in manifest file
on the manifest that the developer wrote him/herself yes, but on the manifest actually inside the .apk all the permissions are there
on android studio you can go to the manifest file and on the bottom left there's a little tab that says "merged manifest" that shows what your manifest will be on the final .apk.
My firebase application is running perfectly on my android device without having added the permission.INTERNET flag. I installed Firebase directly from gradle. I am aware that adding Firebase through the project structure window in android studio will add the permissions.INTERNET for you. But this is not the case, my Android manifest has nothing in regards to permission.INTERNET yet is still fully functional...
I havent been able to find any info on this... Is this because its now run by Google?
The documentation for manifest merging states:
During the build process, the manifest merge process stores a record
of each merge transaction in the
manifest-merger-{productFlavor}-report.txt file in the module
build/outputs/logs folder. A different log file is generated for each
of the module's build variants.
You can look there for a detailed explanation of which library is providing the permission.
Or since you are using Android Studio, you can use Ctrl-Shift-N and type "AndroidManifest.xml" to see a dropdown menu of all the manifests in your build and open them to see what they contain.
A feature was added to Android Studio 2.2 to show the results of manifest merging. When viewing the manifest in an Editor window, select the Merged Manifest tab at the bottom of the window to see the contributors to the manifest.
In my build, which includes a number of Firebase libraries, the manifest that adds the INTERNET permission appears to be:
com.google.firebase\firebase-analytics\9.4.0\AndroidManifest.xml
I was manually managing my Mobile Data's permissions and I discover that, if I block mobile data on "Google Backup Transport", I cannot connect to Firebase.
I really think this is the reason You can use Your app even without INTERNET permissions.
i am using <uses-sdk > in manifest file.
After exporting apk , when I decompile my apk and check manifest file. and i wonder to see there is no any <uses-sdk> tag in manifest,So during exporting apk Is this tag removed automatically, Why this is happen , i have been checked with several apk and getting same result
I got two links which show that it has been removed in the new version of apktool
https://code.google.com/p/android-apktool/issues/detail?id=390
https://code.google.com/p/android-apktool/issues/detail?id=366
pls check
most decompilers don't give all the information of the app. Some would require payment to get access to those / get the complete etc.