One of my projects has multiple third party libraries and one of those libraries is requesting a permission that I don't have defined in my Manifest. How can I find out which of the libraries is requesting the permission?
If I perform the command:
adb shell dumpsys package [mypackagename]
then I see the permission as "requested", but as I mentioned it doesn't exist in my project. There are a lot of third party libraries.
you can find your final permission in merged manifest file at
app/build/intermediates/manifests/full/debug/AndroidManifest.xml
You can get rid of this with
Just declare the incriminated permission in your main Manifest with the
tools:node="remove"
like:
<uses-permission android:name=”android.permission.RECORD_AUDIO” tools:node=”remove” />
Even if another third party library is asking for this specific permission, the build will be forced to not merge it in your final Manifest file.
Related
I have an Android Library, in its manifest there are a set of permissions declared and used. This library needs to be bundled with different apps. When installing, it says duplicate permission declared across apps. The apps would be of different signature.
In order to use the same permission across apps, can we prefix the permission name in the library with packageName (like ${applicationId})?
When I try to prefix permissions with ${applicationId}, it gets substituted with the library's packageName. Is there a way to replace it in the top level apk or any other way out?
With Android 6's dynamic permissions, is it possible to get all the permissions an APK requires from a compiled apk?
The problem is that in our project, we sometimes add third party libraries to our project, and sometimes they require more permissions than our app initially required. I would like to be able to detect such situations at the CI build stage.
"Dynamic permissions" (a.k.a., runtime permissions) do not change anything. They all still have <uses-permission> elements in the manifest. aapt dump permissions, or reading in the merged manifest, will tell you what is requested by your current manifest.
This does not help with libraries that do not publish a manifest in their AARs that contain the <uses-permission> elements required by the library. Hopefully, the authors of such a library document what they are expecting and you are adding the <uses-permission> elements to your own manifest.
I am making an AAR for licensing functionality. I plan to use it in multiple applications.
As per documentation, licensing implementation needs a permission in manifest file: "com.android.vending.CHECK_LICENSE"
I am not sure where should this permission be kept,in application's manifest file or library project's manifest file.
All your library related permissions/metadata/activities relevant info should be declared in your library manifest file
As I found out in Why are permissions being automatically added to my AndroidManifest when including Google Play Services library, various Google Play Services components implicitly add permissions to your app starting in Google Play Services 7.5. But obviously not all components require the same permissions - for instance, play-services-games:7.8.0 doesn't require any.
Is there an easy way to tell what permissions will be added by a particular Google Play Services component?
Visit $ANDROID_SDK/extras/google/m2repository/com/google/gms. In there, choose your desired artifact (e.g., play-services-maps) and version (e.g., 8.1.0). Open up the AAR in your favorite ZIP utility, and look at the AndroidManifest.xml file published in there, to see if there are <uses-permission> elements. Then, open up the POM file, see what dependencies there are, and repeat the process for the AARs for those dependencies.
As described in this excellent article, you can see the final manifest file created during the build process here;
app/build/intermediates/manifests/full/debug/AndroidManifest.xml
You can also see a report that shows where every permission comes from;
app/build/outputs/logs/manifest-merger-debug-report.txt
You can use a line like this in your manifest to remove any extra permissions you want (but be careful! you might break functionality);
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="remove"/>
I have a project in Android Studio with two modules, say it Module1 and Module2 with dinamic generation a lot of product flavors using configuration files. Module2 is library linked to Module1. Also I have compiled third-party library (AltBeacons). 3rd-party lib declares permissions for BLUETOOTH and BLUETOOTH_ADMIN, but I d't want to use features that need these permissions in every flavor (only for one exactly) and can't move out lib from depenencies because of my Application inheritor uses it and appear as parent for another class that used in all flavors. So, I can fetch permissions from configuration files and declare them in Module2 manifest to merge later, but 3rd party library provides its permissions in all cases. I tried merge attributes but no luck. Here's my main manifest part where I tried to resolve the problem:
<uses-permission
android:name="android.permission.BLUETOOTH"
tools:node="remove"
tools:selector="org.altbeacon.beacon" />
<uses-permission
android:name="android.permission.BLUETOOTH_ADMIN"
tools:node="remove"
tools:selector="org.altbeacon.beacon" />
, where 'org.altbeacon.beacon' is 3-rd party package.
Resulting manifest includes permissions in all cases. If remove 'tools:selector' declaration, then specified permissions not came from all libs, but I need they if fetched from my Module2. Please, help me!