I'd like to use a web service in my app which uses oAuth2. The official Android docs suggest I use AccountManager for this, but it also states that third party apps aren't able to use the ACCOUNT_MANAGER permission. When adding the permission to my manifest:
android.permission.ACCOUNT_MANAGER
I get the following error: Permission is only granted to system apps
So how do I actually work with oAuth if I can't use AccountManager?
These are the pre-Marshmallow permissions you would need to act as a client of AccountManager.
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
You can find out which calls need which permissions by looking at the AccountManager documentation.
ACCOUNT_MANAGER permission is for the service that responds to your app's requests. That gives it ability to access authenticators directly.
Related
I am trying to upload an bundle to play with the following permissions:
<uses-permission android:name="android.permission.CALL_PHONE" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.WRITE_CONTACTS" />
<uses-permission android:name="android.permission.READ_CALL_LOG" />
<uses-permission android:name="android.permission.WRITE_CALL_LOG" />
<uses-permission android:name="android.permission.READ_PROFILE" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.PROCESS_OUTGOING_CALLS" />
<uses-permission android:name="android.permission.NFC" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
My app's core functionality is to work as a complete dialer like other phone apps like google phone, it shows call history, contacts place calls, etc. I have filled the declaration form and also gave reasons why I need the following permissions but still, my app is getting rejected again and again, also filed an appeal for the same still waiting for a response, please can anyone guide me what I am doing wrong.
below is the message sent by Google:-
Issue: Violation of Permissions policy After reviewing your app, we
found that it doesn’t qualify to use the requested permissions for the
following reason(s): Requested permissions do not match the core
functionality of the app You declared the Default Phone handler (and
any other core functionality usage while the default handler) as the
core functionality of your app. However, after review, we found that
your app does not match the declared use case(s). Learn more about
permitted uses and exceptions. Please either:
• Make changes to your app so that it meets the requirements of the
declared core functionality or,
• Select a use case that matches your app’s functionality
Some of requirements may not be met:
Your app must be able to perform the functionality for which it's a default handler. For example, a default SMS handler should be able to send text messages.
Your app must provide a privacy policy.
Your app must make its core functionality clear in the Play Store description. For example, a default Phone handler should describe its phone-related capabilities in the description.
Your app must declare permissions that are appropriate for its use case. For more details about which permissions you can declare as a given handler, see the guidance on using SMS or call log permission groups in the Play Console Help Center.
Your app must ask to become a default handler before it requests the permissions associated with being that handler. For example, an app must request to become the default SMS handler before it requests the READ_SMS permission.
I recently sumbitted an app for the Play store. The app got rejected and I have no clue as to how to fix it. The error is clear enough, but not the solution.
Issue: Violation of Permissions policy After reviewing your app, we found that it doesn’t qualify to use the requested permissions for the following reason(s):
Based on our review, we found your app’s expressed user experience did not match your declared core functionality {Default Phone handler (and any other core functionality usage while default handler)}. Please remove these permissions from your app.
Default handler capability was listed on your declaration form, but your app does not appear to have default handler capability. Please submit a revised declaration form.
I find the UI of the Google Play Store to be very confusing for me. They aren't answering any emails and I'm at a loss of what to do.
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.READ_PROFILE" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.READ_CALL_LOG" />
<uses-permission android:name="android.permission.WRITE_CALL_LOG" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
If you're using any SMS or CALL_LOG related permission you need to submit a Permissions Declaration Form for your app.
This new policy is designed by Google to ensure that apps asking for these permissions have core functionality related to them and need full and ongoing access to the sensitive data in order to accomplish the app's primary use case.
Android Developers Blog SMS/Call Log Policy Changes
Please refer here to understand the details on policy
you face this error because of some critical permission in manifest file. e.g GET_ACCOUNTS,READ_PROFILE. So for this you have to mention privacy policy page url if you have website or create your own privacy policy using following link:
https://privacypolicygenerator.info/
Just to put it out there. I resolved this by removing the permissions and only rely on PHONE_STATE
for my purposes.
My problem is that I do not want to set a privacy policy for my app, I would rather remove all of the unnecessary permission requests.
I have removed the "READ_CONTACTS" permission from my AndroidManifest.xml, but when trying to upload to Play Store, it always says:
The apk has permissions that require a privacy policy set for the app, e.g: android.permission.READ_CONTACTS. [403]
It seems to me, that "READ_CONTACTS" permission is always added automatically.
Is there a way to remove this?
I only use the following permissions:
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
It was definitely a 3rd-party library issue.
I'm trying to decide which ad provider to go with and one of my irritations on the market are apps that require more permissions than needed. Most of the major providers require you to sign up before you get access to their documentation, so thought we could compile the information here.
What permissions are required to show ads in your Android app from each of the major ad vendors:
AdMob
TapJoy
Google Mobile Ads
Burstly
Mobclix
zestadz
InMobi
iVdopia
Feel free to add more. I just got the list from tutsplus.
(To be clear, I'm looking to see which vendors require more permissions than others.)
Actually, I don't think any of them other than Admob just require the INTERNET permission. Here's my experience (I access most of those other ones through MobClix, so don't know if their APIs have specific requirements):
AdMob, MobClix, and MobFox:
android.permission.INTERNET
MobClix:
android.permission.ACCESS_NETWORK_STATE
MobClix and MobFox:
android.permission.READ_PHONE_STATE
MobClix recently removed the permission to view tasks/running apps (SDK version 3.0, which is good (too many permissions and users won't download your app)).
Update: It looks like MobFox removed the need for the WiFi state and Network state permissions in their 3.0 api.
Also note that there are optional permissions, such as location, that might get better ads for you.
Admob requires <uses-permission android:name="android.permission.INTERNET" />
I don't see why any other provider would require more than this.
There are few more permissions as described below different providers may use or not use these
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
I am using google-api-client to access Google calendar.
Following are the permissions in my manifest file.
<uses-permission
android:name="android.permission.INTERNET" />
<uses-permission
android:name="android.permission.GET_ACCOUNTS" />
<uses-permission
android:name="android.permission.USE_CREDENTIALS" />
<uses-permission
android:name="android.permission.MANAGE_ACCOUNTS" />
but I am getting such a warning message on the first run:
The following one or more applications request permission to access your account, now and in the future.
Google
.....#gmail.com
Google Calendar
Do you want to allow this request?
screenshot:
is there a way to avoid this message?
No you cannot avoid this message, this is to let the users know what applications are doing with their data.