In Appcelerator Titanium, I've build a simple one-page app that adds Roman Numerals. As best as I can tell, it has no need to ask for any permissions.
However, my friend testing the app told me it asks for access to the network and in the build/android/ directory the AndroidManifest.xml file includes these lines:
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
There's nothing in the tiapp.xml file requesting these permissions and I started with a stock, blank project and don't import any modules or widgets.
Where did these permission requests originate? How do I get rid of them?
All the info I can find discusses how to add or request a permission, but nothing explains how to ensure unnecessary permissions don't show up in the generated AndroidManifest.xml.
It is quite possible that those permissions are defined in one of the Android Libraries used by your app. Android build system provides tools to control how manifest merge is done. Try disabling manifest merge for <uses-permission/> elements of your app's manifest. See Merge Multiple Manifest Files docs.
Have a look at the builder.py (.titanium/mobilesdk/linux/5.3.0.GA/android/builder.py) somewhere around line 982. There you'll find the default permissions for Android. You can try to remove them and see if you have any errors. Make sure to disable the analytics first!
Related
I uploaded an android photo compress application in play store and I checked every thing is ok, but some users have issue that the application can not save compressed photos, I checked that and I found this error
[ERROR:flutter/runtime/dart_vm_initializer.cc(41)] Unhandled Exception: FileSystemException: Cannot create file, path = '/storage/emulated/0/My Folder/photo.jpg' (OS Error: Operation not permitted, errno = 1)
This is permissions AndroidManifest.xml
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.ACCESS_MEDIA_LOCATION"/>
<uses-permission android:name="android.permission.CAMERA"/>
This line inside application tag
android:requestLegacyExternalStorage="true"
I looked for some solutions and founded this permission line
<uses-permission android:name="android.permission.MANAGE_EXTERNAL_STORAGE"
tools:ignore="ScopedStorage" />
But when ask for this permission android shows to user warning the application will access to all files without asking permission, I feel this is worrying for users and some may be afraid of this permission, however I uploaded the application but it was rejected because using MANAGE_EXTERNAL_STORAGE permission.
you are right regarding MANAGE_EXTERNAL_STORAGE permission. Your app will be removed from play store if you don't have valid reasons. You may have to create a video and explain why you need these permission, and how scoped storage can't help you.
Now, you should know one thing that you are trying to create a folder directly inside internal storage. This will work in lower android versions but will fail in Android 10 or above even when you have WRITE_EXTERNAL_STORAGE granted.
Try creating your files inside public directories like Download or Documents. If the files downloaded doesn't need to be accessed by users then you can always save in your package folder context.getExternalFilesDir(null)
Hope this helped you! If you have any further doubts feel free to comment down below.
In my Application I'm using expo-image-picker to pick image to update the user's profile picture.
I had done the implementation. while implementing I used CAMERA_ROLL as type to check the permissions for Gallery.
By Default Expo is includes all permissions link. I don't need that. I need to use only CAMER_ROLL as permission. I went through the app.json configuration docs but there, I can't find CAMER_ROLL or GALLERY related permissions.
What permission to be added in app.json for CAMERA_ROLL ?
You need to add these permissions to your AndroidManifest.xml file.
<uses-permission android:name="android.permission.MANAGE_DOCUMENTS" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
I also had similar scenario. CAMERA_ROLL permission is all about reading and writing to the storage memory. So, it requires below Android permission needs to be added in app.json
READ_EXTERNAL_STORAGE
WRITE_EXTERNAL_STORAGE
We reviewed your request and found that your app, does not qualify for use of the requested permissions for the following reasons:
The declared feature {Default SMS} is allowed; however we determined it to be unnecessary for the core functionality of your app.
Default SMS [READ_SMS, SEND_SMS, WRITE_SMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, RECEIVE_MMS]
I use the <uses-permission android:name="android.permission.SEND_SMS" />
to share the app via SMS (send a text and a link to the website ), whats the work arround?
Thanks
If I understand correctly you want SMS as a feature but not a requirement.
I think what you wanted to do is add uses-feature declarations with android:required="false".
From android docs
When you declare android:required="false" for a feature, it means that the application prefers to use the feature if present on the device, but that it is designed to function without the specified feature, if necessary.
Solved by removing <uses-permission android:name="android.permission.SEND_SMS" />
and calling a intent to open the Native Device Sms App
I noticed that there are two types of permissions in the manifest file, "permission" and "uses-permission" like the two shown below;
<permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
for the following 4 permissions which do I use when I put them in my manifest.xml file? uses-permissions or permissions?
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.INTERNET
android.permission.CHANGE_WIFI_MULTICAST_STATE
For
<permission>
The documentation states:
Declares a security permission that can be used to limit access to specific components or features of this or other applications.
Therefore, since you are accessing Android's permissions, you want uses-permission instead. The documentation for this element states:
Requests a permission that the application must be granted in order
for it to operate correctly.
<permission> is normally used when making a custom permission (e.g. when making an app that other apps can tie in to, limiting access is a must), and <uses-permission> is used when your app actually needs a permission it doesn't have normally.
Lets start with "uses-permission...": Suppose you want to use GoogleMap in your application as an example to find a nearest location of any office such as bank or any other office. You need internet. So you need to give the permission to your android device to access INTERNET. This is done by using android permission called .
<uses-permission android:name="android.permission.INTERNET" />
Now come to "permission..": what it does is it Declares a security permission that can be used to limit access to specific components or features of this or other applications.If your application need some resources or some feature from other application, you can use by giving the specific class or package.
<permission android:name="com.example.project.DEBIT_ACCT" . . . />
Thanks. for more information, you can read
http://developer.android.com/guide/topics/manifest/manifest-intro.html
In short, the one you needed is the uses-permission statement.
Androird Document now has a dedicated page discussing these two usages.
In the Using Permissions part, it explains that
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.app.myapp" >
<uses-permission android:name="android.permission.RECEIVE_SMS" />
...
</manifest>
is used to declare what permissions you'd like to use.
While in Defining and Enforcing Permissions you can see that
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.me.app.myapp" >
<permission android:name="com.me.app.myapp.permission.DEADLY_ACTIVITY"
android:label="#string/permlab_deadlyActivity"
android:description="#string/permdesc_deadlyActivity"
android:permissionGroup="android.permission-group.COST_MONEY"
android:protectionLevel="dangerous" />
...
</manifest>
is used to define your own permission.
In layman terms, <uses-permission> specifies permissions your app needs to access some component restrict by another app that is the owner of that component.
<permission> specifies the restrictions you are placing on your components are the component owner.
permissions don't seem to make any difference...
In the manifest, I have only one <uses-permission> (permission.INTERNET), and I have two <permission> elements:
<permission android:name="myapp.permission.READ"
android:permissionGroup="myapp.permission-group.MYAPP_DATA"
android:label="#string/perm_read"
android:description="#string/perm_read_summary"
android:protectionLevel="signature" />
<permission android:name="myapp.permission.WRITE"
android:permissionGroup="myapp.permission-group.MYAPP_DATA"
android:label="#string/perm_write"
android:description="#string/perm_write_summary"
android:protectionLevel="signature" />
And then there is the provider:
<provider
android:name=".data.DataProvider"
android:multiprocess="true"
android:authorities="myapp.data.DataProvider"
android:readPermission="myapp.permission.READ"
android:writePermission="myapp.permission.WRITE" />
Right now, I have normal access to the ContentProvider, and it works just fine.
Why does it work if I didn't enforce with <uses-permission>?
Shouldn't it be needed also in the app where the provider is
declared?
Adding <uses-permission> with my own permissions make no difference. The permissions are not even listed in the app info. Why?
ps.: yes, I've read questions here on SO and on Google Groups (ones with Hackborn answering, too). I've followed (as you can see) what is described everywhere, but still... You could say that it's working, but the point is exactly that I want to see when it doesn't.
Shouldn't it be needed also in the app where the provider is declared?
AFAIK, your own app holds all your own permissions that you declare. Third parties would need <uses-permission>.
The permissions are not even listed in the app info. Why?
See above.
You could say that it's working, but the point is exactly that I want to see when it doesn't.
Write another app, in its own package, to test your permissions.