It seems like Read/Write external storage and Read phone state permissions are automatically added to the manifest on building the android apk. Are these necessary for all React Native android apps? Is there any way to remove these permissions?
Looking at the build/output/logs/manifest-merger-debug-report.txt I see:
android:uses-permission#android.permission.READ_EXTERNAL_STORAGE
IMPLIED from `/***/android/app/src/main/AndroidManifest.xml:1:1-22:12 reason: org.webkit.android_jsc` requested WRITE_EXTERNAL_STORAGE
It feels weird that I'll see these permissions being requested if I install the app from the Play store if I'm not using them.
I have an answer.
AndroidManifest.xml
Add this to manifest which should be line 1
xmlns:tools="http://schemas.android.com/tools"
It should look like this
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="YOUR PACKAGE NAME">
Now you can remove the permissions with this
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="remove" />
So my permissions for a simple app are
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" tools:node="remove" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="remove" />
Don't remove SYSTEM.ALERT.WINDOW, you will have problems in development.
Related
I have an app built using Xamarin for android.
I keep getting the same email saying my app is using Manage_External_Storage and keeps getting rejected even though it's not in the manifest. The app at some time had requested that permission but we have removed that from the manifest. Even the Play console App bundle explorer reads the correct permissions. Below are the permissions from for that app bundle from the app bundle explorer in Play Console
android.permission.ACCESS_NETWORK_STATE,
android.permission.CAMERA,
android.permission.INTERNET,
android.permission.USE_BIOMETRIC,
android.permission.USE_FINGERPRINT,
android.permission.WAKE_LOCK
I have also checked the manifest of the compiled .aab in android studio and it does not have that permission in there.
<?xml version="1.0" encoding="UTF-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="26" android:versionName="1.0.26" android:installLocation="0" android:compileSdkVersion="30" android:compileSdkVersionCodename="11" package="com.test.app" platformBuildVersionCode="30" platformBuildVersionName="11">
<uses-sdk android:minSdkVersion="26" android:targetSdkVersion="30" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-feature android:name="android.hardware.camera" android:required="false" />
<uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.USE_FINGERPRINT" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.USE_BIOMETRIC" />
</manifest>
Does anyone have any idea why this is happening?
If you remove the Permission, you need to update the build number on Internal Track. you have to update the build on every track(Open testing, Closed testing, Production, etc.) even if permission are disabled in android 11.
Here are some threads you can refer to:
Google Play store continuous rejection due to NOT compliant with the All Files Access Permissions policy
Google Play App Rejection - Not a core feature - Use of All files access
In native android application if I need to declare that my application is going to use any permissions first of all I need to add them to AndroidManifest.xml file, like here
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.co.ar">
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
...
And this way I can just open application settings on the phone and see what permissions this application is using.
In unity I don't see a way to declare permissions that application is going to use. I found out according to this documentation
https://docs.unity3d.com/2020.1/Documentation/Manual/android-manifest.html
There is LibraryManifest.xml that responsible for permissions, I found this file and add there permissions I need, but because of this file is generated so every time I make new build it rewrites.
Player Settings -> Tab (Android) -> Publishing Settings -> Check Custom Main Manifest -> Edit "AndroidManifest.xml" in Assets/Plugins/Android
There is LibraryManifest.xml that responsible for permissions, I found
this file and add there permissions I need, but because of this file
is generated so every time I make new build it rewrites.
There by the way an asset that can do this android permissions
I hope you find this useful
I am compiling a project that does not explicitly request the READ_PHONE_STATE permission, but when I compile I am seeing the permission in my compiled Android Manifest file. I'm assuming some library that's being pulled in is adding it explicitly or forgot to set its minimum SDK version (which would add it).
The only thing I have to go on is that in the final manifest, the permissions I requested myself look like this:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="com.android.vending.BILLING" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
And the READ_PHONE_STATE looks like this:
<android:uses-permission android:name="android.permission.READ_PHONE_STATE" />
Does the android prefix mean anything?
Is there any way to narrow down which library is adding this permission?
You can exactly see if a (or because of) library adds some extra Permission to your manifest. Check at file generated (see below) during build process and look for the unwanted permission within the file!
Go to your project folder and look for this path:
[ProjectFolder]/build/outputs/logs/manifest-merger---report.txt
open the file and search for the permission
In my case I found these lines at the
uses-permission#android.permission.READ_PHONE_STATE IMPLIED from
C:\..\...\AppFolder\src\..\AndroidManifest.xml:2:1-14:12 reason:
com.some.evil.library has a targetSdkVersion < 4
This generated file show the output of the merge process described here in Android Developers site.
I would look at:
Android Library Manifest vs. App Manifest
This isn't really a duplicate so I won't flag, however I think he covers the topic fairly well in his answer to that question.
After that and assuming you can't figure it out, I would do the following:
Locate your gradle cache
Crack open the artifacts of each of your dependences (rename to .zip and extract is the easiest way to do this)
check if they have manifests included and see whats in the,
I have an app which makes use of wifi permissions only but ever since I moved to android studio, the compiled apk of my app uses two more extra permissions, that is phone calls/phone id and SD read/write.
I have no idea how and why those permissions have been added to my app but many users complain about that.
My app uses google analytics from google play services and appcompat. I also make use of this line
deviceId = Secure.getString(ctx.getContentResolver(), Secure.ANDROID_ID);
Any ideas? I don't want those extra permissions they scare my users away
Here is the content of manifest file
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
<uses-permission android:name="com.android.vending.BILLING" />
Studio is adding permissions appropriate to the classes / features that you are using in your project.
Update
Here is a related question that focuses on manifest merging config
I have an Mobile AIR project in FlashBuilder 4.6(Using AIR 3.4) and I am having a real problem publishing an APK. Here is the section from my APP XML:
<manifestAdditions><![CDATA[
<manifest android:installLocation="auto">
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.DISABLE_KEYGUARD"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
</manifest>
]]></manifestAdditions>
For some reason, when I create an APK, the INTERNET permission is being tacked on the end of the manifest permissions block. Note that the application.xml in the asset/META-INF/AIR folder still looks correct.
Any ideas where I am going wrong?
After a lot more searching, I found my own answer:
Note: When you bundle the runtime, ADT adds the INTERNET and
BROADCAST_STICKY permissions to your application. These permissions
are required by the AIR runtime.
BROADCAST_STICKY seems to no longer be required, but apparently when using captive runtime we cannot get around this.