I pushed a beta version to Google Play that accidentally added more permissions compared to the version that's current in production.
Before pushing the final new version to production via a staged rollout, I removed those permissions, but despite that, users are still complaining about the new permissions when they received the update on the Play Store.
Why are the new permissions still visible? I removed the APK from the beta channel, neither of the production APKs (both the old one, and the new one in staged rollout) have the new permissions. I even see those new permissions in the Play Store listing.
By using a newer SDK but not changing the targetSdkVersion of all my imported modules, I automatically inherited some implicit permissions.
For one, there is one library with a targetSdkVersion of 3 - that will automatically add READ_PHONE_STATE, as already documented in this answer, and the official docs.
This can be easily seen by looking at the manifest merger log in build/output/logs/manifest-merger-release-report.txt:
android:uses-permission#android.permission.READ_PHONE_STATE
IMPLIED from AndroidManifest.xml:2:1 reason: com.foo.library has a targetSdkVersion < 4
The other problem was having READ_CONTACTS set, but at least one library used both minSdkVersion and targetSdkVersion < 15. That automatically added READ_CALL_LOG. See the documentation about this. Curiously enough I didn't see a mention of that in the merger log, but I may have missed it.
The final APK permissions can be checked with aapt:
aapt dump badging build\outputs\apk\foo-release.apk
That prints out the list of permissions.
Full credit to CommonsWare for leading me to this. Thanks Mark!
Related
I am trying to create a new release with no sensitive permissions asked. but when i go to app releases it shows :`
Previously declared permissions (2 permissions)
android.permission.READ_SMS
android.permission.RECEIVE_SMS`
I deleted all artifact libraries apks drafts .
What is the procedure to get rid of it?
I solved it.
Go to your artifact Library and check if there is any active artifact which contains these permissions. Now create a build and overwrite those active artifacts with your new build. When every other release track like beta , internal do not contain any sensitive permission, just create a build for production and you will see it gone.
I recently get the warning to update the Android Target Version to 26 or more from the Google Play Console. However, I have already set the target SDK to 26.
I check the AndroidManifest file and the merged manifest for all the libraries I have included in the project.
There are few libraries which are under Manifest Sources and few are under the
Other manifest files(Included in merge, but did not contribute any elements) - what does this mean?
Can i update the manifest to target API 26 for this project only and upload the to see if it gets accepted or not.
Google needs to verify the App for SMS and Call Log permission but when i upload the app to the play store i get the warning - •
Your app needs to be using runtime permissions for us to complete the
review. Please update your app to target API level 26 or above and
resubmit the declaration form.
There are few libraries which are under Manifest Sources and few are
under the Other manifest files(Included in merge, but did not
contribute any elements) - what does this mean?
When you use other libraries their manifest files will merge with yours to form one Manifest that will ultimately be used.
Can i update the manifest to target API 26 for this project only and
upload the to see if it gets accepted or not.
It's better to set the minSdkVersion and targetSdkVersion in your build.gradle file not in the manifest because Gradle overrides the manifest values reference can be found here
Google needs to verify the App for SMS and Call Log permission but
when i upload the app to the play store i get the warning
When you target API 23 or above you need to write Runtime permissions or you will get a crash when you try to access them.
it's called WorkManager now; the Firebase Job-Dispatcher might not receive updates anymore.
implementation "android.arch.work:work-firebase:1.0.0-alpha11"
androidTestImplementation ("android.arch.work:work-testing:1.0.0-beta01") {
exclude group: "android.arch.work"
}
only the API level of the application package matters - and the run-time permissions need to function - except these critical permissions for SMS and Call Log, which are subject to review. recently had one install from US territory, which might have been such review, even if I only use SIP telephony. there might have been people sending premium SMS from apps, which quickly deduct prepaid credits - or providing robocall services with phone numbers to bother. also smartTAN depends on SMS. the attack vector is realistic, therefore these checks are in place for a reason.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed last year.
The community reviewed whether to reopen this question last year and left it closed:
Original close reason(s) were not resolved
Improve this question
I am trying to release a new version of my Android App.
I can upload the APK file but after I click the "Review" Button I am getting below error.
Review summary
Errors
Resolve these errors before starting the rollout of this release.
You can't rollout this release because it doesn't allow any existing users to upgrade to the newly added APKs.
Please note that this app was developed using CORDOVA
The app version details are as below image. The only difference from the previous and this new version is the Target SDK is changed from 24 to 26
Can someone please give some idea to fix this issue. Thanks for your help
I contacted the Google support and they replied within 24 hours.
The issue is the android:versionCode in the AndroidManifest.xml is lower than my previous release. After I fixed the issue I was able to release my app without any issue.
How I fixed the issue
I changed the android-versionCode to a higher value in <manifest tag in the config.xml file so AndroidManifest.xml has the higher value.
Full reply from Google
Hi,
Thanks for contacting Google Play Developer Support.
You're seeing that error message because your new APK has a lower version code than the previous APK. Newer APKs must always have a higher version code than the previous version, or the Play Store won't know that the new APK is an update. Please change your new APK's version code to be at least 206020.
Regards,
Google Play Developer Support
If your Old APK version is a higher number than your New APK version then you get this error.
It is not the version name that matters, that can actually be any string, it is only the version code which must always be higher than a previous version.
https://developer.android.com/studio/publish/versioning
To fix for Flutter
In pubspec.yaml it is the version line, and the number after the + sign is the one that must be higher than the Old Version Code shown in the Google Play Console screen as the "1 app bundle deactivated".
That would be 50 if this was your version line :
version: 1.0.0+50
I faced same issue, interestingly the versioncode(120001) of new release (12.0.0) was less than the versioncode(1104058) previous release (11.4.5)
I resolved this issue following this link Setting Android version code in Ionic 2
Update both versionCode and versionName.
minSdkVesion 16
targetSdkVesion 26
versionCode 2
versionName 1.1
In your config.xml file's <widget> element, add/increment the android-versionCode attribute by one:
<widget id="com.example.foo" version="1.0.1" android-versionCode="10001" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
After that, running a cordova clean android and cordova build android --release gave me an .apk that the Google Play Console accepted.
have you upgraded your versionCode from previous versionCode?
minSdkVesion 16
targetSdkVesion 26
versionCode 1 //you need to upgrade it from previous one
versionName 1.0
If you are Monaca Cloud IDE for building and you are facing this error You cannot make this version available because it does not allow existing users to upgrade to new APKs that have been added.
So here what is the problem, When you try to build APK then it generates a random number,
So make sure your new update version code is greater then this 10505
You can set in Monaca Cloud IDE version code
In the root of your project will be a config.xml file. It contains a widget node that has an attribute of version. 1.17.01 in Example: <widget id="com.myapp.mobile" version="1.17.01" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
During a cordova prepare operation, this config.xml file is merged into the manifest file for your platform (e.g. platforms\android\app\src\main\AndroidManifest.xml for Android). The merged manifest file will contain both a version code and version string generated from the version listed in the config.xml. Ex: <manifest android:hardwareAccelerated="true" android:versionCode="11701" android:versionName="1.17.01" package="com.myapp.mobile" xmlns:android="http://schemas.android.com/apk/res/android">
This version code 11701 will be what is listed on the play console.
To automatically set this version greater, you can add to your gradle.properties file a variable setting cdvVersionCodeForceAbiDigit=true which will automatically multiply the version by 10. Note this logic is laid out in the build.gradle file at the root of your platform app folder. There is other logic toggled with the cdvBuildMultipleApks variable to set different values based on product flavor (arm, x86, etc). But I think the recommended approach today is to upload a "bundle" and let Google automatically generate the separate apks for various device configurations.
I recently added firebase messaging to my android app and I noticed some new permissions required to my app at similar time, for example:
android.permission.READ_PHONE_STATE
I couldn't find anywhere in documentation, why is this permission required. I even tried to explicitly disable it in manifest (tools:node="remove") and messaging still works for me. It's kinda messy and I want to use only as few permissions as I need for sake of my users.
Is this permissions really needed by messaging or is it added automatically from one of library dependencies?
How can I tell what permissions is being added by what? I tried manifest-merger-report.txt, but there was no mention about READ_PHONE_STATE.
Thanks!
The READ_PHONE_STATE permission is not needed for Firebase Cloud Messaging to work (see the Edit your App Manifest docs).
From what I can tell, you've already done quite the digging with this tiopic (checking the manifest-merger-report.txt, adding tools:node="remove" to disable it). You've probably seen Commonsware's blog too.
It's hard to tell from where the READ_PHONE_STATE permission is coming from (with the current details your post), but it is most probably the cause of manifest merging. Try double checking if there are any dependencies that have the library's min SDK is lower than the app's min SDK, wherein if true, the permission is added, as per this answer:
The second one, READ_PHONE_STATE is because of the saxrssreader library. When the library's min SDK is lower than the app's min SDK, the permission is added during build. I simply changed the library's minimum SDK to the number my app is using and the permission is gone.
I had the same problem, i checked manifest-merger-report, and found that READ_PHONE_STATE was added because some library that I'm using has target version < 4
Here is exact quote from report:
ADDED from [com.google.firebase:firebase-messaging:10.2.0] C:\Users\user\project\app\build\intermediates\exploded-aar\com.google.firebase\firebase-messaging\10.2.0\AndroidManifest.xml:23:18-87 android:uses-permission#android.permission.READ_PHONE_STATE IMPLIED from C:\Users\user\project\app\src\main\AndroidManifest.xml:1:1-135:12 reason: org.apmem.tools.layouts has a targetSdkVersion < 4
Hope, this will help you.
Question is possibly duplicate of: Firebase + Permissions
Firebase did not add this permission. Update your Google Play services to 10.0.1 as this bug seems to have been fixed in that version:
"This release fixes a missing minSdkVersion value in
play-services-location.aar that caused unintended
WRITE_EXTERNAL_STORAGE, READ_EXTERNAL_STORAGE, and READ_PHONE_STATE
permissions to be merged into app manifests."
Ok this is embarrassing. I in the end, I was adding permissions myself in parent manifest. Thank you for your comments, based on those I managed to track it down.
In the latest version of my app I updated the manifest file to include support for ICS version. When activating the APK file, I got a warning (that I apparently ignored) about newest version supports fewer devices than previous version. Later that day I saw couple of posts in forums where user saying that they are getting APP incompatible with their device messages.
The current info in manifest looks like this:
<uses-sdk
android:maxSdkVersion="15"
android:minSdkVersion="7"
android:targetSdkVersion="14"/>
The previous version in manifest had following info
<uses-sdk
android:maxSdkVersion="14"
android:minSdkVersion="7" />
I used targetSDK as 14 to enable action bar.
Any idea why this would lead to fewer device support though the maxSDK is 15 instead of 14?
Any help will be highly appreciated.
Thanks!!
First:
Check if you added any new permissions which limited the number of devices, such as 'android.hardware.touchscreen permission.
"The APK you set as active has new features / permissions that prevent it
from running on some devices that you previously supported. As such, those
devices that are no longer supported due to your update will not receive
the update, since they don't support it."
Next:
Try to remove your targetSdkVersion in the AndroidManifest.xml. Then you can try to add the file project.properties in the same directory level of AndroidManifest.xml with the content:
# This file is automatically generated by Android Tools.
# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
#
# This file must be checked in Version Control Systems.
#
# To customize properties used by the Ant build system use,
# "ant.properties", and override values to adapt the script to your
# project structure.
# Project target.
target=android-14
I was able to confirm based on my users response that only folks who had custom ROM got the incompatible message, but were later able to get the update from the market. So most likely an issue for users with custom ROM only and not related to android:targetSdkVersion as I suspected earlier.