Scenario:
I have an app already deployed on Google Play.
For some internal reasons, we'll have a separate app (separate .apk) which define a custom permission on the manifest:
<permission
android:name="<my.app.package>.PERMISSION.extras"
android:protectionLevel="signature"/>
and the existing app will use this permission.
<uses-permission
android:name="<my.app.package>.PERMISSION.extras"/>
both apps are signed with our key and it the communication between the two apks is working fine.
Now the question:
because of this new custom permission, will Google Play:
require our users to go to Google Store -> My Apps -> <my.app> -> Update
or
just auto-update as usual, and it only cares about the new permissions if it is one of the android.permission.* permissions ?
Any well based information will be deeply appreciated.
To answer my own question I setup a small test.
test procedure:
created new google account, on a tablet and downloaded the app
added this new user to the G+ community for Alpha testers of the app.
on this user account, accepted to be an alpha tester
double checked that the app is with auto-update enabled.
pushed an update to the app with the new custom permission.
await for the cloud...
results:
on Google play developer console it shown the extra permission on both the total number of permissions and the list of permissions.
after a few hours the tablet auto-updated with no problems.
the custom permission are not shown on Google Play Store in the tablet
the custom permission are not shown on the tablet Settings -> Apps -> My App -> Permissions
so final answer:
custom permissions with signature level protection do not stop the auto-update from Google Play Store.
I believe custom permissions would fall under the category of "Other." Based off this page, you'll be asked to download the update when adding the permission. If the permission has already been approved, this may be different.
Whether or not the user has to manually go to the Play Store to get updates or if the app updates itself is also a different matter. This is dependent on the user settings within their Play Store application. You can refer to "App Updates" in the page linked previously. With Auto-Update enabled the user won't be prompted to approve permissions if the new permission group has been previously added (this may not apply in your case because it's a custom permission). No matter what, if your app is adding a new permission group, the user will be asked to accept the update.
I believe only if the user has auto updates disabled and notifications disabled for their Play Store application, will they need to manually go to the Play Store -> App -> Update.
Related
Here is the email I received from Google Play. I added QUERY ALL PACKAGES permission to the manifest file so that all the features would function properly in Android 11 or later. But in reality, I simply require a portion of the permission to implement those functionalities. So, if the "QUERY ALL PACKAGES" permission is withdrawn and another core permission is added in manifest file, do we still need to submit a permission declaration?
DEVELOPER UPDATE
Hello Google Play Developer,
If your app requires the QUERY_ALL_PACKAGES permission, you need to
submit the declaration form in Play Console by July 20. Otherwise, you
will not be able to submit new apps or app updates.
Action required:
If your app does not require use of the QUERY_ALL_PACKAGES permission, you must remove the permission from your app manifest.
If your app requires use of the QUERY_ALL_PACKAGES permission, you’ll need to provide a description and short video of the core
feature in your app that requires this permission. To prepare for the
questions you’ll need to answer, review this Help Center article.
You have until July 20 to submit the declaration or remove the
permission from your app manifest. Apps that fail to meet the policy
requirements or do not submit the declaration form may be removed from
Google Play starting July 20.
Thank you for continuing to partner with us to make Google Play a safe
platform for you and your users.
Thank you,
The Google Play team
Try these solutions if you don't need QUERY_ALL_PACKAGES permission
https://stackoverflow.com/a/73104066/10657559
https://stackoverflow.com/a/72774358/10657559
Updating an app that has sensitive permissions on the Google Play Console
In my case I have submitted declaration form in play console like below
Go to Google Play Console , under Policy area -> App Content -> click Manage button under Sensitive permissions and API
Here lists all sensitive permission used in our app -> click Manage button under corresponding permission
Fill the declaration form
I have submitted this 3 weeks ago and I haven't met with any issues from Google Play Console so far.
I am facing one problem regarding Android app new version publishing.
Scenario :
I uploaded initial flutter android app 2 month ago (Dec 2020) to google play store where we had accidentally added Location permission even with no use in code. (Just permission added in Android Manifest).
Now we come up with new version of flutter android app and trying to create new Release version 1.0.2 it shows error while Submitting new release version of app.
Error : Fix errors to rollout this release
Issue is regarding used location permission in my initial app version which is live on play store
Issue need to be fixed : Your background location permission
declaration needs to be updated.
In the App Content it showing error in Sensitive app permissions
Note : In Sensitive app permission - Location Permission. It's not showing Manage Button instead there is a option to location permission declaration form.
We don't want to use location permission now . so we removed location
permissions and trying to upload new release version but still this
location permission (Sensitive App permission) declaration showing
error again and again.
Solution :
First of all fill-out form of declaration for location permission (Any Sensitive permission used in previous rolled out APK version). This will fixed temporary error of App Content - Sensitive Permission Issue.
In my scenario i have added no usage of background location In
declaration and random youtube video link.
After permission declaration you can create/edit new release.
Make sure before adding new release APK to console please analyse APK and make sure that that sensitive permission is not used again. (If you used that sensitive permission again than you need to add valid sensitive permission declaration in AppContent -> Sensitive Permission)
After Creating new release version you can roll out new release version from Release dashboard.
After Roll out go to App content -> Sensitive App Permissions -> click on Manage and Select No Radio Button and Save it.
ITS DONE. Your new release version app will be live soon!
I had the same problem - I didn't need anymore this permission but the APK in prod used this permission (and also some releases of some tests) so the console let me only explain why I needed this permission and didn't display the question if I do use this permission.
When I tried to add new tests I was always rejected because I didn't have a good reason why I needed the background access permission.
If you don't need this permission anymore:
(I don't have the exact name of the sections, actions because I have a non-english language in Google Play Console)
I found a solution that worked for me: App Update is rejected from google play due to Background Location access (But I didn't use any background location Permission).
In App content -> Sensitive App Permissions -> click on Manage -> Click on Display APKs.... You will see all the APKs that use the background permission. Those APKs can be used in Tests or Production.In order to fix the problem you will need this list to be empty.
APK from Test sections:
For each test - search the source of the release (a release from a test of internal tests/closed tests...)
Under the test section, click on Manage (even for suspended tests), click on New Release and add an empty release (without APK) click to examine the release.[Add a new empty release under the test/s that uses a release with an APK that requires the background access permission. Don't add new empty tests].
APK from Production:
You will have to add a new release on Production that doesn't include the background permission.
Now you will see that no APK is displayed when clicking on Display APks... on Sensitive permission... Now when clicking on Manage (under Sensitive permission..) you will have a new question - if you do use the background access. Click on "No" and now you can add new Tests.
I had a similar problem when modifying an application in production that did not use the sensitive permission, but had it declared
The reason that the Play Store Console showed the application stuck in "under review" status was that it could not modify the permission statement, caused by having limited the scope of the app to a single country, limit that was different from the version that was in production
After being able to adjust the regional distribution to all countries, I was able to start the release of a new version that did not use sensitive permissions, with which the permission declaration form could now show me the correct question that had nothing to do with location in background ("Does your app access location in the background in APKs or app bundles targeting Android 9 or older?") according to the documentation in:
https://support.google.com/googleplay/android-developer/answer/9799150?hl=en#zippy=%2Chow-do-i-remove-location-in-the-background
The issue is that an outdated APK/App bundle file was added to the Alpha/Beta testing phase (but never moved to production), and rather than correcting it, he added a new APK/App bundle to the live environment. The Alpha/Beta file is currently being reviewed rather than the new production file due to changes in how reviews are carried out by Google. In Google's denial, you can see the versionCode of the previous APK/App bundle.
The new APK/App bundle file should therefore be added to the same Alpha/Beta as the old one before being promoted to production. Once you have done that, go back to APP CONTENT and you will see there yes/no form. Issue is resolved.
I am working on an app where I am using a custom permission as defined by another developer in their SDK.
According to Google, if we add a pre-defined permission, such as <uses-permission android:name="android.permission.INTERNET" />, then, when a user updates the app, they will be prompted to approve this new permission. This happens before the app is updated; if the user does not accept, the app is not updated.
Now, we want to add in this custom permission. Will the Play Store still ask users to accept this new permission prior to updating the app when we release the new version on the Play store?
Yes all permissions are required to be approved by the user. If the updated version has new permissions : grouped or others, they need to be approved by user.
From Google's policies:
Users who wish to have full control over new individual permissions being added to an app can review individual permissions for an app at any time, or may consider turning off auto-updates for one or more apps. Any permissions that are not part of a permissions group, including those that are not shown in the main permissions screen, will be shown in the "Other" group.
Update
From M the permission model will change. Users will control the permissions at runtime. Good for users but more work for developers, as now we have to handle the permission denial. Read more here.
When people download your app they have to accept the permissions that you set in your manifest.
If you set a new permission in the android manifest of your app, then people who have downloaded your app will need to accept the new permission first. So if you update your app and you have new permission it won't auto update and people need to first accept it in the google play store.
From Google's support page:
When an app updates, it may need to use additional
capabilities or information controlled by permissions.
If you have automatic updates enabled, you won't need to review or
accept these permissions as long as they are included in a permissions
group you already accepted for that app.
If the app needs access to an additional permissions group, you'll be
asked to accept the update, even if you've set an app to update
automatically.
If you prefer to review each update manually, you can change your
update settings.
Yes, Google play will ask users to approve custom permissions.
Google clearly mentions that
"If the app needs access to an additional permissions group, you'll be asked to accept the update, even if you've set an app to update automatically."
and
"Developers may automatically add additional permissions within each group"
Since custom permissions do not belong do any permission group, they are shown in other permissions and when updating an app if new permissions are added to others group, play store will ask users to approve those permissions.
Official Source: https://support.google.com/googleplay/answer/6014972 (open link and click on other)
This page says "Note: If an app adds a permission that is in the "Other" group, you'll always be asked to review the change before downloading an update."
I published my app on play store. But when I press install for installing any other app on play store. One app permissions page open. And it contains permissions like Phone calls, Network communication, Your location, Network communications and so on. But when I click install on my app in play store. App permissions page open that contains text Laughing Buddha does not require any special permissions. How can I add permissions like in other apps when someone click on install on my app in play store?
If your application need any special permission you can add in Manifest. Its your choice. If the app does't need any permission it will show like Laughing Buddha does not require any special permissions
If an application changes its permissions, the Android market will generally mark it for manual update. Is this true if the change is only to remove a permission that was previously required by an app? Or will any change to the permissions mark the app for manual update?
EDIT
I tried it out today. Removed a permission from the app and put it up on the market. I had also ticked the 'auto update' feature in the mkt page. Although it did not automatically update the app, it did not say 'manual update' in the mkt page.
Removing permissions does not prevent auto-upgrades.
Adding a permission might prevent auto-upgrade, but not all permissions do. A good heuristic is to look at the protectionLevel of the permission; "dangerous" permissions will prevent auto upgrade, "normal" in general will not, but it's good to test with a small test bench app.
Third-party permissions are typically "normal" or "signed", and "signed" are treated same as "normal" with regards to auto upgrade.
Also, as of v4.1.6 Google Play app does show apps that require manual acceptance of new permissions in a separate "Manual Update" section. They are listed along all other updates, and the GP app will just show the new permissions dialog when user tries to update them.