I am compiling a project that does not explicitly request the READ_PHONE_STATE permission, but when I compile I am seeing the permission in my compiled Android Manifest file. I'm assuming some library that's being pulled in is adding it explicitly or forgot to set its minimum SDK version (which would add it).
The only thing I have to go on is that in the final manifest, the permissions I requested myself look like this:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="com.android.vending.BILLING" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
And the READ_PHONE_STATE looks like this:
<android:uses-permission android:name="android.permission.READ_PHONE_STATE" />
Does the android prefix mean anything?
Is there any way to narrow down which library is adding this permission?
You can exactly see if a (or because of) library adds some extra Permission to your manifest. Check at file generated (see below) during build process and look for the unwanted permission within the file!
Go to your project folder and look for this path:
[ProjectFolder]/build/outputs/logs/manifest-merger---report.txt
open the file and search for the permission
In my case I found these lines at the
uses-permission#android.permission.READ_PHONE_STATE IMPLIED from
C:\..\...\AppFolder\src\..\AndroidManifest.xml:2:1-14:12 reason:
com.some.evil.library has a targetSdkVersion < 4
This generated file show the output of the merge process described here in Android Developers site.
I would look at:
Android Library Manifest vs. App Manifest
This isn't really a duplicate so I won't flag, however I think he covers the topic fairly well in his answer to that question.
After that and assuming you can't figure it out, I would do the following:
Locate your gradle cache
Crack open the artifacts of each of your dependences (rename to .zip and extract is the easiest way to do this)
check if they have manifests included and see whats in the,
Related
VS 2022 17.1.0
Xamarin Android SDK 12.2.0.4
We have a Xamarin Forms project that includes an Android target. That Android target has recently been updated to have a targetSdkVersion 31 (Android 12)
We are now getting the following errors when trying to upload our Signed APK to Google Play
Duplicate declarations of permission
android.permission.ACCESS_COARSE_LOCATION with different
maxSdkVersions. Duplicate declarations of permission
android.permission.ACCESS_FINE_LOCATION with different maxSdkVersions.
If I look at the signed APK created by VS2022 build I can see these entries in AndroidManifest.xml
<uses-permission
android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission
android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission-sdk-23
android:name="android.permission.ACCESS_COARSE_LOCATION"
android:maxSdkVersion="30" />
<uses-permission-sdk-23
android:name="android.permission.ACCESS_FINE_LOCATION"
android:maxSdkVersion="30" />
How can I see what is causing these permission values to be merged into our AndroidManifest?
Our currently released build has a targetSdkVersion of 30 (Android 11) and whilst these duplicate permissions are present in the merged manifest for that relesase, Google Play does not complain.
Other AndroidManifest values that might be important are
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
android:versionCode="1"
android:versionName="3.7.0"
android:installLocation="0"
android:compileSdkVersion="31"
android:compileSdkVersionCodename="12"
package="com.OurCompany.OurApp"
platformBuildVersionCode="31"
platformBuildVersionName="12">
<uses-sdk
android:minSdkVersion="24"
android:targetSdkVersion="31" />
OTHER VALUES REMOVED
</manifest>
I finally managed to trace which component was adding ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION permission entries.
The only way I found to track it down was from all the entries in the "obj" folder under "lp" e.g. \obj\Debug\120\lp
This was wear the various libraries I was using would unpack themselves. I search that folder for occurences of "ACCESS_COARSE_LOCATION" and that gave me the library name that was the problem
The change I made in our AndroidManifest was
<uses-permission-sdk-23
android:name="android.permission.ACCESS_FINE_LOCATION"
tools:node="remove"
android:maxSdkVersion="30" /
Note the use of the tools:node attribute, the Android docs for this are here, https://developer.android.com/studio/build/manage-manifests
The problem is that when developing in the debug version, everything is in order, I can easily write files to memory. But I'm making a release version for Google Play, and the logs show that it simply cannot create a folder / file.
I dug up all the documentation, all the permissions are as written, but apparently I still missed something. Tell me, help
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission
android:name="android.permission.WRITE_EXTERNAL_STORAGE"
android:maxSdkVersion="30" />
<uses-permission
android:name="android.permission.MANAGE_EXTERNAL_STORAGE"
android:minSdkVersion="30"
tools:ignore="ScopedStorage" />
android:requestLegacyExternalStorage="true"
It seems like Read/Write external storage and Read phone state permissions are automatically added to the manifest on building the android apk. Are these necessary for all React Native android apps? Is there any way to remove these permissions?
Looking at the build/output/logs/manifest-merger-debug-report.txt I see:
android:uses-permission#android.permission.READ_EXTERNAL_STORAGE
IMPLIED from `/***/android/app/src/main/AndroidManifest.xml:1:1-22:12 reason: org.webkit.android_jsc` requested WRITE_EXTERNAL_STORAGE
It feels weird that I'll see these permissions being requested if I install the app from the Play store if I'm not using them.
I have an answer.
AndroidManifest.xml
Add this to manifest which should be line 1
xmlns:tools="http://schemas.android.com/tools"
It should look like this
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="YOUR PACKAGE NAME">
Now you can remove the permissions with this
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="remove" />
So my permissions for a simple app are
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" tools:node="remove" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="remove" />
Don't remove SYSTEM.ALERT.WINDOW, you will have problems in development.
I have an app which makes use of wifi permissions only but ever since I moved to android studio, the compiled apk of my app uses two more extra permissions, that is phone calls/phone id and SD read/write.
I have no idea how and why those permissions have been added to my app but many users complain about that.
My app uses google analytics from google play services and appcompat. I also make use of this line
deviceId = Secure.getString(ctx.getContentResolver(), Secure.ANDROID_ID);
Any ideas? I don't want those extra permissions they scare my users away
Here is the content of manifest file
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
<uses-permission android:name="com.android.vending.BILLING" />
Studio is adding permissions appropriate to the classes / features that you are using in your project.
Update
Here is a related question that focuses on manifest merging config
I've just noticed that my app has new permission requests that I have not explicitly declared in my AndroidManifest.xml. I didn't see these declared in any of the manifests in the
"intermediates" directory created by gradle, and the only dependency that I declare without an explicit version is crashlytics (as they suggest to do), i.e:
compile 'com.crashlytics.android:crashlytics:1.+'
The new permissions found in the full manifest are:
<android:uses-permission
android:name="android.permission.WRITE_EXTERNAL_STORAGE"
android:maxSdkVersion="18" />
<android:uses-permission android:name="android.permission.READ_PHONE_STATE" />
<android:uses-permission
android:name="android.permission.READ_EXTERNAL_STORAGE"
android:maxSdkVersion="18" />
So what my guess is that whatever new version of crashlytics is now requesting this?
If you're using Gradle to build, you can add the following to your AndroidManifest.xml to remove the permission:
<uses-permission android:name="android.permission.READ_PHONE_STATE" tools:node="remove" />
There is an issue within the Android Gradle plugin version 1.0.0-rc1 that may be causing the behavior to happen: https://code.google.com/p/android/issues/detail?id=81017
Version 1.0.0 has a fix for this.
Crashlytics only requires the INTERNET permission to send crash reports.