Testing my Android app (made in Unity) on the live store shows that it requests "Device ID & call information". As far as I can tell, I don't request these permissions. Here are the permissions I request in my AndroidManifest.xml file. Is this a permission required for all apps? Or is it hidden under one of these other permissions?
<uses-permission android:name="com.android.vending.BILLING" />
<uses-sdk android:minSdkVersion="9" android:targetSdkVersion="19" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
Thanks!
I just spent an absurd amount of time trying to resolve this so figured I would share with anyone out there going through a similar agony.
Removing the permissions from your manifest will not necessarily remove them from the final build. Unity auto-detects required permissions from all included libraries. The libraries which are most likely causing you to have this permission included are from the Facebook sdk.
If you want to keep the Facebook sdk in the build, there's a relatively straightforward solution. Remove the Facebook SDK (completely) and install a version <= 7.80. For whatever reason, the changes to the sdk in 7.9+ prompt Unity to auto-include the READ_PHONE_STATE permission which triggers the Device ID & Call Information permission warning in google play.
Related
This question already has answers here:
Violation of the Permissions policy in google play
(3 answers)
Closed 3 years ago.
One of our application has been removed from google play store, we have removed the unwanted permissions and updated to the store. But the application has been again rejected saying "Violation of permission policy", the manifest includes dangerous permissions but we need those permissions for app's core functionality. We are facing difficulties to identify the mistake. Below are the permission required by the app.
<uses-permission android:name="com.android.vending.BILLING" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.READ_CALL_LOG"/>
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.SEND_SMS"/>
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="com.google.android.gms.permission.ACTIVITY_RECOGNITION" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
What change needs to be done to overcome this problem?
The problem is the SMS permission I think like READ_SMS
Duplicate of this Violation of the Permissions policy in google play
Your problem is this permissions:
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.READ_CALL_LOG"/>
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.SEND_SMS"/>
By new googles policy you should send special form to google to approve those permissions.
Notice that they will not allow this permissions for app that the core functionality is not related to sms and phone.
More info here
Permission Policy : https://play.google.com/about/privacy-security-deception/permissions/
Permitted Uses: https://support.google.com/googleplay/android-developer/answer/9047303#intended
Please read above the Permissions policy and the permitted uses, and take one of the following actions:
• Option 1) Remove these permissions from your app’s manifest
If your app does not require access to Call Log or SMS data, remove the specified permissions from your app’s manifest (or migrate to an alternative implementation), then publish an updated version of your app with a higher version code using the standard release process. All active APKs in the release must be free of sensitive permissions on all tracks.
• Option 2) Submit a Permissions Declaration Form to request approval from Google Play
If your app is a default handler, or you believe your app qualifies for a permitted use, publish an updated version of your app with a higher version code. You'll be required to complete a Permissions Declaration Form as a step in the release process. Select the appropriate core functionality for your app and fill out the remainder of the form's required fields. Be sure to select the core functionalities that are appropriate for the app. Google Play will reject apps where the core functionality does not match this declaration or the use is not permitted.
Also make sure your alpha, beta and internal testing channel don't have any apks with policy violation
Im getting this error when Im adding apk to alpha and beta in play store.
Production is normal.
I found this answers.
Google play console said "You can't edit this app until you create a new app release declaring sensitive permissions" how to fix it?
Warnings Your Apk Is Using Permissions That Require A Privacy Policy: (android.permission.READ_PHONE_STATE)
Neither Im using read_phone_state permission nor sms,call log permissions
I have attached screen shot my google play store account below.
I cant see where the real problem is. This page says only just there is an error.
Thats my all permissions
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.CALL_PHONE" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.WRITE_CONTACTS" />
<uses-permission android:name="android.permission.BLUETOOTH" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
<uses-permission android:name="android.permission.CHANGE_WIFI_MULTICAST_STATE" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.WRITE_SETTINGS"
tools:ignore="ProtectedPermissions" />
<uses-permission android:name="android.permission.READ_SYNC_STATS" />
<uses-permission android:name="android.permission.READ_SYNC_SETTINGS" />
<uses-permission android:name="android.permission.WRITE_SYNC_SETTINGS" />
<uses-permission android:name="android.permission.BROADCAST_STICKY" />
<uses-permission android:name="android.permission.READ_LOGS"
tools:ignore="ProtectedPermissions" />
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
<uses-permission android:name="android.permission.READ_PROFILE" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
In our case, we were thinking that we did not have "Read SMS/Call log" permissions in our app yet, and had the same error. But we were planning to include such features into our app, so we sumbitted the sensitive permissions declaration form previously via Google Forms link (before it was integrated into Play Console) and got a decline.
So our solution was:
1. Add READ_SMS permission to our apk and increase version code
2. Publish new apk in alpha channel and declare that the release did not comply with the new regulations (in the permission declaration form). After this the error went away.
3. Publish updated APK with this permission removed (which was our goal in the first place)
After step 2 the error went away, so we were able to release our planned apk to production.
Update:
It turned out we had an old apk with "Read SMS" permission in our alpha channel. So you can use these instructions to trigger declaration form, but you will still need to delete this apk later in order to comply new rules. This is what we did, after that error went away.
I solved it by following these steps,
Create a release and instead of uploading new apk/bundle select anyone from the library which has SMS or call permissions.
Fill up all the necessary details and the declaration form, save and review.
Now go to release management and edit this release and upload the new apk/bundle which you were supposed to upload.
Now you wont see any error messages.
Fill in all the details, save,review and rollout.
Do you have an alpha or beta release? Check If those releases have sensitive permissions, then release to production.
We were seeing this error even though our current release doesn't use these permissions because we had released an old version that did to an internal test track. We deactivated all previous APKs and the error was resolved.
You are declaring the permissions which are necessary that application ask during run time, according to the android policy you have to declare them before uploading the APK, in your case you took that permission i.e camera, record audio. Here you can get more help.
As to this article all apps that not meet the new policy and not remove or grant this permissions with google via declaration : https://docs.google.com/forms/d/e/1FAIpQLSfCnRaa4b1VuHhE4gVekWJc_V0Zt4XiTlsKsTipTlPg5ECA7Q/closedform may be removed from google play store and not be able to update currently existing one.
From your manifest permissions list you can see you asking for sms and phone related permissions : READ_CONTACTS, CALL_PHONE
Please see the following instructions to submit the declaration form:
A1. Go to the Console > App release > Click ‘Create a release’ > Upload a new APK that you want to release
A2. Retain the current version of APK
A3. Click ‘Add from library’ > Upload all active APKs to cover all permissions across the tracks in your app
You can find active APK in Release management > Artifact library
A4. Fill out the Permissions Declaration Form for extension
‘Compliance status’ > check “No, this release does not meet the SMS and Call log”
‘Declarations’ > check all
A5. Click "Save" at the bottom of the page
After that, please stay on the same page and follow the next steps:
B1. Deactivate and remove ONLY the old APKs which you do not want to release.
B2. Click "Save" again then select "Review"
B3. Then, you'll be able to release a new version of APK by clicking "Start Roll Out" button.
After finished all the steps, if your APK does NOT have sensitive or high-risk permissions anymore, please skip the steps below(C1~4) and no additional action is required. However, if you uploaded the new APK with sensitive or high-risk permissions, please note that your app will be removed after Mar 9, 2019.
If your new APK has sensitive or high-risk permissions & you want to utilize the permission after Mar 9, you need to finish the additional step to submit the declaration form to enable further review.
C1. After the new APK release(Step B1~3), please go to the Console > App release > Click ‘Create a release’
C2. Click ‘Add from library’ > Select the APK(which will be utilized after Mar.9)
C3. Retain newly updated APK in step B3
C4. Fill out Permissions Declaration Form (not for extension),
‘Compliance status’ > check “Yes, this release meets the SMS and Call log”
Choose core functionalities as well
C5. Submit the form by Clicking “Save” at the bottom of the page
Also, to make sure your app be safe after Mar 9, please do not forget to update all the APKs(with sensitive or high-risk permission) in other track with the same steps.
I have removed sms and call log permissions from my app and using alternatives to common uses that is using share intent and dial intent. But I am still getting the same warning in the play console on my application. following is the list of permissions in my app.
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_SETTINGS"
tools:ignore="ProtectedPermissions" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<!-- Push Notification Permission -->
<uses-permission android:name="com.onwaycab.permission.C2D_MESSAGE" />
<uses-permission
android:name="com.google.android.c2dm.permission.RECEIVE"/>
<!-- MAP Permission -->
<permission
android:name="com.onwaycab.permission.MAPS_RECEIVE"
android:protectionLevel="signature" />
<uses-permission android:name="com.onwaycab.permission.MAPS_RECEIVE" />
Edit:
I am receiving the warning even if I have not used sms and call log permission so it is not duplicate of that question.
If you are seeing this alert every time you refresh the page, then one or more your libraries might be using the permission.
To check all permissions your app is using, just install the app on the real device and check the App Info - Permissions.
Alternatively, add this to your Manifest file. tools:node="remove" will remove the permission in case if any library is requesting it.
<uses-permission android:name="android.permission.READ_CALL_LOG" tools:node="remove" />
<uses-permission android:name="android.permission.WRITE_CALL_LOG" tools:node="remove" />
Another important point, if you are using build variant then define it inside your highest priority manifest file.
Library manifest: lowest Priority
Main manifest: Medium Priority
Build Vairant manifest : Highest priority
My playstore console showed this "SMS & CALL_LOGS" related warning.
So, I removed the SMS & CALL_LOGS related permissions from the manifest and uploaded the latest release build to playstore. But the warning was still shown to me after latest build was published on store.
So ,After this I filled this below Permissions declaration form and the warning is removed now.
https://docs.google.com/forms/d/e/1FAIpQLSfCnRaa4b1VuHhE4gVekWJc_V0Zt4XiTlsKsTipTlPg5ECA7Q/viewform
Another thing worth checking - we had an old Beta version of the app that did use SMS in the Google Play Console on Release management -> App release.
The Beta wasn't active any more but that old version was still showing under Release management -> Artifact library-> Active artifacts, so am guessing Google still considered it an active application. Helpfully this area also shows you all the permissions your app uses, in case you are concerned if a library or plugin is adding permissions without your knowledge.
Removing the Beta version and appealing the removal as it being due to an inactive Beta, got the app republished within a few hours.
I have the below permissions defined in the Manifest but I still see Android asking the app needs permission to write to External storage even though I don't want to access External Storage
Could it be because of Google Play services
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
Pls try This for google play service error:
<uses-permission
android:name="android.permission.WRITE_EXTERNAL_STORAGE"
android:maxSdkVersion="Version code" />
Metadata used end of application.
It's almost a year since post publication but maybe this'll help someone.
If you are using play-services version < 8.3 then play-services-maps uses this permission.
If you are not using play-services-maps then probably you are using play-services-fitness which takes maps as transitive dependency.
If you are not using nor of them, then probably you have other transitive dependency which needs this permission.
TIP to check transitive dependencies
Add these permissions
<uses-permission android:name="ANDROID.PERMISSION.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="ANDROID.PERMISSION.WRITE_EXTERNAL_STORAGE"/>
This might be because of below two reason.
If you're targeting version 8.3 or later of the Google Play services SDK, you no longer need the WRITE_EXTERNAL_STORAGE
permission to use the Google Maps Android API.
If you're targeting earlier versions of the Google Play services
SDK, you must request the
android.permission.WRITE_EXTERNAL_STORAGE permission.
Check this link.
There was a bug in Google play services that causes unintended WRITE_EXTERNAL_STORAGE, READ_EXTERNAL_STORAGE, and
READ_PHONE_STATE permissions to be merged into app manifests. That
is solved in Google Play services 10.0 release. Check this.
To avoid this I recommend to include necessary individual Play service APIs and corresponding build.gradle descriptions. Check this.
Hope this will help you and future user also.
This is missing :
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
I have an app which makes use of wifi permissions only but ever since I moved to android studio, the compiled apk of my app uses two more extra permissions, that is phone calls/phone id and SD read/write.
I have no idea how and why those permissions have been added to my app but many users complain about that.
My app uses google analytics from google play services and appcompat. I also make use of this line
deviceId = Secure.getString(ctx.getContentResolver(), Secure.ANDROID_ID);
Any ideas? I don't want those extra permissions they scare my users away
Here is the content of manifest file
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
<uses-permission android:name="com.android.vending.BILLING" />
Studio is adding permissions appropriate to the classes / features that you are using in your project.
Update
Here is a related question that focuses on manifest merging config