In my App I am getting location using NETWORK_PROVIDER but after uploading apk file to google play store,it shows the permission fine(GPS) location. I have a device which don't have GPS, I am not able to install the app from google play but i can install it manually. I am not getting any solution.It shows apps is not compatible.
You must remove the
<uses-permission android:name="android.permisssion.ACCESS_FINE_LOCATION"></uses-permission>
from your manifest. and only have ACCESS_COARSE_LOCATION. Even if you never use it in your code, Play store still uses it to filter out incompatible devices.
If you don't explicitly indicate which hardware features your app requires, Google Play will make some assumptions based on the permissions your app has requested.
If you don't require GPS for your application, you need to indicate that GPS is not required by adding this to your manifest:
<uses-feature android:name="android.hardware.location.gps" android:required="false"/>
Note: you can use the following command line to see how Google Play will filter your application, based on declared (or implied) features and permissions:
aapt dump badging <path_to_exported_.apk>
All this (and more) is described pretty clearly in the Google Play Filters documentation.
Related
There is an app called bodyweight fitness on the play store without any permissions. It is available on git hub as well:
https://github.com/mazurio/bodyweight-fitness-android
I used the files from git hub and compiled the apk myself with Android Studio (without changing the files). When I try to install the self compiled app apk, it tells me that it will use the INTERNET though the play store app did not. There is no reason why this app should need any internet connection. Thus I removed this line from the AndroidManifest.xml
<uses-permission android:name="android.permission.INTERNET" />
After compiling and installing the app, it still tells me that it will use INTERNET. Does someone know why and how I can remove this permission?
PS: I asked the developer as well, but I got no response yet.
update:
You are right, it is added from another part aswell: crashlytics.
And you are right aswell about the hidden permission. It is shown in
the app details when the app is installed and it is shown in the play
store when you click on the "permissions" button.
Each android lib contains manifest file with package, permissions, acitivities etc so your app will show all permissions from dependencies. You may check final manifest creation log at {projectDir}/{moduleDir}/build/outputs/logs/manifest-merger-*-report.txt
This log will contain something like that
uses-permission#android.permission.INTERNET
ADDED from {myModulePath}/app/src/main/AndroidManifest.xml:6:5-67
MERGED from [net.hockeyapp.android:HockeySDK:4.1.1] /Users/devindi/.android/build-cache/ce70c6f87efc05633a59a88fccdb712db509e22d/output/AndroidManifest.xml:12:5-67
MERGED from [com.crashlytics.sdk.android:crashlytics:2.6.8] /Users/devindi/.android/build-cache/424d420499b90aec0a26ab1b5f575e318d0342b9/output/AndroidManifest.xml:9:5-67
MERGED from [com.crashlytics.sdk.android:beta:1.2.5] /Users/devindi/.android/build-cache/be2498e53f6aa976b3927954da943b23f0a800f6/output/AndroidManifest.xml:9:5-67
MERGED from [com.crashlytics.sdk.android:crashlytics-core:2.3.17] /Users/devindi/.android/build-cache/e5b1b150113ac2f0789b76a886f379cdafa8af2b/output/AndroidManifest.xml:52:5-67
MERGED from [com.crashlytics.sdk.android:answers:1.3.13] /Users/devindi/.android/build-cache/c86f3a3daec296cb6a32deb0b3d0c3f1370a024f/output/AndroidManifest.xml:9:5-67
MERGED from [io.fabric.sdk.android:fabric:1.3.17] /Users/devindi/.android/build-cache/0a51b13dbc46dc870c598edab9d128bf8f26a8d4/output/AndroidManifest.xml:29:5-67
As you see I requested network permission at my manifest and hockeyapp, crashlytics, fabric libs requested same permission also. https://developer.android.com/studio/build/manifest-merge.html
To force permission remove just add tools:node=”remove” to your permission declaration like that:
<uses-permission android:name=”android.permission.INTERNET” tools:node=”remove” />
This is because the INTERNET permission is a "harmless" permission. This means that you don't have to ask the user for permission, and that it will not show in the Google Play Store
Since Android 5.0, permissions have a "protection level". Some are dangerous, and some are normal. Normal means that you as an app developer do not have to ask the user for permission, and that it will not show in Google Play. Dangerous means that Google Play displays it and that you have to ask the User for permission.
Source and further reading: Android Developers
There is a difference between apps installed during development via your Android Studio, apps installed from an APK and apps installed from Google Play Store. Some permissions are granted automatically in the latter case, like for example the Internet or drawing on top of other apps. You need to take this into account while planning your deployment strategy.
I am using Google Play Game Service and the BaseGameUtils lib in my game, but it adds the Permission "Read Phone Status and Identity" in my app.
Is this strictly necessary? I have seen other apps that makes use of the Google Play Game Service without requiring that permission.
The build.gradle of the BaseGameUtils compile against "com.google.android.gms:play-services-games:8.1.0" API.
(It also compiles with play-services-plus but this is not causing the problem)
I have tested with older/newers versions (7.5.0 / 8.4.0) but its the same.
Thanks in advance.
EDIT:
I also check the required permissions required by the play-services-games in the Manifest for the component: ANDROID_SDK/extras/google/m2repository/com/google/android/gms/play-services-games/7.5.0/play-services-games-7.5.0.aar but it has not "uses-permission" tags.
(What permissions are needed by each Google Play Services component?)
EDIT#2:
My Solution was to remove it explicitly in the app Manifest using this line:
<uses-permission android:name="android.permission.READ_PHONE_STATE"
tools:node="remove"/>
I found that neither of both APIs adds me none permission, but apparently when I compile with the BaseGameUtils it does (despite that the BaseGameUtils's Manifest adds none permission). It is really weird
Play Game Services definitely does not require any permissions (Implicitly is uses the internet permission to communicate with the server). An now the latest version of play-services-games (8.x) does not have dependencies on plus either.
To confirm, I suggest building one of the samples from Android Basic Samples and verify which permissions are used in the sample.
Next, I'd review any other libraries that you are including (ad providers? analytics providers?) to see if their libraries require phone permission.
this isn't really a big problem. I've got an Android App that stores user's passwords on a SQLite Database. So last week I launched an update that allows the user to export those passwords to their Google Drive. To do this, I've used the Google Drive Android API. I didn't add any special permission to the Application Manifest (AndroidManifest.xml) and it works fine (tested on KitKat4.4). But one of my friends told me that it might not work on Android 6.0+, because I should always ask for permissions. But I checked some samples and none of them had those permissions on the Manifest. Do you guys think it's necessary to add permissions? Perhaps INTERNET or GET_ACCOUNTS?
If you are using the Google Drive Android API you don't need INTERNET or GET_ACCOUNTS permissions.
The API automatically handles previously complex tasks such as offline access and syncing files. This allows you to read and write files as if Drive were a local file system.
Check the official Quickstart and the demos sample on GitHub. None of them is having special permissions in the AndroidManifest.xml.
BUT if you are using the Google Drive REST API for Android then you need INTERNET permission for sure.
If you follow the tutorials on Drive API using Android, you will see in the Step 4:Prepare the project that you need to add the permissions below in your code.
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
The permission "android.permission.INTERNET" is used if you want your application to connect/perform network operation.
For the "android.permission.GET_ACCOUNTS", it's stated in this documentation that:
Note: Beginning with Android 6.0 (API level 23), if an app shares the
signature of the authenticator that manages an account, it does not
need "GET_ACCOUNTS" permission to read information about that account.
On Android 5.1 and lower, all apps need "GET_ACCOUNTS" permission to
read information about any account.
For more information about different meaning/uses of android permission, check this page.
According to the Google Maps API documentation, INTERNET and ACCESS_NETWORK_STATE permissions will be automatically merged to project's manifest, meaning you don't have to specify them by yourself as long as calling API over Google Play services.
Couldn't find the same description for Google Drive API, though.
Consider this as a wiki question.
While I setup my project to support Map V2, There has been a step to add MAPS_RECEIVE permission.
<permission
android:name="com.example.mapdemo.permission.MAPS_RECEIVE"
android:protectionLevel="signature"/>
<uses-permission android:name="com.example.mapdemo.permission.MAPS_RECEIVE"/>
Why we creating and consuming the permission from the app itself?
Is that google play services app interact using this permission ?
This permission can't takes care of these things?
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES"/>
I thought the use of custom permission is to allow other apps to launch/use our app's services/resources.
For future visitors:
This permission is now completely unnecessary. The latest update of
Google Play Services 3.1.59 made it useless. As a result, it can be
removed.
source
This is the same pattern you see when using Google Cloud Messaging (GCM) with its C2D_MESSAGE permission. The idea is to protect an endpoint in your application (e.g. a broadcast receiver) so that some other component (presumably part of the Maps API) can contact it securely (otherwise, another application could impersonate your application by using the same intent filter).
In this case, then, Maps API internally sets up such an endpoint (transparently to you) and can, with the use of this permission, that this endpoint cannot be impersonated (because to do so would require the permission, which is protected by your application signature).
This permission specifies your package name.
i.e.
<permission
android:name="package_name.permission.MAPS_RECEIVE"
android:protectionLevel="signature"/>
<uses-permission android:name="package_name.permission.MAPS_RECEIVE"/>
thus, the google API simply allows your project to recieve the map.
The permission tells where to use the API.
I found that this permission is still needed when using the debug certificate. When I exported and signed my application it worked fine, but it wouldn't work when I used the debug cert. I have the MD5 for both my debug cert and application cert associated with the same key. When I finally added these extra permissions, it worked. I am using a Moto X running 4.4 with everything up to date.
In my app I try and use location information if it is available. Hence I have those permissions in my manifest:
e.g.
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
NOTE: I DO NOT have a for location, which is the tag I understood was used for filtering in Android Market.
When I upload to Android market I get this reported:
This apk requests 4 features that will
be used for Android Market filtering
android.hardware.location.network
android.hardware.location
android.hardware.location.gps
android.hardware.touchscreen
which to me suggests that it will only show up for devices that have location and location.network and gps hardware.
But my use of location is optional and the app will work if it is not avaialble.
Should I remove those permissions from my manifest (will I get exceptions when I try to use it?)?
Is there a way to leave the permissions and avoidAndroid Market filtering based on them?
My application has the same problem. I guess this is because the minSdkVersion is 4, i.e. Android 1.6. From the <uses-feature> documentation:
In general, if your application is designed to run on Android 1.6 and earlier versions, the android:required attribute is not available in the API and Android Market assumes that any and all declarations are required.
This makes sense because when you declare a feature as optional, you are supposed to use the hasSystemFeature() method from the PackageManager to check whether the current device has that particular feature. However, this method itself is available only from API Level 5!