Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android studio - how to find which library is using dangerous permission?

I am trying to upload a apk to the google play store but its saying to my surprise that i am using the following permission:

Your APK is using permissions that require a privacy policy: (android.permission.RECORD_AUDIO).

so i searched the entire IDE for "android.permission.RECORD_AUDIO" but i cant find it. How can i find out which 3rd party is requesting this ? There should be a way to view in the manifest merger process all the manifest but when i hit shift twice and search manifest only the local manifest are showing up. The other is bit code and i cant view it.

like image 296
j2emanue Avatar asked Aug 23 '17 04:08

j2emanue


People also ask

Which Android permissions are dangerous?

There is a total of nine dangerous permissions: BODY SENSORS, CALENDAR, CAMERA, CONTACTS, LOCATION, MICROPHONE, PHONE, SMS, STORAGE. For some apps it is normal and expected to request some of these permissions.

Which permission is dangerous?

It's the “dangerous” permissions that Android requires your permission to use. These “dangerous” permissions include access to your calling history, private messages, location, camera, microphone, and more. These permissions are not inherently dangerous, but have the potential for misuse.

How do I check permissions granted on Android?

To check if the user has already granted your app a particular permission, pass that permission into the ContextCompat. checkSelfPermission() method. This method returns either PERMISSION_GRANTED or PERMISSION_DENIED , depending on whether your app has the permission.

How do I check if permission is denied Android?

Android provides a utility method, shouldShowRequestPermissionRationale() , that returns true if the user has previously denied the request, and returns false if a user has denied a permission and selected the Don't ask again option in the permission request dialog, or if a device policy prohibits the permission.


2 Answers

In project build directory, there is a manifest merger report.

In my case, it is located under [ProjectRoot]/app/build/outputs/logs/manifest-merger-debug-report.txt

From this file, your can find where the permission is added. For example:

uses-permission#android.permission.RECORD_AUDIO
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:45:5-71
    android:name
            ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:45:22-68
uses-permission#android.permission.CAMERA
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:49:5-65
    android:name
            ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:49:22-62
like image 190
cmoaciopm Avatar answered Sep 22 '22 02:09

cmoaciopm


If the library is open source you can check their source code for the permissions they have used. They usually list the permission on their Read.me files. Even if they are proprietary libs they will list the permissions they will be using otherwise their security is questionable.

like image 24
Umar Hussain Avatar answered Sep 23 '22 02:09

Umar Hussain