Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android studio - how to find which library is using dangerous permission?

Tags:

android-studio

android-permissions

I am trying to upload a apk to the google play store but its saying to my surprise that i am using the following permission: 

Your APK is using permissions that require a privacy policy: (android.permission.RECORD_AUDIO).

so i searched the entire IDE for "android.permission.RECORD_AUDIO" but i cant find it. How can i find out which 3rd party is requesting this ? There should be a way to view in the manifest merger process all the manifest but when i hit shift twice and search manifest only the local manifest are showing up. The other is bit code and i cant view it.

like image 296
j2emanue Avatar asked Aug 23 '17 04:08

j2emanue

People also ask

Which Android permissions are dangerous?

There is a total of nine dangerous permissions: BODY SENSORS, CALENDAR, CAMERA, CONTACTS, LOCATION, MICROPHONE, PHONE, SMS, STORAGE. For some apps it is normal and expected to request some of these permissions.

Which permission is dangerous?

It's the “dangerous” permissions that Android requires your permission to use. These “dangerous” permissions include access to your calling history, private messages, location, camera, microphone, and more. These permissions are not inherently dangerous, but have the potential for misuse.

How do I check permissions granted on Android?

To check if the user has already granted your app a particular permission, pass that permission into the ContextCompat. checkSelfPermission() method. This method returns either PERMISSION_GRANTED or PERMISSION_DENIED , depending on whether your app has the permission.

How do I check if permission is denied Android?

Android provides a utility method, shouldShowRequestPermissionRationale() , that returns true if the user has previously denied the request, and returns false if a user has denied a permission and selected the Don't ask again option in the permission request dialog, or if a device policy prohibits the permission.

2 Answers

In project build directory, there is a manifest merger report.

In my case, it is located under [ProjectRoot]/app/build/outputs/logs/manifest-merger-debug-report.txt

From this file, your can find where the permission is added. For example:

uses-permission#android.permission.RECORD_AUDIO
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:45:5-71
    android:name
            ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:45:22-68
uses-permission#android.permission.CAMERA
ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:49:5-65
    android:name
            ADDED from /home/jack/AndroidProject/ApiDemos/app/src/main/AndroidManifest.xml:49:22-62
like image 190
cmoaciopm Avatar answered Sep 22 '22 02:09

cmoaciopm

If the library is open source you can check their source code for the permissions they have used. They usually list the permission on their Read.me files. Even if they are proprietary libs they will list the permissions they will be using otherwise their security is questionable.

like image 24
Umar Hussain Avatar answered Sep 23 '22 02:09

Umar Hussain
Sign in to Comment

Related questions

Android Development which folders to exclude for windows defender?
How to disable Android Studio "Gradle Invocation finished" notification?
gradle ASCII: A problem occurred evaluating project ':app'
How stop Android Studio from collapsing (closing) all the directories in "Project Files" pane?
Unity3D and Android Studio Integration
Can you batch select text between quotes in IntelliJ IDEA?
Failed to resolve common open file gradle.build
ERROR: The Android Gradle plugin supports only Kotlin Gradle plugin version 1.3.0 and higher
How disable Downloading Components in Android Studio first running
Android studio / Gradle build fails in release: Could not determine the dependencies of task ':app:crashlyticsStoreDeobsRelease'
Android Studio: Failed to load dx.jar
Android Studio 3.0 Canary 1 annotation processor error
Android Studio unresolved reference. Project compiles
print() statement not printing to console in flutter iOS app within Android Studio
Cannot set the value of read-only property 'jniFolders' on task ':android:packageDebug'
Error:Failed to resolve: annotationProcessor
Does Android Studio Performance Scale Well With Number Of CPU Cores
Android: How to disable debugging to upload the apk
How To Open an Existing project in Android Studio
Vector Asset Studio is importing colorful .svg file as black and white

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!