Menu
If I wanted to research how and where permissions [requested in the Mainfest.xml] were used in an Android app for the purposes of removing them is there an easy way of doing this? Does lint or findbugs offer some sort of support for tracking permissions used/abused in a project?
252
Android 11 (and newer) can automatically remove permissions from “unused apps” to limit access to sensitive personal data, including location, camera, contacts, files, microphone, and phone.
When you are no longer actively using an app, it's best to revoke any sensitive permission you may have granted it.
A method for deleting apps that works on every Android phone The tried-and-true method for deleting apps from your Android phone or tablet is simple: Long-press on the app's icon until the app shortcut's popup shows up. You'll either see an "i" button or see App Info; tap it. Next, select Uninstall.
Open the My Files app and scroll down to the bottom of the page until you see a button labeled Analyze storage. Tap Analyze storage to see a breakdown of the internal storage on your device. From here, scroll down a little until you see the section labeled Unused apps.
I came from the future to save your lives.
Here (in the future), LINT does check for missing permissions as you can see on LINT checks.
AndroidManifest.xml and remove all tags <uses-permission> using Android permissions (meaning, don't delete permissions that belong to your app, such as UA_DATA and C2D_MESSAGE).Analyze then Inspect Code... Android -> Constant and Resource Type Mismatches Apply fix "Add Permission". If you select this option, Android Studio will include one permission for every error. So you'll end up with multiple copies of the same permission on your Manifest file, just delete the duplicates. You can do it manually too.Here is the description of the LINT rule:
ID ResourceType
Description
This inspection looks at Android API calls that have been annotated with various support annotations (such as RequiresPermission or UiThread) and flags any calls that are not using the API correctly as specified by the annotations. Examples of errors flagged by this inspection:
- Passing the wrong type of resource integer (such as R.string) to an API that expects a different type (such as R.dimen).
- Forgetting to invoke the overridden method (via super) in methods that require it
- Calling a method that requires a permission without having declared that permission in the manifest
- Passing a resource color reference to a method which expects an RGB integer value.
...and many more. For more information, see the documentation at http://developer.android.com/tools/debugging/annotations.html
I'm using Android Studio 2.1.2.
125
In your app manifest file you should have a tab "Merged Manifest" there you can see your final manifest and the permissions you request you can click on a permission to see where it came from. (who added it - ex': sdk or what code it came from)
There is also a simple way to remove a permission by adding to manifest:
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" tools:node="remove" /> Also remember to add the tools at the top:
<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" package="..."> If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
