Menu
I just updated one app from Firebase 9.0.0 to Firebase 9.0.2. I use messaging + ads.
compile 'com.google.firebase:firebase-messaging:9.0.2'
compile "com.google.firebase:firebase-ads:9.0.2"
Now a lot of unwanted permission have cropped up
android:name="android.permission.READ_PHONE_STATE"
android:name="android.permission.READ_EXTERNAL_STORAGE"
android:name="android.permission.WRITE_EXTERNAL_STORAGE"
I didn't add those permissions anywhere, so they must be from Firebase. I know my clients don't like these permissions, so I removed them with
<uses-permission
android:name="android.permission.READ_PHONE_STATE"
tools:node="remove" />
<uses-permission
android:name="android.permission.READ_EXTERNAL_STORAGE"
tools:node="remove" />
<uses-permission
android:name="android.permission.WRITE_EXTERNAL_STORAGE"
tools:node="remove" />
My app still works, messaging and ads still work, still I'd like my suspicions confirmed.
Why does Firebase add those permissions and is it really ok to remove them like I did?
207
You can view many of your project members and their roles in the Users and permissions tab of settings > Project settings in the Firebase console. Note the following: The Firebase console only lists project members assigned a basic role (Owner, Editor, Viewer) or a Firebase predefined role.
These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it. By default, your rules do not allow anyone access to your database.
Firebase Security Rules work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths. All Rules across Firebase products have a path-matching component and a conditional statement allowing read or write access.
This issue was fixed in 12.0.1. Source https://developers.google.com/android/guides/releases
March 28, 2018 - Verison 12.0.1
Issues fixed in 12.0.1:
- Fixes issue that caused spurious Android lint errors claiming GoogleSignIn and CredentialsClient were internal-only.
- Adds missing minSdkVersion in -license artifacts to prevent automatic inclusion of READ_PHONE_STATE and READ_EXTERNAL_STORAGE permissions.
- Restores unique package names for runtime linked -license artifacts which affected some build systems' (e.g. Ionic Pro) compatibility issues.
- Restores some fields names that were obfuscated in 12.0.1, namely the value() method of @PropertyName annotations in firebase-firestore and firebase-database.
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
