App is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed

Question

I got this email from google play after updating my app build with flutter :

After a recent review, we found that your app is not compliant with one or more of our Developer Program Policies. See below for more information about your app's status and how to correct the issue.

Status: Approved with Issues - Further Action Required

We found issues with your app. You need to review and take action as described below so that your app is not impacted in the future.

Issue found: The use of permission is not directly related to the core purpose of the app. We found that your app is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed to be used. Specifically, the use of the permission is not directly related to the core purpose of the app.

Additionally, follow these steps to bring your app into compliance:

Please remove the use of REQUEST_INSTALL_PACKAGES permission from your app.

About the Request Install Packages Permission

Starting September 29, 2022, your app must be in compliance with the REQUEST_INSTALL_PACKAGES permission or your app may face additional enforcement actions. The REQUEST_INSTALL_PACKAGES permission allows an application to request the installation of app packages. To use this permission, your app’s core functionality must include:

Sending or receiving app packages, AND Enabling user-initiated installation of app packages. Permitted functionalities include any of the following:

Web browsing or search Communication services that support attachments File sharing, transfer, or management Enterprise device management The REQUEST_INSTALL_PACKAGES permission may not be used to perform self-updates, modifications, or the bundling of other APKs in the asset file unless for device management purposes. All updates or installing of packages must abide by Google Play’s Device and Network Abuse policy and must be initiated and driven by the user.

Google explain the steps for legalize it, but I don't have this permission in my manifest and I don't use functions to install files either, I don't know the real reason for this message and I'm afraid that my app will be removed from the store if I don't take the necessary measures.

Does anyone have more information on this or know what Google might actually be detecting in my app?

These are the permissions in the manifest:

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-feature android:name="android.permission.WRITE_EXTERNAL_STORAGE" android:required="false" />

Answer 1

In my case, this was related to the open_file in Flutter. This package is using REQUEST_INSTALL_PACKAGES permission in the manifest.

I fixed by using (open_file_safe) :https://pub.dev/packages/open_file_safe

or you can also use open_filex: https://pub.dev/packages/open_filex

both packages are the same as open_file, but .apk file type is not supported. Thus, android.permission.REQUEST_INSTALL_PACKAGES permission is not required.

If you are not using the open_file plugin, you check if the permission REQUEST_INSTALL_PACKAGES is declared in the merged manifest in build/app/intermediates/merged_manifest/ If it is being used remove the permission or else remove that plugin and find any other alternative to that plugin.

Note: If you are facing this issue with a native android project You may be querying all packages with the package manager, this is no longer allowed since Android 8.0. To resolve open the android project of your app in android studio and check the Merged Manifests portion of the AndroidManifest.xml to see if you find that permission is being used in your app if it is being used remove the permission.

If you are still not able to find the plugin or in the merged manifest file so for workaround you can try adding :

<uses-permission
    android:name="android.permission.REQUEST_INSTALL_PACKAGES"
    tools:node="remove" />

In your main manifest file. try submitting the app again on the play store hope it will help.

See more info here. https://support.google.com/googleplay/android-developer/answer/12085295?hl=en

Github Issue: https://github.com/crazecoder/open_file/issues/204

Answer 2

1. do any of the safe plugins like: open_file_safe or open_filex

if u still have problem like me:

2. for some reason Play console will reject the latest build if you use this permission usage in other tracks (internal, alpha, etc). The REQUEST_INSTALL_PACKAGES detection may referring to existing build in other tracks instead of the latest build. The review feedback message is confusing and not helpful.

In Play console (your affected app), click App Content under Policy

Look for Sensitive permissions and APIs and click Start.

Select APKs and bundles, the list will show you the build and track that contain sensitive permission/API.

Navigate to each affected track, create a new release upload a clean build( with the previous alterations ) to replace existing, submit to review.

Navigate to Publishing overview and check whether the review is pending to submit, if any, send the review.

Then it got accepted

source: https://github.com/crazecoder/open_file/issues/204