Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

User gets permissions request that are not included in the manifest

I have Just released an app that has two permission in its manifest file (to show banner ads). "android.permission.INTERNET" and "android.permission.ACCESS_NETWORK_STATE". For testing I tried to install my app from the play market and discovered that the app required Identity, Location, Photo/Media/Files!! There is no such permissions in my manifest file, and I don't need them. Tried my other apps with similar manifest.xml (internet, network state) they are installing without any special permissions. Considering new content rating certificate system, i might have problems because in questionnaire i marked that don't need user location. Why it requires permissions that I didn't ask? I'm using android studio and build.gradle:

 android {
    compileSdkVersion 22
    buildToolsVersion "22.0.1"

    defaultConfig {
        applicationId "com.appName"
        minSdkVersion 15
        targetSdkVersion 22
        versionCode 1
        versionName "1.0"
    }
    buildTypes {
        release {
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
}

repositories {
    maven {
        url "https://jitpack.io"
    }
}

dependencies {
    compile fileTree(dir: 'libs', include: ['*.jar'])
    compile 'com.github.PhilJay:MPAndroidChart:v2.1.0'
    compile 'com.melnykov:floatingactionbutton:1.3.0'
    compile 'com.mcxiaoke.volley:library:1.0.+'
    compile 'com.nispok:snackbar:2.10.2'
    compile 'com.android.support:cardview-v7:22.2.0'
    compile 'com.android.support:recyclerview-v7:22.2.0'
    compile 'uk.co.chrisjenx:calligraphy:2.1.0'
    compile 'com.google.android.gms:play-services:7.5.0'
    compile 'com.android.support:appcompat-v7:22.2.0'
    compile 'com.github.markushi:android-ui:1.2'
    compile 'com.afollestad:material-dialogs:0.7.3.1'
}

Manifest.xml

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
          xmlns:tools="http://schemas.android.com/tools"
          package="com.AppPackage" >

    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

    <application
        android:name=".MyApplication"
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:theme="@style/AppTheme"
        >
        <activity
            android:name=".MainActivity"

            android:label="@string/app_name" >
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />

                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
        <activity
            android:name="com.google.android.gms.ads.AdActivity"
            android:configChanges="keyboard|keyboardHidden|orientation|screenLayout|uiMode|screenSize|smallestScreenSize" />

        <meta-data
            android:name="com.google.android.gms.version"
            android:value="@integer/google_play_services_version" />

        <activity android:name=".Prefs_Activity" >
        </activity>
        <activity
            android:name=".Guide_Activity"
            android:label="@string/title_activity_" >
        </activity>
        <activity
            android:name=".Picker_Activity"
            android:label="@string/title_activity_" >
        </activity>
    </application>

</manifest>

Update:

Thanks to CommonsWare's answer I have found "manifest-merger-release-report.txt", and who uses these permissions. These are maps and wallet APIs. I have separated play service from this:

    compile 'com.google.android.gms:play-services:7.5.0'

to this(all I need for now):

    compile 'com.google.android.gms:play-services-analytics:7.5.0'
    compile 'com.google.android.gms:play-services-plus:7.5.0'
    compile 'com.google.android.gms:play-services-ads:7.5.0'
    compile 'com.google.android.gms:play-services-appindexing:7.5.0'

Results:

  • removed unnecessary permissions
  • apk size reduced up to 500kb
  • started to take seriously API separation

Play Market apk update screenshot

like image 489
despecher Avatar asked Jun 04 '15 11:06

despecher


People also ask

How do you declare permission in manifest?

To declare a permission only on devices that support runtime permissions—that is, devices that run Android 6.0 (API level 23) or higher—include the uses-permission-sdk-23 element instead of the uses-permission element. When using either of these elements, you can set the maxSdkVersion attribute.

Which tag is used for permission in manifest file?

Android Manifest File Application Property Elements<uses-permission>: The <uses-permission> tag is used to specify the in-app permissions that your app would require for proper functioning.


1 Answers

Why it requires permissions that I didn't ask?

Because you are loading in 11 libraries, and one or more of them are asking for these permissions. In particular, you are loading in com.google.android.gms:play-services, and it will require a lot of permissions. For example, Play Services has the fused location API and Google Maps, both of which need location data.

A manifest merger report should be written to build/outputs/apk/ of your project or module (e.g., in app/ in a traditional Android Studio project). You can use this to try to determine where the additional permissions are coming from. Then, stop using those libraries, or switch to something else. In the case of Play Services, rather than loading in all of Play Services, load in only the pieces that you need. That is covered in the documentation (see the "Selectively compiling APIs into your executable" section).

like image 76
CommonsWare Avatar answered Oct 06 '22 00:10

CommonsWare