Menu
In my manifest I only ask for these two permissions:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
But when I install the app on my phone I also get this notice:
Low-risk permissions
Phone ID
Get your phone ID, including IMEI, IMSI, etc.
From what I gather from this SO answer, I should need to use TelephonyManager and call
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
to require this permission. But I'm not using TelephonyManager or calling that permission. I don't want to ask users to give this permission. I've looked through my manifest and gradle files. Could it be that some code I used triggered this permission being called without me specifically asking for it? I know I'm not giving you a lot to go on, by I don't know where else to look.
Update 1
I created a completely new project in Android Studio and generated a signed APK from it. I installed it but no permissions were asked. (That at least confirmed for me that it wasn't some "new feature" in Android Studio that automatically asked for this permission.)
Update 2
As of @antonio's answer I found app/build/outputs/logs/manifest-merger-release-report.txt However, I didn't find any implied permissions being requested.
Update 3
Here are the dependencies my app is using (from gradle.build):
dependencies {
compile 'com.android.support:support-v4:21.0.3'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+'
}
I tested a new application with both of these dependencies and no permissions were requested.
My next step is to add every activity again from scratch and see if I can find where this permission starts getting called. To be continued...
Update 4
I played around with copying everything to a new project and refactoring the project name and removing pieces, but it turned out to be quite complex. I wasn't able to isolate a reason.
Update 5
I set the targetSdkVersion to 1. This gives a new message when announcing permissions before installing the app:
read phone status and identity
Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether the call is active, and the remote number connected by a call.
The old Phone ID permission notice that I wrote about at the beginning is still there (showing up after the app is installed). This makes me wonder if it is related to the OS (I'm using MIUI Android on a Xiaomi phone). There is still something about the app that causes this to display in this app but not in other apps. I need to test this out on other devices next.
287
This happens because you are importing a library with a targetSdkVersion lower than your application's targetSdkVersion
From the Manifest Merger documentation:
When importing a library with a targetSdkVersion lower than the importing application targetSdkVersion, some permissions maybe automatically added to the resulting merged manifest file. This is necessary since such libraries targeted runtimes where such permissions were implicitly granted. Therefore declaring such permission was not necessary. However in more recent Android releases, these permissions are not automatically granted. Therefore, a library targeting such old runtime without the permissions would not work properly once merged in the application targeting a more recent runtime.
The permissions that can be added are:
You can inspect the report generated by Manifest Merger (In \app\build\outputs\logs\manifest-merger-XXX-report) to see what library caused the adding of the READ_PHONE_STATE permission. You will see something like:
android:uses-permission#android.permission.READ_PHONE_STATE
IMPLIED from AndroidManifest.xml:2:1 reason: the.library has a targetSdkVersion < 4
In a multi-module gradle-project, one has to apply an matching configuration, like defaultConfig{ ... }, where the targetSdkVersion should be specified to resolve these IMPLIED permissions.
188
Add the following code to your AndroidManifest.xml to remove the unnecesary permission(s):
<uses-permission android:name="android.permission.READ_PHONE_STATE" tools:node="remove" />
Source:
https://stackoverflow.com/a/27542669/406295
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
