Android studio adds unwanted permission after running application on real device
F

4

23

After running application on device application required unwanted location permission that is not mention in manifest file. While when I am running same code from my friend Android studio than its run normal without extra permission required.

Manifest file

<uses-sdk
    android:minSdkVersion="14"
android:targetSdkVersion="21" />
    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
    <uses-permission android:name="android.permission.VIBRATE" />
    <uses-permission android:name="android.permission.CALL_PHONE" />
    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.USE_CREDENTIALS" />
    <uses-permission android:name="android.permission.GET_ACCOUNTS" />
    <uses-permission android:name="com.android.vending.BILLING" />
    <uses-permission android:name="com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY"/>

    <uses-feature
        android:name="android.hardware.telephony"
        android:required="false" />

    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

enter image description here

Build.gradle

    apply plugin: 'com.android.application'

    android {
        compileSdkVersion 21
        buildToolsVersion "21.1.2"

        defaultConfig {
            applicationId "xxxxxxx"
        }
        dexOptions {

            javaMaxHeapSize "4g"
        }

        packagingOptions {
            exclude 'META-INF/LICENSE.txt'
            exclude 'META-INF/NOTICE.txt'
            exclude 'META-INF/LICENSE'
            exclude 'META-INF/NOTICE'
        }

        lintOptions{
            abortOnError false
        }
    }
    repositories {
        mavenCentral()
    }
    dependencies {
        compile 'com.google.android.gms:play-services:+'

        compile 'com.android.support:multidex:1.0.0'
        compile 'com.android.support:appcompat-v7:21.0.3'
    }

So I am unable to understand why its require location permission. How this location permission added in my app?

Frizzy answered 30/5, 2015 at 12:30 Comment(12)
maybe you are using some libraries that use thoses added permessionCelt
Check the manifest located in "app\build\intermediates\manifests\debug" (where "app" is your application's main module name). Does it contain location permission?Alice
Can you show us any extra libraries that you may be using in your project?Macy
Maybe caused by one of ACCESS_NETWORK_STATE or ACCESS_WIFI_STATE? Try temporarily removing those to see if that gets rid of the location permission.Angularity
<uses-permission android:name="com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY"/>Pettish
@fRoStBiT : debug manifest <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> <uses-feature android:glEsVersion="0x00020000" android:required="true" />Frizzy
@fRoStBiT but unable to understand how its add iteslf and how glEsVersion added???Frizzy
Please post your app/ module's build.gradle file.Tinned
@Tinned now plz check changes... build.gradle posted by me..Frizzy
@Abdellah no library use this permission. this permission is only used by me in some other project few days ago.Frizzy
@bilarion you can check extra libraries in gradle.build file.Frizzy
after check "manifest-merger-debug-report" i found uses-permission#android.permission.ACCESS_COARSE_LOCATION ADDED from com.google.android.gms:play-services-maps:7.5.0:23:5 MERGED from com.google.android.gms:play-services-maps:7.5.0:23:5 MERGED from com.google.android.gms:play-services-maps:7.5.0:23:5 MERGED from com.google.android.gms:play-services-maps:7.5.0:23:5 android:name ADDED from com.google.android.gms:play-services-maps:7.5.0:23:22 uses-feature#0x00020000 ADDED from com.google.android.gms:play-services-maps:7.5.0:24:5 MERGED from com.google.android.gms:play-services-maps:7.5.0:24:5Frizzy
T
43
compile 'com.google.android.gms:play-services:+'

This library will request location permissions, as several pieces of Play Services need it.

First, never use +. If you want to allow free-floating patchlevels (e.g., 22.0.+), that's not completely insane, but using + for the version is insane.

Next, consider using one (or more) of the more focused dependencies, rather than the full Play Services SDK. Not only will this perhaps eliminate the permission that you do not want, but your APK will be a lot smaller. The documentation covers the available options (see the "Selectively compiling APIs into your executable" section).

If you still wind up with permissions that you do not want, then you will need to determine where the permissions are coming from. There should be a manifest merger report in build/outputs/logs/ of your module. It will be a bit difficult to understand, but hopefully you can identify the library that is contributing this permission. Also, Android Studio 2.2+ will show your merged manifest in a sub-tab when you edit your manifest. UPDATE 2020-03-24: Modern versions of Android Studio also show this stuff in the "Merged Manifest" sub-tab of the manifest editor, with color-coding to try to show you what permissions came from what libraries.

At that point, you need to decide how to proceed:

  • The safest answer that removes the permission is to no longer use that library, but instead find some other solution to whatever problem you are trying to solve with that library

  • Or, live with the permission

  • Or, try adding the following to your app's manifest:

    <uses-permission
         android:name="android.permission.ACCESS_COARSE_LOCATION"
         tools:node="remove" />
    

This will require you to add xmlns:tools="http://schemas.android.com/tools" to the root <manifest> element if it is not already there. This will tell the build tools to explicitly exclude this permission, even though libraries are contributing it. However, your use of those libraries may break. Only do this if you have a dedicated testing team that can spend the time needed to ensure that your decision to block this permission will not result in crashes or other behavior that affects the user.

Tinned answered 30/5, 2015 at 13:16 Comment(1)
Great! Thanks! Google-Play service add some strange permissions such as android.permission.USE_CREDENTIALS and permission.GET_ACCOUNTS, my app doesn't need any of these, the "remove" solution kick these permissions out. In did, only when looking in the log file I could tell where they came from.Debauchery
C
6

You need to check the merged manifest.

Libraries that you use can also request permissions.

That is where that permission comes from.

enter image description here

Cancellation answered 19/12, 2018 at 9:13 Comment(0)
G
4

For the new versions of Google Play Service libraries, you have to add only the required part of the library as a dependency. For instance, if you are using Google Play Service library just to display ads from Admob, then replace

compile 'com.google.android.gms:play-services:+'

with

compile 'com.google.android.gms:play-services-ads:7.5.0'

This will remove the other unnecessary permissions.

Gallicism answered 30/6, 2015 at 19:59 Comment(0)
D
0

Sometime, we add third party libraries in our project and they are asking for permissions which are not added by us. You can check which library is using which permission through this path.

GOTO:

[ProjectRoot]/app/build/outputs/logs/manifest-merger-debug-report.txt

enter image description here

you will find all your permission there

The other way to check permissions through merge-manifest

For that:

  1. Run your app
  2. Goto to manifest file
  3. click on Merge Manifest

enter image description here

Drawbridge answered 2/3, 2023 at 10:37 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.