App is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed

Asked 2/10, 2022 at 9:6 Answered 13/3, 2023 at 8:0

Solved android google-play android-manifest google-play-console policy

I got this email from google play after updating my app build with flutter :

After a recent review, we found that your app is not compliant with one or more of our Developer Program Policies. See below for more information about your app's status and how to correct the issue.

Status: Approved with Issues - Further Action Required

We found issues with your app. You need to review and take action as described below so that your app is not impacted in the future.

Issue found: The use of permission is not directly related to the core purpose of the app. We found that your app is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed to be used. Specifically, the use of the permission is not directly related to the core purpose of the app.

Additionally, follow these steps to bring your app into compliance:

Please remove the use of REQUEST_INSTALL_PACKAGES permission from your app.

About the Request Install Packages Permission

Starting September 29, 2022, your app must be in compliance with the REQUEST_INSTALL_PACKAGES permission or your app may face additional enforcement actions. The REQUEST_INSTALL_PACKAGES permission allows an application to request the installation of app packages. To use this permission, your app’s core functionality must include:

Sending or receiving app packages, AND Enabling user-initiated installation of app packages. Permitted functionalities include any of the following:

Web browsing or search Communication services that support attachments File sharing, transfer, or management Enterprise device management The REQUEST_INSTALL_PACKAGES permission may not be used to perform self-updates, modifications, or the bundling of other APKs in the asset file unless for device management purposes. All updates or installing of packages must abide by Google Play’s Device and Network Abuse policy and must be initiated and driven by the user.

Google explain the steps for legalize it, but I don't have this permission in my manifest and I don't use functions to install files either, I don't know the real reason for this message and I'm afraid that my app will be removed from the store if I don't take the necessary measures.

Does anyone have more information on this or know what Google might actually be detecting in my app?

These are the permissions in the manifest:

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-feature android:name="android.permission.WRITE_EXTERNAL_STORAGE" android:required="false" />

Joy answered 2/10, 2022 at 9:6 Comment(0)

In my case, this was related to the open_file in Flutter. This package is using REQUEST_INSTALL_PACKAGES permission in the manifest.

I fixed by using (open_file_safe) :https://pub.dev/packages/open_file_safe

or you can also use open_filex: https://pub.dev/packages/open_filex

both packages are the same as open_file, but .apk file type is not supported. Thus, android.permission.REQUEST_INSTALL_PACKAGES permission is not required.

If you are not using the open_file plugin, you check if the permission REQUEST_INSTALL_PACKAGES is declared in the merged manifest in build/app/intermediates/merged_manifest/ If it is being used remove the permission or else remove that plugin and find any other alternative to that plugin.

Note: If you are facing this issue with a native android project You may be querying all packages with the package manager, this is no longer allowed since Android 8.0. To resolve open the android project of your app in android studio and check the Merged Manifests portion of the AndroidManifest.xml to see if you find that permission is being used in your app if it is being used remove the permission.

If you are still not able to find the plugin or in the merged manifest file so for workaround you can try adding :

<uses-permission
    android:name="android.permission.REQUEST_INSTALL_PACKAGES"
    tools:node="remove" />

In your main manifest file. try submitting the app again on the play store hope it will help.

See more info here. https://support.google.com/googleplay/android-developer/answer/12085295?hl=en

Github Issue: https://github.com/crazecoder/open_file/issues/204

Joy answered 2/10, 2022 at 9:33 Comment(8)

Hi, I am having the same problem because of different huawei libraries. My package currently in the store uses this REQUEST_INSTALL_PACKAGES permission. Updates are refused even though I uninstall Huawei libraries from the app. Do you have a solution? thanks – Aurora 17/10, 2022 at 10:38

Please cross check Merged Manifests if you are using REQUEST_INSTALL_PACKAGES permission. If you are sure that you are not using this permission then upload latest build on play store and write a mail to google play store support team. – Joy 17/10, 2022 at 14:17

Yes I sure that but when I send the package to the play console I get a reject. I will try write mail to support team. Thanks – Aurora 17/10, 2022 at 20:9

@MuratAktay If you have tracks on closed testing, then you need to update all of them, even inactive ones with appbundle or apk, which doesn't use this permission. It's somehow useful addition. – Hoofbound 14/11, 2022 at 20:43

@Joy Please involve it in answer. I faced rejecting after just sending appbundle to open testing and production, I just created new track on closed testing with valid appbundle, but it didn't work. Then it came to update, closed testing tracks then it worked. – Hoofbound 14/11, 2022 at 20:43

Error fixed when we %100 roll out @JakhongirAnasov – Aurora 15/11, 2022 at 8:14

how exactly to "%100 roll out"? – Supposition 21/2, 2023 at 18:50

NB to replace open_file -> open_file_safe in your pubspec.yaml and import 'package:open_file/open_file.dart' with 'package:open_file_safe/open_file_safe.dart' – Ventriloquize 22/6, 2023 at 8:5

do any of the safe plugins like: open_file_safe or open_filex

if u still have problem like me:

for some reason Play console will reject the latest build if you use this permission usage in other tracks (internal, alpha, etc). The REQUEST_INSTALL_PACKAGES detection may referring to existing build in other tracks instead of the latest build. The review feedback message is confusing and not helpful.

In Play console (your affected app), click App Content under Policy

Look for Sensitive permissions and APIs and click Start.

Select APKs and bundles, the list will show you the build and track that contain sensitive permission/API.

Navigate to each affected track, create a new release upload a clean build( with the previous alterations ) to replace existing, submit to review.

Navigate to Publishing overview and check whether the review is pending to submit, if any, send the review.

Then it got accepted

source: https://github.com/crazecoder/open_file/issues/204

Sueannsuede answered 25/10, 2022 at 12:44 Comment(2)

You saved me a lot of time, thank you! "detection may referring to existing build in other tracks instead of the latest build. The review feedback message is confusing and not helpful." – Monied 9/12, 2022 at 9:1

You saved me an estimated million hours – Hernandez 19/10, 2023 at 21:24

Add REQUEST_INSTALL_PACKAGES permission with tools:node="remove" to your manifest:

<manifest ... xmlns:tools="http://schemas.android.com/tools">
   ...
   <uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove" />
   ...
</manifest>

Don't forget to add the tools namespace to the root element of your manifest.

Hak answered 10/10, 2022 at 6:40 Comment(4)

when we add this lines Do we need also to remove open_file package too ? – Transpontine 16/10, 2022 at 10:16

@AbdoBmz no, you still use open_file package normally – Recurrence 17/10, 2022 at 6:40

If you use this it will add it to the build/app/outputs/logs/manifest-merger-release-report.txt – Faeroese 17/10, 2022 at 15:52

@ThomasDegroot check this #74032353 – Transpontine 18/10, 2022 at 7:38

In my case. After checked all code, I am sure has remved "REQUEST_INSTALL_PACKAGES" permission. Still rejected. Then I update a new version for open testing, closed testing, Internal testing. Now app has published successfully

Intellectualism answered 2/11, 2022 at 10:30 Comment(0)

You can use this open_filex. They removed the .apk permission and the request for REQUEST_INSTALL_PACKAGES and add other improvements. This package is more updated then open_file_safe so I suggest to use open_filex.

Kursh answered 12/10, 2022 at 9:15 Comment(0)

Remove the permission from your manifest and in-app functionality. Double check that your app is compliant with all other Developer Program Policies. Sign in to Play Console and submit the update to your app. Alternatively, you may also choose to deactivate these versions to avoid additional enforcements that could occur. You may follow the given steps to deactivate the non-compliant app bundles or APKS:

Go to your Play Console.
Select the app.
Go to the track where the non-compliant APK or app bundle is.
Near the top right of the page, click Create new release. (You may need to click Manage track first) If the release with the violating APK is in a draft state, discard the release.
Under the new release page, you can choose to: A) Upload a new, compliant APK/app bundle and make sure the new release is rolled out 100% to completely deactivate the non-compliant APK. B) Not upload any new APK/app bundle (publish an empty release to just deactivate the non-compliant old version).
Regardless of what you choose in step 5, please make sure that the non-compliant version of APK/app bundle is under the Not included section of this new release. For further guidance, please see the "Not included (app bundles and APKs)" section in the Play Console Help article.
To save any changes you make to your release, select Save. When you've finished preparing your release, select Review release.
If the non-compliant APK is released to multiple tracks, repeat steps 3-8 in each track.

Wakeful answered 2/11, 2022 at 7:42 Comment(2)

Looks like the right thing to do but now, when trying to publish an empty release to deactivate an old app bundle, I still get an error: "Please correct errors to deploy release". Looks like a google bug to me – Illegible 20/2, 2023 at 14:57

Yep, same here, the trick to upload new clean build does not work. It says that we need to correct blah blah blah – Pneumodynamics 28/2, 2023 at 12:46

After communication with the Google Play Team, I was told to publish the new version with 100% fully rolled out directly (instead of phase roll-out), so that the new version would replace the old version with REQUEST_INSTALL_PACKAGES completely. Ony then they will approve the App Review.

Dipsomaniac answered 23/11, 2022 at 5:16 Comment(0)

same issue here. I am using expo managed workflow. And I found that i was mentioned "REQUEST_INSTALL_PACKAGES" at app.json in my previous uploaded bundle, it was only for internal test, still cause this problem. I solved this issue by adding Confidential permissions and API in 'app content' tab on google play console. Just tell them I was accidentally added REQUEST_INSTALL_PACKAGES in my project . Will not use it in the future.

Levator answered 13/3, 2023 at 8:0 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags