Forums

Overview › Felgo 3 Support (Qt 5) › Release Android APK has unwanted permissions

Viewing 9 posts - 1 through 9 (of 9 total)

Author

Posts
October 29, 2017 at 13:18 #17334
Kool
Hi All,

I’m looking at the permissions my app is requesting after publishing a closed alpha in the app store.

It’s requesting the following permissions:
```
This app has access to:
In-app purchases
Allows the user to make purchases from within this app

Location
Uses the device's location

Photos / Media / Files
Uses one or more of: files on the device such as images, videos or audio, the device's external storage

Camera
Uses the device's camera(s)

Microphone
Uses the device's microphone(s)
```
My app uses QAudioInput and Felgo’s Soomla, so Microphone/In-App Purchases makes sense.

The ones that concern me are: Camera, Photo/Media/Files and Location.

No-where in my code am I using things that use any of the the above three. Is there any way to determine what it is that’s requesting these permissions and remove the requested permissions?

Personally, I’m usually wary of an app that’s requesting more than it needs.

Many thanks!
October 29, 2017 at 14:31 #17335

Kool

One more question is what are the potential repercussions of removing those permissions?

October 29, 2017 at 15:42 #17336

Marcin

Hi Kool,

In general there is no harm but there are some permission which require extra permission rules from you.
If you don’t get anything from Google then you safe.

But there are some permission which require extra legal actions from you mostly some place where you explain which user data you collect, why and how you store it.
I don’t remember which ones was it but I got once some info from Google that, either I provide all those rules visible to users, or I remove permissions.
I think it’s easy to find on Google Play docs which permission touch user privacy.
I expect similar rules from Apple.
For example there are some specific USA rules for some permissions as well, as far as I remember.

Why you have extra permissions? Maybe because you have checked in AndroidManifest.xml option to include default Qt permissions.
Open AndroidManifest in non source(General) view and scroll to the bottom, look for checkbox for including Qt permissions.
Un-check it to fully control permissions.
I think it’s safe to remove all not used permission, don’t worry all should still work.
I think also media/photo/files(STORAGE in general) can be needed to use with WebStorage etc.

From my point of view it’s the best to put as little permissions as possible to not bother your users.
Of course other developers think differently so there are many opinions.

October 29, 2017 at 16:23 #17337
Kool
Hi Marcin,

Thanks for your detailed response. I’ve taken a look at the Permissions in the AndroidManifest.xml and the check boxes to include default features and permissions are indeed checked.

The Qt documentation states:
```
Note: Qt adds the default permissions and features based on the module dependencies of your application. If you do not want these default permissions and features, remove the  and  comments from AndroidManifest.xml. For information on the manifest XML format, see Android: App Manifest.
```
The AndroidManifest.xml created from my release project has the following:
```
    
        <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
    <uses-permission android:name="android.permission.CAMERA" />
    <uses-permission android:name="android.permission.RECORD_AUDIO" />


    
        <uses-feature android:name="android.hardware.camera" android:required="false" />
    <uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />
    <uses-feature android:name="android.hardware.microphone" android:required="false" />
    <uses-feature android:glEsVersion="0x00020000" android:required="true" />
```
My guess is that in my project file I’ve included QT += multimedia. This module is likely pulling in the camera and possibly photo albums features/permissions. There shouldn’t be any harm done by manually adding in the permissions for just microphone access as I don’t use cameras in my app.

That leaves the location feature/permission. I’m wondering if Soomla might be pulling in these permission dependencies?

If anyone has any further thoughts, I’d be eager to hear them.
October 29, 2017 at 16:26 #17338
Kool
An empty Felgo app has the same default permissions:
```
    
        <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
    <uses-permission android:name="android.permission.CAMERA" />
    <uses-permission android:name="android.permission.RECORD_AUDIO" />


    
        <uses-feature android:name="android.hardware.camera" android:required="false" />
    <uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />
    <uses-feature android:name="android.hardware.microphone" android:required="false" />
    <uses-feature android:glEsVersion="0x00020000" android:required="true" />
```
It’s probably Qt pulling these in. I guess that changes my question to: Can I remove the location permission and will Soomla continue working? Does it need location?

Also, I’ve looked around at other AndroidManifest.xml files, for example here: Soomla/Unity3D

I noticed that they include the following permission for billing:
```
  <uses-permission android:name="com.android.vending.BILLING" />
```
Does a Felgo/Soomla app not also require this permission? We set the same <meta-data> tag for the billing service, but the billing permission.
October 29, 2017 at 18:19 #17339

Marcin

Hi Kool,
I think that Google Play requires this permission, look at the official docs: https://developer.android.com/google/play/billing/billing_integrate.html section “Updating your app’s manifest”.
On the official docs, when I was implementing Soomla, I didn’t find any other required permission to be able to work with in app purchases.
I am not an expert but following Google Docs and/or Felgo docs for Soomla, was able to implement buying no problem.
Both test transactions and real ones work out of the box for me.

For most questions I suggest to read official docs, that is definitely the best source of information 🙂

October 29, 2017 at 18:26 #17340

Alex
Felgo Team

Hi Kool,

the Soomla plugin requires the BILLING permission. I think you guys covered the remaining questions pretty well 🙂

Cheers,
Alex

October 29, 2017 at 18:28 #17341

Marcin

Short update, for get Soomla to work I don’t need any special permissions than the billing ones.
In most cases you need:
– billing for in app purchases.
– storage read/write to local saving of data
– and maybe INTERNET to detect if you are on line or not.

I don’t use camera, record audio or location.
Have no use cases for these.

For your case it looks like just adding microphone is enough, all should work.
If not, like you said, you can add permissions later depends on the demand.

October 29, 2017 at 18:38 #17342
Kool
Thanks for all your input Marcin and Alex.

I missed the following section in the Felgo Soomla documentation:
```
Upload a new draft app signed with your distribution certificate which includes the "BILLING" permission in its AndroidManifest.xml file.
```
Perhaps it would be better to move, or duplicate, this into the ‘Android Integration’ section, along with the actual line required:
```
  <uses-permission android:name="com.android.vending.BILLING" />
```
Thanks for the quick aid guys, after polishing up permissions in the 1st alpha, I’ll continue testing with a 2nd alpha and finally be able to roll out a beta in the coming week!