Forums

OverviewFelgo 2 Support (Qt 5) › Release Android APK has unwanted permissions

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #17334

    Kool

    Hi All,

    I’m looking at the permissions my app is requesting after publishing a closed alpha in the app store.

    It’s requesting the following permissions:

    This app has access to:
    In-app purchases
    Allows the user to make purchases from within this app
    
    Location
    Uses the device's location
    
    Photos / Media / Files
    Uses one or more of: files on the device such as images, videos or audio, the device's external storage
    
    Camera
    Uses the device's camera(s)
    
    Microphone
    Uses the device's microphone(s)

    My app uses QAudioInput and Felgo’s Soomla, so Microphone/In-App Purchases makes sense.

    The ones that concern me are: Camera, Photo/Media/Files and Location.

    No-where in my code am I using things that use any of the the above three. Is there any way to determine what it is that’s requesting these permissions and remove the requested permissions?

    Personally, I’m usually wary of an app that’s requesting more than it needs.

    Many thanks!

    #17335

    Kool

    One more question is what are the potential repercussions of removing those permissions?

    #17336

    Marcin

    Hi Kool,

    In general there is no harm but there are some permission which require extra permission rules from you.
    If you don’t get anything from Google then you safe.

    But there are some permission which require extra legal actions from you mostly some place where you explain which user data you collect, why and how you store it.
    I don’t remember which ones was it but I got once some info from Google that, either I provide all those rules visible to users, or I remove permissions.
    I think it’s easy to find on Google Play docs which permission touch user privacy.
    I expect similar rules from Apple.
    For example there are some specific USA rules for some permissions as well, as far as I remember.

    Why you have extra permissions? Maybe because you have checked in AndroidManifest.xml option to include default Qt permissions.
    Open AndroidManifest in non source(General) view and scroll to the bottom, look for checkbox for including Qt permissions.
    Un-check it to fully control permissions.
    I think it’s safe to remove all not used permission, don’t worry all should still work.
    I think also media/photo/files(STORAGE in general) can be needed to use with WebStorage etc.

    From my point of view it’s the best to put as little permissions as possible to not bother your users.
    Of course other developers think differently so there are many opinions.

    #17337

    Kool

    Hi Marcin,

    Thanks for your detailed response. I’ve taken a look at the Permissions in the AndroidManifest.xml and the check boxes to include default features and permissions are indeed checked.

    The Qt documentation states:

    Note: Qt adds the default permissions and features based on the module dependencies of your application. If you do not want these default permissions and features, remove the <!-- %%INSERT_PERMISSIONS --> and <!-- %%INSERT_FEATURES --> comments from AndroidManifest.xml. For information on the manifest XML format, see Android: App Manifest.

    The AndroidManifest.xml created from my release project has the following:

        <!-- The following comment will be replaced upon deployment with default permissions based on the dependencies of the application.
             Remove the comment if you do not require these default permissions. -->
            <uses-permission android:name="android.permission.INTERNET" />
        <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
        <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
        <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
        <uses-permission android:name="android.permission.CAMERA" />
        <uses-permission android:name="android.permission.RECORD_AUDIO" />
    
    
        <!-- The following comment will be replaced upon deployment with default features based on the dependencies of the application.
             Remove the comment if you do not require these default features. -->
            <uses-feature android:name="android.hardware.camera" android:required="false" />
        <uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />
        <uses-feature android:name="android.hardware.microphone" android:required="false" />
        <uses-feature android:glEsVersion="0x00020000" android:required="true" />

    My guess is that in my project file I’ve included QT += multimedia. This module is likely pulling in the camera and possibly photo albums features/permissions. There shouldn’t be any harm done by manually adding in the permissions for just microphone access as I don’t use cameras in my app.

    That leaves the location feature/permission. I’m wondering if Soomla might be pulling in these permission dependencies?

    If anyone has any further thoughts, I’d be eager to hear them.

    #17338

    Kool

    An empty Felgo app has the same default permissions:

        <!-- The following comment will be replaced upon deployment with default permissions based on the dependencies of the application.
             Remove the comment if you do not require these default permissions. -->
            <uses-permission android:name="android.permission.INTERNET" />
        <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
        <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
        <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
        <uses-permission android:name="android.permission.CAMERA" />
        <uses-permission android:name="android.permission.RECORD_AUDIO" />
    
    
        <!-- The following comment will be replaced upon deployment with default features based on the dependencies of the application.
             Remove the comment if you do not require these default features. -->
            <uses-feature android:name="android.hardware.camera" android:required="false" />
        <uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />
        <uses-feature android:name="android.hardware.microphone" android:required="false" />
        <uses-feature android:glEsVersion="0x00020000" android:required="true" />

    It’s probably Qt pulling these in. I guess that changes my question to: Can I remove the location permission and will Soomla continue working? Does it need location?

     

    Also, I’ve looked around at other AndroidManifest.xml files, for example here: Soomla/Unity3D

    I noticed that they include the following permission for billing:

      <uses-permission android:name="com.android.vending.BILLING" />

    Does a Felgo/Soomla app not also require this permission? We set the same <meta-data> tag for the billing service, but the billing permission.

    #17339

    Marcin

    Hi Kool,
    I think that Google Play requires this permission, look at the official docs: https://developer.android.com/google/play/billing/billing_integrate.html section “Updating your app’s manifest”.
    On the official docs, when I was implementing Soomla, I didn’t find any other required permission to be able to work with in app purchases.
    I am not an expert but following Google Docs and/or Felgo docs for Soomla, was able to implement buying no problem.
    Both test transactions and real ones work out of the box for me.

    For most questions I suggest to read official docs, that is definitely the best source of information 🙂

    #17340

    Alex
    Felgo Team

    Hi Kool,

    the Soomla plugin requires the BILLING permission. I think you guys covered the remaining questions pretty well 🙂

    Cheers,
    Alex

    #17341

    Marcin

    Short update, for get Soomla to work I don’t need any special permissions than the billing ones.
    In most cases you need:
    – billing for in app purchases.
    – storage read/write to local saving of data
    – and maybe INTERNET to detect if you are on line or not.

    I don’t use camera, record audio or location.
    Have no use cases for these.

    For your case it looks like just adding microphone is enough, all should work.
    If not, like you said, you can add permissions later depends on the demand.

    #17342

    Kool

    Thanks for all your input Marcin and Alex.

    I missed the following section in the Felgo Soomla documentation:

    Upload a new draft app signed with your distribution certificate which includes the "BILLING" permission in its AndroidManifest.xml file.

    Perhaps it would be better to move, or duplicate, this into the ‘Android Integration’ section, along with the actual line required:

      <uses-permission android:name="com.android.vending.BILLING" />

    Thanks for the quick aid guys, after polishing up permissions in the 1st alpha, I’ll continue testing with a 2nd alpha and finally be able to roll out a beta in the coming week!

Viewing 9 posts - 1 through 9 (of 9 total)

RSS feed for this thread

You must be logged in to reply to this topic.

Voted #1 for:

  • Easiest to learn
  • Most time saving
  • Best support

Develop Cross-Platform Apps and Games 50% Faster!

  • Voted the best supported, most time-saving and easiest to learn cross-platform development tool
  • Based on the Qt framework, with native performance and appearance on all platforms including iOS and Android
  • Offers a variety of plugins to monetize, analyze and engage users
FREE!
create apps
create games
cross platform
native performance
3rd party services
game network
multiplayer
level editor
easiest to learn
biggest time saving
best support