Android Studio Adds Unwanted Permission After Running Application on Real Device

Android studio adds unwanted permission after running application on real device

compile 'com.google.android.gms:play-services:+'

This library will request location permissions, as several pieces of Play Services need it.

First, never use +. If you want to allow free-floating patchlevels (e.g., 22.0.+), that's not completely insane, but using + for the version is insane.

Next, consider using one (or more) of the more focused dependencies, rather than the full Play Services SDK. Not only will this perhaps eliminate the permission that you do not want, but your APK will be a lot smaller. The documentation covers the available options (see the "Selectively compiling APIs into your executable" section).

If you still wind up with permissions that you do not want, then you will need to determine where the permissions are coming from. There should be a manifest merger report in build/outputs/logs/ of your module. It will be a bit difficult to understand, but hopefully you can identify the library that is contributing this permission. Also, Android Studio 2.2+ will show your merged manifest in a sub-tab when you edit your manifest. UPDATE 2020-03-24: Modern versions of Android Studio also show this stuff in the "Merged Manifest" sub-tab of the manifest editor, with color-coding to try to show you what permissions came from what libraries.

At that point, you need to decide how to proceed:

The safest answer that removes the permission is to no longer use that library, but instead find some other solution to whatever problem you are trying to solve with that library
Or, live with the permission

Or, try adding the following to your app's manifest:

<uses-permission
     android:name="android.permission.ACCESS_COARSE_LOCATION"
     tools:node="remove" />

This will require you to add xmlns:tools="http://schemas.android.com/tools" to the root <manifest> element if it is not already there. This will tell the build tools to explicitly exclude this permission, even though libraries are contributing it. However, your use of those libraries may break. Only do this if you have a dedicated testing team that can spend the time needed to ensure that your decision to block this permission will not result in crashes or other behavior that affects the user.

Migrated to Android Studio - now my app requests additional permissions

After some more searching I found this thread on Stackoverflow: Android Studio adds unwanted permission after running application on real device.

One of the answers there (not the accepted one) solved my issues. It seems that the Android Studio import process added this dependency to my build.gradle:

compile 'com.google.android.gms:play-services:+'

After changing it to

compile 'com.google.android.gms:play-services-base:8.4.0' // Needed for API Availability test
compile 'com.google.android.gms:play-services-ads:8.4.0'
compile 'com.google.android.gms:play-services-analytics:8.4.0'

the APK no longer requests the unwanted permissions, it targets the same devices as before and uses the same OpenGL version as before - i.e. everything is back the way it was with Eclipse! Except now the file size of the APK is 1 MB smaller as an added bonus!

For people coming here in the future, you might want to investigate what Google Play Services version numbers you should use at Gradle, please and/or Setting up Google Play Services.