How to remove specific permission when build Android app with gradle?
Add attribute tools:node
with a value of remove
to your manifest:
<manifest ... xmlns:tools="http://schemas.android.com/tools">
...
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" tools:node="remove" />
...
</manifest>
See https://developer.android.com/studio/build/manage-manifests#node_markers
Don't forget to add the tools
namespace to the root element of your manifest.
Android, how to exclude a specific permission for a specific flavor?
Add tools:node="remove"
in your element. In your case, add the following line in fl5/AndroidManifest.xml
.
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
Take a look at Removing AndroidManifest element with gradle product flavors and How to remove specific permission when build Android app with gradle? questions.
Denying a permission to a specific library/module
We need our app to have this permission, but the SDK must not have it.
That is not a thing, sorry.
if our app has READ_CONTACTS permission, does that also grant this permission to SDK?
Yes. There is no difference between a library and code that you typed in yourself.
How to remove these unneeded permissions
One of your libraries has a targetSdk <= 4. (Looks like your cwac-merge)
This causes the permissions to be auto added: http://developer.android.com/reference/android/Manifest.permission.html#READ_PHONE_STATE
Removing permissions from manifest depending on build flavor
Found a hackish solution that works
allPermissions {
dimension "permissions"
manifestPlaceholders = [extraPermission1: "android.permission.SEND_SMS", extraPermission2: "android.permission.READ_CALL_LOG"]
}
noSmsPermission {
dimension "permissions"
manifestPlaceholders = [extraPermission1: "android.permission.placeholder", extraPermission2: "android.permission.READ_CALL_LOG"]
}
noSmsNoCallogPermission {
dimension "permissions"
manifestPlaceholders = [extraPermission1: "android.permission.placeholder", extraPermission2: "android.permission.placeholder"]
}
and
<uses-permission android:name="${extraPermission1}"/>
<uses-permission android:name="${extraPermission2}"/>
Android - Mystery Permissions Appear in Build Manifest
I discovered the answer by accident while cleaning up some code - the permissions were added by a plugin rather than a library, which is why it wasn't showing up in the above reports.
We use an sdk for sharing called ShareSDK. It gets added by this line in build.gradle
:
apply plugin: 'com.mob.sdk'
When I removed this line and the related code, the merged manifest no longer contained the extra permissions. For any future users who stumble across this question, I would say beware of any libraries or plugins made for the Chinese market!
Android studio adds unwanted permission after running application on real device
compile 'com.google.android.gms:play-services:+'
This library will request location permissions, as several pieces of Play Services need it.
First, never use +
. If you want to allow free-floating patchlevels (e.g., 22.0.+
), that's not completely insane, but using +
for the version is insane.
Next, consider using one (or more) of the more focused dependencies, rather than the full Play Services SDK. Not only will this perhaps eliminate the permission that you do not want, but your APK will be a lot smaller. The documentation covers the available options (see the "Selectively compiling APIs into your executable" section).
If you still wind up with permissions that you do not want, then you will need to determine where the permissions are coming from. There should be a manifest merger report in build/outputs/logs/
of your module. It will be a bit difficult to understand, but hopefully you can identify the library that is contributing this permission. Also, Android Studio 2.2+ will show your merged manifest in a sub-tab when you edit your manifest. UPDATE 2020-03-24: Modern versions of Android Studio also show this stuff in the "Merged Manifest" sub-tab of the manifest editor, with color-coding to try to show you what permissions came from what libraries.
At that point, you need to decide how to proceed:
The safest answer that removes the permission is to no longer use that library, but instead find some other solution to whatever problem you are trying to solve with that library
Or, live with the permission
Or, try adding the following to your app's manifest:
<uses-permission
android:name="android.permission.ACCESS_COARSE_LOCATION"
tools:node="remove" />
This will require you to add xmlns:tools="http://schemas.android.com/tools"
to the root <manifest>
element if it is not already there. This will tell the build tools to explicitly exclude this permission, even though libraries are contributing it. However, your use of those libraries may break. Only do this if you have a dedicated testing team that can spend the time needed to ensure that your decision to block this permission will not result in crashes or other behavior that affects the user.
Related Topics
Using Asynctask with Passing a Value
Driver Jdbc Postgresql with Android
I Cant See Any Firebaserecycleradapter Items on My Layout
Google Maps API and Custom Polyline Route Between Markers
Getting Wrong Month When Using Simpledateformat.Parse
Simple Date Format Returns Wrong Date Intermittently
Connectiontimeout Versus Sockettimeout
Android Buildscript Repositories: Jcenter VS Mavencentral
Online Radio Streaming App for Android
What Is the Simplest Way to Reverse an Arraylist
How to Activate "Share" Button in Android App
Android: Specify Two Different Images for Togglebutton Using Xml
Android: How to Hide Actionbar on Certain Activities
Why Do Variable Names Often Start with the Letter 'M'
What Does Transitive = True in Gradle Exactly Do (W.R.T. Crashlytics)