[Android] Removing unused permissions added at build time #5886
Comments
|
Hey lucidrains, thanks for reporting this issue! React Native, as you've probably heard, is getting really popular and truth is we're getting a bit overwhelmed by the activity surrounding it. There are just too many issues for us to manage properly.
|
|
Just remove them from your |
|
There's an awesome place to post code / ask question first before filing an issue: StackOverflow. It's the best system for Q&A. Many people from the community hang out there and will be able to see and answer your question. This lets us use the github bug tracker for bugs. I'm posting this here because github issues haven't been working very well for us and because StackOverflow is so much better. Thanks for reading! :) |
|
@mkonicek aren't they added at build time? In that case it's not easy to remove them |
|
+1 Even when you don't have the READ and WRITE permissions in your AndroidManifest they still show up on build. Do you just have to remove AsyncStorage completely? |
|
I have similar problem when I generated release apk. Before install, it asked for permissions:
in my AndroidManifest |
|
@mkonicek @satya164 @bestander Could this issue be re-opened please? I digged around a bit, I couldn't find where those permissions were added. So far there are : Which I'm not sure what they do, but I don't think there are actually used because it wouldn't work on Android 6.+ (run-time permissions). Also it seems strange to force permissions to use a module since in NetInfoModule on Android, React-native requires YOU to add the needed permission to your manifest (See NetInfoModule.java#L38). I'm sure this is coming from React-native, I tried on a fresh project with no other permission, and there were here once the APK generated. I also looked at every Android app in the showcase and every app has those permissions, except one which doesn't have Also not completely related, but this is a permission too: This permission (Draw over other apps) is needed in debug mode to show the error redbox, but is still present Sorry for the long post, but my company is in the process of releasing our new Android app, and we would really like to ship it without un-needed permissions since that's not some the Android community really likes. Thanks for your attention. |
|
Maybe gradle does that? |
|
@facebook-github-bot reopen |
|
Okay, reopening this issue. |
facebook-github-bot
added
the
Ran Commands
|
@bestander Yeah I think it's added automatically by Android/gradle since I couldn't find any mention of them in the code, but I'm really not sure why. I'll try to investigate quickly and get back to you/submit a PR as soon as I find something. |
|
I forgot to check the manifest merger log... Turns out the problem is quite obvious: Because |
|
@brentvatne ping, is it possible to publish new android-jsc? |
|
@Bhullnatik what we're doing until a new version of android-jsc will be released is just stripping away the unwanted permissions in our apps' manifest like this: |
|
@astuetz I was looking at the manifest merger on how to fix this until it gets solved, thanks for the heads-up 😄 |
|
@bestander - sure I can do that, we might also want to update to r189384 as well @kmagiera? |
|
@astuetz thanks, it helped me, justto add to this info I had to declare the tools attribut in By default there is only xmlns:android, no xmlns:tools |
|
@bestander @brentvatne Hey! Any update on this? |
|
👍 +1 for this. |
|
I feel like the removal of |
|
@marcshilling It's all equally important to remove them in my opinion, but this one is a little more tricky. The easiest way to remove it is to remove it in the release |
|
For those who want to exclude In your manifest: In Seems to work well. |
|
@marcshilling Perfect! Thank you! It's been kind of embarrassing to have to explain that to users because I couldn't figure out how to remove it. 😕 |
|
Hi, I've been alerted about READ_PHONE_STATE by a user of one of my apps. I'm getting the same reason in the build log Hopefully it gets solved in a future release. For the time being, I'm using the permission removal workarounds mentioned here As well as adding the namespace as explained by mouneyrac (#5886 (comment)) |
|
So, I wasn't being able to remove SYSTEM_ALERT_WINDOW with the solution above. Had to resort to a hack (after much prodding and poking). in AndroidManifest.xml <uses-permission android:name="${permissionName}" tools:node="remove"/>in app/build.gradle buildTypes {
debug {
manifestPlaceholders = [permissionName: "android.permission.ACCESS_FINE_LOCATION"]
...
}
release {
manifestPlaceholders = [permissionName: "android.permission.SYSTEM_ALERT_WINDOW"]
...
}
}In debug mode, I remove ACCESS_FINE_LOCATION, since I don't use (neither in dev nor in prod). Any other non-essential permission could be used (BIND_TV_INPUT?). In release mode, I remove SYSTEM_ALERT_WINDOW. If you don't forcibly remove it, it will get merged in. Hacky, but effective 😂 |
|
If you use this solution #5886 (comment), don't forget to add |
|
@marcshilling I think this is something we can have in the generator template by default. |
|
The Solution for me was to modify the I had to add the following lines For Debug Purposes: This removes the App-Permission Dialog when installing via PlayStore The one thing I dont get:
Grüße Ulf <3 |
|
The "correction" will be added in any next version of React-native ? |
|
Our app has multiple build types (4 as of now), and we wanted to remove SYSTEM_ALERT_WINDOW permissions from all of them EXCEPT and then in a separate debug/AndroidManifest.xml, I add it back: Because the Sounds strange, but seems to work well (judging from the output of |
|
Congress should have asked Zuck what's up with these permissions. |
|
I think the solution is create another And edit |
|
Closing this issue, because unnecessary permissions are removed. Please see https://github.com/facebook/react-native/blob/master/local-cli/templates/HelloWorld/android/app/src/main/AndroidManifest.xml |
|
@dulmandakh This is not relevant to the issue at all. The permissions are added to the Manifest when building an APK, they are not present in the default template (as mentioned in the original issue and in #5886 (comment)). Can you please re-open the issue? |
|
@dulmandakh this shouldn't have been closed. The permissions are added at build time, unrelated to your linked file |
|
This seems to be the official guide on removing default permissions: |
|
i don't know if this related to this forum or not. so because recent change of google play console permissions rules. Google will check our manifest to see android permissions we used. although i have use 'tools:node="remove"' in every unused permissions and in release apps the permission not shown. Google still doesn't let me to publish my apps in google play console. anyone have some problem like this? i got this problem 27-01-2019. |
|
As a followup on this our currently used Manifest: |
|
Above mentioned permissions are implicitly added by Android SDK because old JSC or JavaScriptCore was targeting SDK 4. In the master we have new JSC and will be used default in 0.59. So there is nothing we can do about it. Please see https://developer.android.com/studio/build/manifest-merge |
|
Heads up the only way to remove Perhaps it used to work by using manifestPlaceholders but there must have been a change or build tool versions that is breaking it. |
Summary: SYSTEM_ALERT_WINDOW permission is used only for debug builds to show draw overlay views or show warnings/errors. This permissions is unused in release builds, and there is an issue regarding removing unused permissions on Android build #5886 (comment). This PR removes SYSTEM_ALERT_WINDOW from all builds bug debug. [Android] [Changed] - SYSTEM_ALERT_WINDOW permissions available only in debug builds Pull Request resolved: #23504 Differential Revision: D14123045 Pulled By: cpojer fbshipit-source-id: 68829a774ff23c7cb2721076a9d3870405f48fea
Summary: SYSTEM_ALERT_WINDOW permission is used only for debug builds to show draw overlay views or show warnings/errors. This permissions is unused in release builds, and there is an issue regarding removing unused permissions on Android build facebook#5886 (comment). This PR removes SYSTEM_ALERT_WINDOW from all builds bug debug. [Android] [Changed] - SYSTEM_ALERT_WINDOW permissions available only in debug builds Pull Request resolved: facebook#23504 Differential Revision: D14123045 Pulled By: cpojer fbshipit-source-id: 68829a774ff23c7cb2721076a9d3870405f48fea
Summary: SYSTEM_ALERT_WINDOW permission is used only for debug builds to show draw overlay views or show warnings/errors. This permissions is unused in release builds, and there is an issue regarding removing unused permissions on Android build #5886 (comment). This PR removes SYSTEM_ALERT_WINDOW from all builds bug debug. [Android] [Changed] - SYSTEM_ALERT_WINDOW permissions available only in debug builds Pull Request resolved: #23504 Differential Revision: D14123045 Pulled By: cpojer fbshipit-source-id: 68829a774ff23c7cb2721076a9d3870405f48fea
and others
edit: see https://medium.com/@applification/fixing-react-native-android-permissions-9e78996e9865 for a workaround -@hramos
It seems like Read/Write external storage and Read phone state permissions are automatically added to the manifest on building the android apk. Are these necessary for all React Native android apps? Is there any way to remove these permissions?
android:uses-permission#android.permission.READ_EXTERNAL_STORAGE
android:uses-permission#android.permission.WRITE_EXTERNAL_STORAGE
It feels weird that I'll see these permissions being requested if I install the app from the Play store if I'm not using them.
The text was updated successfully, but these errors were encountered: