search

Estimote / Android-Fleet-Management-SDK

Estimote Fleet Management SDK for Android
https://developer.estimote.com
MIT License
836 stars 451 forks source link

Estimote library add permission READ_PHONE_STATE (targetSdkVersion < 4) #204

Closed delchiaro closed 7 years ago

delchiaro commented 7 years ago

When building an apk with your aar library attached, the generated apk will require the permission:

android.permission.READ_PHONE_STATE

This implies that publishing on the google play store that apk, google will ask a privacy policy. I'm sure that the problem derive from your library because of the log that I can found in:

app/build/outputs/logs/manifest-merger-release-report.txt In particular:

ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:13:5-88 android:name ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:13:29-85 service#com.estimote.sdk.repackaged.dfu_v0_6_1.no.nordicsemi.android.dfu.DfuBaseService ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:26:9-115 android:name ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:26:18-112 activity#com.estimote.sdk.DefaultRequirementsCheckerCallback$Activity ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:28:9-30:56 android:theme ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:30:13-53 android:name ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:29:13-88 receiver#com.estimote.sdk.service.BeaconService$ScanAlarmBroadcastReceiver ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:32:9-102 android:name ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:32:19-99 service#com.estimote.sdk.connection.internal.DeviceConnectionProviderService ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:34:9-36:40 android:exported ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:36:13-37 android:name ADDED from [com.estimote:sdk:0.16.0] /home/nagash/.android/build-cache/8d300f9c495671d3da2ac07a68e7eec629dbf839/output/AndroidManifest.xml:35:13-96 uses-permission#android.permission.READ_PHONE_STATE IMPLIED from /home/nagash/workspace/AppWebBrowser/app/src/main/AndroidManifest.xml:2:1-75:12 reason: org.webkit.android_jsc has a targetSdkVersion < 4

Last lines: uses-permission#android.permission.READ_PHONE_STATE IMPLIED from /home/nagash/workspace/AppWebBrowser/app/src/main/AndroidManifest.xml:2:1-75:12 reason: org.webkit.android_jsc has a targetSdkVersion < 4

Probably the issue is caused by org.webkit.android_jsc, hope there is a new version of org.webkit.android_jsc or another way to fix the issue.

I resolved adding this line in my AndroidManifest.xml: <uses-permission android:name="android.permission.READ_PHONE_STATE" tools:node="remove" /> hoping does not cause problems at runtime (I have not tested yet with a beacon).

Thanks

pawelDylag commented 7 years ago

Dear @nagash91

we take all such requests seriously. We took some time to investigate the source of this problem, always starting with the documentation of basic things like Android framework.

So, with the knowledge that our sdk DOES NOT use android.permission.READ_PHONE_STATE, we looked at the permission itself. According to the Android documentation:

READ_PHONE_STATE Allows read only access to phone state, including the phone number of the device, current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.

Note: If both your minSdkVersion and targetSdkVersion values are set to 3 or lower, the system implicitly grants your app this permission. If you don't need this permission, be sure your targetSdkVersion is 4 or higher.

I think this is the clue of your problem. Please consider targeting minSdkVersion > 4. By the way - according to the Android dashboard, market adoption of API 10 (Gingerbread) is around 1.0%. This is why our sdk minSdkVersion = 9.

Have a good day!

delchiaro commented 7 years ago

Ok sorry, I messed up. The problem comes from library org.webkit.android_jsc that I assumed wrongly to be used by Estimote. The problem comes from another library I have included in my project, which in turn includes org.webkit.android_jsc lib.

Thanks!