search

apptentive / apptentive-android

Apptentive Android SDK
http://www.apptentive.com
BSD 3-Clause "New" or "Revised" License
65 stars 64 forks source link

'Files and Media' permission appears in app settings #221

Open dan-ahlquist opened 3 years ago

dan-ahlquist commented 3 years ago

This issue affects Apptentive Android SDK versions 5.5.3 and 5.6.2, and possibly others. It affects apps targeting API 30.

When I upgraded my app to target API 30, I noticed a new permission in the app settings page: 'File and Media'. I believe the difference is related to Storage updates in Android 11.

Upon further investigation, I noticed that the Apptentive SDK is declaring WRITE_EXTERNAL_STORAGE, with maxSdkVersion 18. When an app declares that permission, it also gets READ_EXTERNAL_STORAGE implicitly. However, this implicit permission declaration does not inherit the maxSdkVersion attribute 🤦‍♂️. Therefore, the app's merged manifest declares READ_EXTERNAL_STORAGE with no sdk restriction. Once targeting API 30, the result is that this permission is shown in app settings, even on devices running above API 18.

My workaround for this is to explicitly declare the READ permission in my app's manifest with maxSdkVersion. This gets merged together with Apptentive's implicit declaration, resulting in the correct behavior (permission not shown above API 18). I have not investigated the behavior on 18 and below, because my app does not run on those versions anyway.

Here is my workaround, and IMO Apptentive can use the same line in its own manifest:

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" android:maxSdkVersion="18" />

Thanks for your time!

CaseyApptentive commented 3 years ago

Hi @dan-ahlquist. Thanks for the thorough report. We appreciate it.

We have not heard of this issue before. We'll look into it.

For the sake of being sure you're freed up: did your workaround work? Let me know if you're blocked in any way.

dan-ahlquist commented 3 years ago

Yes, this workaround works.

Thanks, Casey.

CaseyApptentive commented 3 years ago

Thanks again, Dan. Really appreciate it.

We've taken a preliminary look into this. Unfortunately, we're unable to reproduce it and we have not heard other reports of it for whatever reason, even though many apps with Apptentive are using API 30 and those SDK versions.

We'll do our diligence and keep this in mind for future releases. Let me know if you need anything else to free you up.