Closed posxposy closed 3 years ago
kozw
commented
3 years ago Thanks for reporting. I've been looking into it, and AndroidManifest.xml usually doesn't contain any sdk version info for flutter plugins, but I might be mistaken.
Question: how do I reproduce this very message where the READ_PHONE_STATE is implied from the flutter_sodium package?
posxposy
commented
3 years ago and AndroidManifest.xml usually doesn't contain any sdk version info for flutter plugins
Yeah, AndroidManifest.xml in the logs means a place, where permission was implicitly added :)
And the version is coming from build.gradle
Question: how do I reproduce this very message where the READ_PHONE_STATE is implied from the flutter_sodium package?
You can find that logs in \build\app\outputs\logs\manifest-merger-debug-report.txt after building an app with flutter_sodium added as a dependency.
Also, if you try to deploy a built apk (or bundle) to the Play Market, it will ask you for the privacy policy:
Your APK or Android App Bundle is using permissions that require a privacy policy: (android.permission.READ_PHONE_STATE).
Hope it helps :)
kozw
commented
3 years ago Thanks, found it.
Once I add the following minSdkVersion to the build.gradle of the plugin, the permission is indeed no longer added. Any preference for the minSdkVersion? Looks like other plugins use 16.
defaultConfig {
minSdkVersion 16
}Thank you for the fix!
I think minSdkVersion 16 is a good choice. As for today, it covers 99.8% of android devices:
kozw
commented
3 years ago Published flutter_sodium 0.1.9 to pub.dev
Enjoy
Hello! Looks like flutter_sodium is not providing a minimum api version, so it adds android.permission.READ_PHONE_STATE implicitly to the build bundle\apk:
Docs: https://developer.android.com/reference/android/Manifest.permission.html#READ_PHONE_STATE
Would be nice if flutter_sodium may provide minSdkVersion or targetSdkVersion to avoid this permission, because it is about sensitive user data which is not used by our app.
Thank you :)