Why the need for `QUERY_ALL_PACKAGES` permission?

[petlys]

Could you elaborate on the need for the QUERY_ALL_PACKAGES permission? This is quite a scary permission for many users, and a dealbreaker for us.

[rileycognitv]

An update on the dependency package would be great! struggling to release onto google play store

[felipejoribeiro]

@mohamed2m2018 As far as I know there is no commit or pull request that fixes this. You need to do it yourself with either patch-package to fix the manifest file for this package, or edit your own manifest to override and remove all attempts to add the permission. Both solutions should work fine. After a build you can drag the APK/aab onto Android Studio to inspect the package and make sure the permission is actually gone from the final manifest

Even after confirming this. Google play still insist that we are using the permission. I'm not sure what to do next.

[jbuffin]

@felipejoribeiro Make sure you update the app in all your testing channels. Play will continue to complain about the issue as long as any version is available. For me, I had an old version in my internal testing channel and was still getting emails from Google about it even though my production version did not have the issue. You can verify if the permission is gone in the Releases tab under the App Bundle details.

[felipejoribeiro]

@jbuffin Thank you for the prompt response. I have versions in the production and internal testing. Both already comply to the new security policy. But both were rejected. When i click in 'release details' in one of then and i check the bundles, the ones in 'New app bundles' don't have the permission. The only ones that have are the ones in 'Deactivated app bundles'. Don't know how to deal with then as i can't launch new versions.

[jbuffin]

You might have to appeal the rejection to get more clarity on why they think you have the permission.

[jdnichollsc]

Hey folks, please help me reviewing this PR for the new release v3.7.0 https://github.com/proyecto26/react-native-inappbrowser/pull/375

[zholmes1]

@felipejoribeiro I am in the exact same situation as you. Cannot submit an update because I can't be approved for this permission, but can't remove the permission from my app policy because I can't submit an update. Truly sadistic torture from the masterminds over at Google Play Policy Team. Please email me so we can keep in touch and let each other know if we ever find a solution.

[jdnichollsc]

Sorry for the delay folks 😥

[bumpingChris]

@zholmes1 @felipejoribeiro I have the same situation. Google Play rejects updates because this QUERY-ALL-PACKAGES permission request from react-native-inappbrowser apparently exists in OLD bundles that are considered active. THERE'S NO WAY TO DEACTIVATE THE OLD BUNDLES!

I have communicated to Google via appealing, contact-us, and chat, and the feedback I get from them is so obscure and without doable directions (e.g. they said to deactivate the old bundles but there is no way to do so!). @zholmes1 They also said to fill in the Declaration Form for the sensitive permissions - THIS MUST BE DONE EVENTHO YOU DON'T NEED THE PERMISSION OTHERWISE YOU CAN'T SUBMIT A NEW RELEASE. While we can submit a new release, we keep getting rejected even the new releases do not have the permission request because the old bundles do! I'm at a loss!

If you figure out the way to overcome this issue please let me know.

[zholmes1]

@bumpingChris @felipemengatto I was able to get my app approved. The key was to create a brand new build for each release track, and put them all in review at the same time. That way the reviewer doesn't even hear about the QUERY_ALL_PACKAGES permission.

Read more here: https://bapspatil.medium.com/dear-googles-permissions-declaration-form-can-we-break-up-85bc6b62f690

[dooleyb1]

Having the same issue as @bumpingChris , when I submit a new build to Internal testing track in order to submit for a review (and eventually promote to Production track). Google are blocking this saying the following:

This release includes permissions that haven't been declared in Play Console. Go to sensitive app permissions to update your Permissions declaration.

When I go to the Permissions declarations section to view the bundles containing the QUERY_ALL_PACKAGES permisssion which is causing the issue the only one displayed is my current bundle that is active in Production. Does anyone know how to get around this / decouple my active production bundle from my new internal testing track bundle that I would like to submit for review.

[zholmes1]

@dooleyb1 Have a look at my comment from earlier this morning. I was stuck like you and I was able to solve it.

[dooleyb1]

@dooleyb1 Have a look at my comment from earlier this morning. I was stuck like you and I was able to solve it.

Yeah I tried the above and am struggling to move my current production build from Active to Inactive. My production build is code 141. This build is also in Internal test track (was promoted from here). I've uploaded a new build to Internal test track with code 142 as a draft release & similarly a new build to Production track with code 143. I cannot submit either of these draft releases as I'm getting the This release includes permissions that haven't been declared in Play Console. Go to sensitive app permissions to update your Permissions declaration. error which is pointing to build code 141 (internal test & production) telling me it has the QUERY_ALL_PACKAGES permission.

@zholmes1 how did you manage to get around this? I tried following the above link to no avail.

[zholmes1]

Make sure you're doing every single track. And at 100% rollout. You need to have zero trace.

To confirm this, go to your policy declaration and click "affected bundles/apk's" and you'll see which tracks/versions are still requesting this declaration. You want it to say "no affected bundles" before you release. If there's anything listed at all there, your review will get rejected.

[dooleyb1]

Basically the problem is that I cannot deactivate the above builds by submitting new builds to these tracks as when I go to publish build 143 to internal test for example it gives the error below even though 141 is the only bundle affected by this issue and is not included in 143 whatsoever.

[zholmes1]

@dooleyb1 They have to all be in review at the same time. I started with internal, then alpha, then beta, then production. Brand new build for each one

[dooleyb1]

@dooleyb1 They have to all be in review at the same time. I started with internal, then alpha, then beta, then production. Brand new build for each one

It's not letting me even submit them to review in any track is the issue

[rileycognitv]

I had a problem where I was stuck unable to update my android app. I also had to make sure every active track (an internal and 2 closed tracks) had the same latest build with the fix in review. Only then was it accepted. Was a lot of pain before finding out about this info

[dooleyb1]

I can't get any of the above solutions to work unfortunately (possibly due to error on my part). I've reached out to Google Play Developer Support and this is their reply below for anyone else who may be stuck. Looks like I'm going to have to fill out the declaration form.

Thanks for contacting Google Play Developer Support.

You’re getting the warning about QUERY_ALL_PACKAGES due to your existing/old versions having used this permission.

You will have to declare the permission QUERY_ALL_PACKAGES first in order to update to a newer version. Once you've successfully updated the app without the QUERY_ALL_PACKAGES permission, it will naturally be removed in your app bundle explorer.

Please note that removing the permission without declaring it first is not possible at the moment.

You can learn more about the form and the review process by visiting the [Declare permissions for your app](https://support.google.com/googleplay/android-developer/answer/9214102) article on the Help Center.

[zholmes1]

@dooleyb1

Yes that's correct, you do have to fill the form out. But as long as you have a bundle in review for every single possible track that does not include the permission, they will not look at the declaration form.

[dooleyb1]

@dooleyb1

Yes that's correct, you do have to fill the form out. But as long as you have a bundle in review for every single possible track that does not include the permission, they will not look at the declaration form.

Awesome, thanks 🙏

[bumpingChris]

@zholmes1 @dooleyb1 Thanks Zholmes1 for your input. We were able to finally get our update approved after waiting 4 days in review. We did what you recommended updating the build in every track.

[felipejoribeiro]

Was able to get it approved updating both tracks. Thanks @zholmes1 and @dooleyb1!

[moob123]

I did not get so lucky, I posted my app's new release on all tracks and all got denied. It is like Catch-22. They have answered to my appeal with some mail templates so far. Is there any specific line of reasoning that gets through? Thanks.

[zholmes1]

@moob123

You're not gonna get through to them. I tried for days emailing/calling all different departments. No one wanted to listen and no one could do anything.

Are you bumping the version number for each package.

For instance: Internal testing gets version code 53, Closed testing 54, Open testing 55, Production 56.

This is what ultimately allowed mine to pass.

I think the key is to go to your policy declaration and see which builds are affected by the sensitive permissions declaration. If there are any builds listed there, all your updates will be rejected.

[MoOx]

FYI, the only thing I had to do was to fill the form. I said in it "Our app isn't using the QUERY_ALL_PACKAGES permission. Incoming update is going to remove it". I validated and was immediately able to push a version to internal testing.

[jnbt]

The UX in the PlayStore console is a nightmare. I followed the suggestion to upload new builds (without the permission) on every track, but was only able to safe them in the "Draft" state. Then I filled out the form. The form was added to the "What you've told us" part on the "Publishing overview". But there was not "Submit to review" button. At least at this point the big "error" on the release page was gone, but I was still not able to submit the builds because there was another "Fix errors to rollout this release" error at the end of the page. I logged out of the console, and logged in again. Now I was able to set the tracks to roll-out and also submit everything to review. Fingers crossed.

[pfrazee]

Sorry for adding noise -- just wanted to do a quick shout-out thanks to the maintainers and everyone contributing to this issue. This is one of those thankless PITAs and everybody sharing their solutions and helping with the fixes are an immense help to (me and) the community.

[jdnichollsc]

Totally agree, gracias totales for all your support folks! ❤️

[flogy]

FYI, the only thing I had to do was to fill the form. I said in it "Our app isn't using the QUERY_ALL_PACKAGES permission. Incoming update is going to remove it". I validated and was immediately able to push a version to internal testing.

Worked for me too with the exact same phrasing. Had to draft a new release for all the used channels too (internal testing & production in my case) to get it working. Took 5 days to review though.