CODEWITHSUNDEEP
androidpermissionsmanifest
Mitul Nakum
Mitul Nakum

Reputation: 5574

Remove extra unwanted permissions from manifest android

I have android app, I want to check that every permissions mentioned in Manifest is required or not?

Basically I want remove unwanted permissions.

what should I do?

Thanks in advance

Upvotes: 32

Views: 30892

Answers (5)

Ragesh Pikalmunde
Ragesh Pikalmunde

Reputation: 1403

if someone is using Ionic: you can write a hook to remove unwanted permissions. this can help with ci-cd

For example, in your Cordova project create hooks/remove_permissions.js:

#!/usr/bin/env node
'use strict';
var permissionsToRemove = ['BLUETOOTH', 'WAKE_LOCK', 'FOREGROUND_SERVICE', 'BACKGROUND_SERVICE'];

var fs = require('fs');
var path = require('path');
var rootdir = '';
var manifestFile = path.join(rootdir, 'platforms/android/app/src/main/AndroidManifest.xml');

fs.readFile(manifestFile, 'utf8', function (err, data) {
    if (err) {
        return console.log(err);
    }

    var result = data;
    for (var i = 0; i < permissionsToRemove.length; i++) {

        console.log('Removing: <uses-permission android:name="android.permission.' + permissionsToRemove[i] + '" />');
        result = result.replace(
            '<uses-permission android:name="android.permission.' + permissionsToRemove[i] + '" />', '');
    }

    fs.writeFile(manifestFile, result, 'utf8', function (err) {
        if (err) {
            return console.log(err);
        }
    });
});

Then reference it from your config.xml:

<platform name="android">
...
<hook type="after_prepare" src="hooks/remove_permissions.js" />
</platform>

Upvotes: 0

Michal
Michal

Reputation: 2201

For Android Studio:

1) Find which permissions are added (app\build\intermediates\manifests)

2) Add these permissions with tools:node="remove"

Example:

I found that I have unwanted permission:

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>

And I removed it by adding this to my app manifest:

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="remove"/>

Upvotes: 75

Sameer Tanuj
Sameer Tanuj

Reputation: 213

You can remove the permission and check the lint results. If the results are clean then the permission is not being used.

Analyse -> Run Inspection by Name -> Type "Missing Permissions" -> Run

Android studio Version: 3.0.1

Upvotes: 7

CommonsWare
CommonsWare

Reputation: 1006924

The answer given by user370305 is generally the correct one. Your third-party code should adequately document what permissions it needs -- combine that with the permissions your own code needs, and you should be set.

If you feel that this is insufficient, then:

Step #1: Write a unit test suite.

Step #2: Add tests to the suite until you have complete statement coverage.

Step #3: Get all tests passing in the unit test suite.

Step #4: Remove a permission and see if tests fail. Restore the permissions that cause test suite failure. Repeat for all permissions you are uncertain of.

Upvotes: 6

user370305
user370305

Reputation: 109237

You should have to know which function and component are use in your application. On that component's need basis you have to add only those permission. Not alls. Jusi check and remove other permission by manually from manifest.

Upvotes: 0

Related Questions