I have just completed my app which I have React Native using Expo. It is my first time uploading an APP to Play Store. After I got finished uploading my APP and all the requirements I got an Email from Google that my APP got Rejected, and I have no idea how to fix the issues they have listed.
=====================================================================
Here are the reasons:
The declared function DEVICE_AUTOMATION is allowed, but not approved for the specific permissions that are listed in your manifestREAD_SMS . These excess permissions READ_SMS must be removed from your app manifest
The declared functionality DEVICE_AUTOMATION is determined to be unnecessary or not aligned with the core functionality of your app.
=====================================================================
Any help would be grateful.
Best Regards
Musayyab
Starting from Jan 9, 2019, Google starts restricts the use of high risk or sensitive permission including SMS or Call Log.
According to mail, you can't use READ_SMS permission in your application. (It does not matter what application make by whatever language) Indeed, Google just judge 'Your application doesn't need READ_SMS function'.
If you tried to use READ_SMS as OTP(or Phone Authentication), You can use SMS Retriever API to achieve almost same feature.
In other cases, there are no alternatives available at this time.
Android apps have something called Permissions which the app tell s the phone what it would like to do. The purpose of these is to protect the privacy of the Android User.
Google Play has recently got stricter in what apps it will allow to use some of these permissions, as they are often used by abusive apps. One of these permissions is READ_SMS. If an app is granted this permission it is allowed to read all of the users SMS messages.
It sounds from your comment like you don't want your app to read the users SMS messages. So in this case the check worked - your app was asking for a permission it didn't need. You should remove the request for the READ_SMS permission from your app.
There are instructions on editing the permissions in a react native app here. So possibly you added this permission to your AndroidManifest.xml file. If you did, then you should remove it.
If you didn't add it yourself, it is a possible a bad third-party library you added to your app added the permission. If so you should stop using that library.
Related
Since Android 11, there has been a system feature where it resets app permissions after a certain amount of time has passed and you haven't used the app.
I know you can turn it off on most apps, by the user itself like the screenshot below :
and also it seems to turn back on when there are app or system updates.
How can I disable this function in my app by code or sth else?
Well, I doubt there is an easy way.
If your app is a device policy controller, it will not be set to hibernation (System exemptions from hibernation) or, if your app is a default handler for messages, phone, browser etc.
What you can do, is to ask the user to disable auto revoke for your app. But you might have to do that after updates as well, if the system resets this privilege on your app (so your problem won't be solved).
The permissions you request in your app manifest (android:required="true") should never be revoked. But of course you cannot request every kind of permission that way. Some need to be requested explicitly.
Apps using background services are whitelisted automatically as stated here. So you can declare a background service, if this is appropriate for you. But if there is nothing to be done, I could imagine, that the system removes your app from whitelist. (I didn't test all of it)
If you see this post you can also try
PackageManager pm = getPackageManager();
pm.setAutoRevokeWhitelisted(getPackageName(), true);
boolean result = pm.isAutoRevokeWhitelisted(); // result should be true
and this in your manifest:
<uses-permission android:name="android.permission.WHITELIST_AUTO_REVOKE_PERMISSIONS" />
But I actually doubt it works.
i found article for your subject. It's says,
"The toggle is disabled for some apps that perform a background
service, including device admin apps Whenever the toggle is
hidden/disabled the app is already exempted from auto revoke"
Link to the article
You can examine this if you want. I hope it helps you.
For context, the Android documentation says that some app classes receive the SYSTEM_ALERT_WINDOW permission automatically on request:
Any app that has ROLE_CALL_SCREENING and requests SYSTEM_ALERT_WINDOW automatically receives the permission. If the app misses ROLE_CALL_SCREENING, it loses permission.
Any app that is capturing the screen using a MediaProjection and requests SYSTEM_ALERT_WINDOW automatically receives permission, unless explicitly denied by the user. When the app stops capturing the screen, it loses permission. This use case is primarily intended for apps to stream games live.
How can I achieve this configuration to be able to obtain this permission automatically or by default?
As the documentation you quoted says, if you don't fit into one of those use cases, you can't.
It needs to be explicitly granted, and not all devices even support it.
This is because being able to draw over the screen whenever the app wants opens the door to bad behaviors, such as disguising other parts of the UI or preventing the using from using the device properly.
How can I fetch call-log and SMS from android device. I read many docs on that and I found we have to request google for our required permission. Can anyone tell me what is a change in code? or work the same code?
An app I created Recently Required SMS and CALL_LOG Permissions. It was Executed Successfully on Android 9.0 (Pie). Thus, I don't think there were any changes to the APIs being used to do so. But I do believe Google Updated Their Policies so You might not be able to pass the SafetyNet Check or You might not be able to Publish your app on the Play Store. If there are any More Questions, I'd be happy to help!
🖖🏻
Up Until Api 28, things should work fine as long as you have your READ_CALL_LOG & WRITE_CALL_LOG permission mentioned in the Manifest file, and you must be requesting them during the runtime. From Android 10 onwards (Api 29+), Google has introduced what they call as Hard and soft restrictions in Android 10. SMS and Call Logs now fall under hard restricted permission, for which you need to fill up a form (Thanks to this medium article for pointing this out)while publishing your app. As far as I know and from what I have tried, when I include the READ_CALL_LOG in the manifest and when I request the permission during runtime, it works flawlessly up until API 28, but for API29+ (Android 10 and up), it fails, and it does not even pop up during runtime although I was able to navigate manually into the settings and grant the permission.
Could you help me?
I have a question about permission required by using admob in my application. Are these permissions really necessary? I've found some app on PlayStore they are using ads without any permissions? How can I do it?
Thanks for your suggestions
The internet access permission does not by default show up when you are downloading an app under the permissions that the app uses (i.e. "The app requires no special permissions to run." In this example the app could still use internet access. Google simply gave every app the permission, however you still need to declare that you use the permission in your application). If you have checked the permissions manually (using a program) and the application does not use the internet access permissions then the "ads" are likely just pictures that when clicked open your browser. Thus they require no internet access.
However to use admob the INTERNET ACCESS permission is required, the reason you don't see it is because Google no longer states whether application have this permission or not.
Internet permission is required now. Although, existing app with no Internet permission still works.
Hello my problem is that when I try to change weather or not the GPS setting is enabled I get the following error 10-20 05:44:31.890: E/AndroidRuntime(889): java.lang.SecurityException: Permission denial: writing to secure settings requires android.permission.WRITE_SECURE_SETTINGS while in my manifest file I do have the permission listed in the error inside my manifest file.
Manifest:
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS"/>
Any help would be appreciated
WRITE_SECURE_SETTINGS is a signatureOrSystem permission, meaning that ordinary SDK applications cannot hold it. Only apps that are related to the firmware can hold this permission.
Reading all answers for this particular issue, one way around for this is to use this code to enable the gps but it wont work, as CommonsWare pointed, the application has to be system app for getting this code to work..so one can convert the application into system app by using TitaniumBackup. THis is working perfectly fine for me now.
*Sony users will see another message "Will collect anonymous data while using gps" - to overcome this, 'Freeze' the "LEarning Client" app and everything will be fine.