Skip to content
This repository has been archived by the owner on Apr 28, 2022. It is now read-only.

Why is android.permission.RECEIVE_SMS used in the manifest? (Hides app for tablets) #436

Closed
stefanhoth opened this issue Jan 19, 2015 · 10 comments
Closed

Why is android.permission.RECEIVE_SMS used in the manifest? (Hides app for tablets) #436

stefanhoth opened this issue Jan 19, 2015 · 10 comments

Comments

@stefanhoth
Copy link

In a project of ours we ran into an issue after using OpenIAB. Our app was unlisted from the Play Store for Tablets. Some investigation lead to the result that android.permission.RECEIVE_SMS (library/AndroidManifest#27 ) implicitly adds android.hardware.telephony require=true.

This is the fix that we needed to put in our app's manifest:

<!-- telephony required=true is implicit from the RECEIVE_SMS permission in openIAB -->
<uses-feature
    android:name="android.hardware.telephony"
    android:required="false" />

Question is: Why is this added to the library? Is it really needed? It's a rather privacy concerning permission that should be avoided if necessary. At the very least this should be treated optionally for the stores that require it.
RomanZhilich added a commit that referenced this issue Jan 19, 2015
@RomanZhilich
Update requested permissions. #436
39cf55b
@akarimova
Copy link
Contributor

Hi @stefanhoth, the telephony feature is used for Fortumo.

@stefanhoth
Copy link
Author

@akarimova I would like not to use this permission but since it's in the library it will be required automatically from an app that adds openIAB.

Suggestion: You'll remove it from the manifest and check in the Furtomo part of the code if the permission exists, otherwise you throw an exception. So developers who implement Furtomo will add the permission into their app's manifest but other users won't be bothered. Sounds good?

@stefanhoth
Copy link
Author

Wow, didn't see @RomanZhilich 's swift action yet. When is a new release planned that will include this fix?

@akarimova
Copy link
Contributor

@stefanhoth.
we've certain checks for different billing providers.. but thank for the idea:)

When is a new release planned that will include this fix?

in the end of the week

Anyway, you can build the library using gradle

@RomanZhilich
Copy link
Collaborator

As an alternative, you can use library as jar, instead of aar. It doesn't contain any resources, so the only difference should be manually declared manifest entries.

@sdeff
Copy link

sdeff commented Jan 28, 2015

@stefanhoth I haven't used this library yet but to prevent merging permissions I think you could also just add:

<uses-permission
    android:name="android.permission.RECEIVE_SMS"
    tools:node="remove">
</uses-permission>

to your manifest file.

@stefanhoth
Copy link
Author

@sdeff Thanks, that's indeed a nice workaround. But I think that a library shouldn't add those permissions in the first place. That's why I'm happy with the new way of handling this.

@stefanhoth
Copy link
Author

@RomanZhilich I'm not sure this fix made it into the release. Could you clarify?

@RomanZhilich
Copy link
Collaborator

@stefanhoth No, not yet.
@akarimova Can probably tell more about releases.

@akarimova
Copy link
Contributor

0.9.8.4 will be on this week

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stefanhoth @akarimova @sdeff @RomanZhilich