2

I know that this question has been answered HERE, but it was a while ago and since no good answer has been given and it might have changed, i will ask again:

Is there some tool or IDE plugin that analyzes either source code or APK to see if the permissions are being used anywhere in the app. There are lot of libraries, and fairly large project as well so it would not be wise to remove some permission and running smoke test on the app since it could be used at some subtle places.

For example, I do not know why we have permission READ_SMS, but if we remove it since there is no obvious use of it, it could later cause a crash.

Community
  • 1
  • 1
Heisenberg
  • 3,153
  • 3
  • 27
  • 55
  • I know I answered on the original post too... but they cannot be tagged as duplicated unless there is an accepted answer. So I am answering here too. Once the answer is accepted we can tag one of the questions as duplicate. – GabrielOshiro Jul 06 '16 at 16:16

1 Answers1

1

LINT does check for missing permissions as you can see on LINT checks.

  • So, go to your AndroidManifest.xml and remove all tags <uses-permission> using Android permissions (meaning, don't delete permissions that belong to your app, such as UA_DATA and C2D_MESSAGE).
  • Then run LINT analysis. Click on Analyze then Inspect Code...
  • Look under Android -> Constant and Resource Type Mismatches
  • You should see all missing permissions.
  • Then you can just right-click them and select Apply fix "Add Permission". If you select this option, Android Studio will include one permission for every error. So you'll end up with multiple copies of the same permission on your Manifest file, just delete the duplicates. You can do it manually too.

Here is the description of the LINT rule:

 ID ResourceType

 Description

This inspection looks at Android API calls that have been annotated with various support annotations (such as RequiresPermission or UiThread) and flags any calls that are not using the API correctly as specified by the annotations. Examples of errors flagged by this inspection:

  • Passing the wrong type of resource integer (such as R.string) to an API that expects a different type (such as R.dimen).
  • Forgetting to invoke the overridden method (via super) in methods that require it
  • Calling a method that requires a permission without having declared that permission in the manifest
  • Passing a resource color reference to a method which expects an RGB integer value.

...and many more. For more information, see the documentation at http://developer.android.com/tools/debugging/annotations.html

I'm using Android Studio 2.1.2.

GabrielOshiro
  • 7,986
  • 4
  • 45
  • 57