I have an app on Google Play Store which I created and shows the location of all the cars that are parked in Kortrijk that are registered by sensors real-time and the app shows all those parked cars and free places to park on a Googlemap mapview.
However, I received a couple of days ago a warning of Google Play Developer that requires an action of a privacy policy.
My manifest is like:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="be.programmeercursussen.parkingkortrijk" >
<!-- Internet permission for network operations -->
<uses-permission android:name="android.permission.INTERNET" />
<!-- Creating Permission to receive Google Maps -->
<permission
android:name="be.programmeercursussen.parkingkortrijk.permission.MAPS_RECEIVE"
android:protectionLevel="signature" />
<application
android:allowBackup="true"
android:icon="@drawable/parking_icon"
android:label="@string/app_name"
android:theme="@style/MaterialTheme" >
-->
<meta-data
android:name="com.google.android.maps.v2.API_KEY"
android:value="my Api key ..." />
<!-- SplashScreen => startup screen -->
<activity
android:name=".SplashScreen"
android:label="@string/app_name"
android:screenOrientation="portrait"
android:theme="@android:style/Theme.NoTitleBar.Fullscreen" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<!-- Main activity -->
<activity
android:name=".MainActivity"
android:label="@string/app_name"
android:screenOrientation="portrait" >
</activity>
<!-- ParkingDetail activity -->
<activity
android:name=".ParkingDetailActivity"
android:label="@string/title_activity_parking_detail"
android:screenOrientation="portrait" >
</activity>
<!-- StraatParkeren activity -->
<activity
android:name=".StraatParkeren"
android:label="@string/title_activity_straat_parkeren"
android:screenOrientation="portrait" >
</activity>
</application>
In the Developer console it said i've got Get_accounts permission and this is a violation, but this permission isn't hardcoded in the app. But then i found out that Google Play services library automatically adds this i think? So my line for compiling
compile 'com.google.android.gms:play-services:7.5.0"
I changed into the selective API part
compile 'com.google.android.gms:play-services-maps:7.5.0"
Changing this line into this and generate the apk and try to install it, the issue of get_accounts is no longer there in the overview of what the app gets access to when installing on a smartphone.
So my dependencies in build.gradle are now:
dependencies {
/*
find latest gradle versions on : http://gradleplease.appspot.com/
*/
compile fileTree(dir: 'libs', include: ['*.jar'])
// appcompat library
compile 'com.android.support:appcompat-v7:22.2.1'
// material design library
compile 'com.android.support:design:22.2.1'
// recyclerview
compile 'com.android.support:recyclerview-v7:22.2.1'
// cardview
compile 'com.android.support:cardview-v7:22.2.1'
// google play services, selective API (maps) !!!
// https://developers.google.com/android/guides/setup#split
compile 'com.google.android.gms:play-services-maps:7.5.0'
// Jsoup library
compile 'org.jsoup:jsoup:1.8.3'
}
Now, if I generate the apk based on the manifest and build.gradle, it now says when installing the app will get access to:
- approximate location (network-based);
- modify or delete the contents of your SD card
- read the contents of your SD card
- view network state (full Internet access)
I am sure that view network state is required otherwise the app can't read the real-time xml from the Internet.
But I am not sure if approximate location will get me a new privacy violation?
Also I don't know why the app can read, modify or delete the contents of the sd-card as the app shouldn't be using those ... Are there any permission that are automatically set with the manifest and build.gradle?
Thanks for any help in advance,
Grtz Davy
