26

I have android app, I want to check that every permissions mentioned in Manifest is required or not?

Basically I want remove unwanted permissions.

what should I do?

Thanks in advance

Mitul Nakum
  • 5,514
  • 5
  • 35
  • 41
  • 1
    Related/dupe: [Clean up unused Android permissions](http://stackoverflow.com/questions/18362305/clean-up-unused-android-permissions) – blahdiblah Apr 29 '15 at 01:57

5 Answers5

62

For Android Studio:

1) Find which permissions are added (app\build\intermediates\manifests)

2) Add these permissions with tools:node="remove"

Example:

I found that I have unwanted permission:

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>

And I removed it by adding this to my app manifest:

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="remove"/>
Nabeel K
  • 5,938
  • 11
  • 38
  • 68
Michal
  • 2,071
  • 19
  • 30
7

You can remove the permission and check the lint results. If the results are clean then the permission is not being used.

Analyse -> Run Inspection by Name -> Type "Missing Permissions" -> Run

Android studio Version: 3.0.1

Sameer Tanuj
  • 193
  • 1
  • 2
  • 6
6

The answer given by user370305 is generally the correct one. Your third-party code should adequately document what permissions it needs -- combine that with the permissions your own code needs, and you should be set.

If you feel that this is insufficient, then:

Step #1: Write a unit test suite.

Step #2: Add tests to the suite until you have complete statement coverage.

Step #3: Get all tests passing in the unit test suite.

Step #4: Remove a permission and see if tests fail. Restore the permissions that cause test suite failure. Repeat for all permissions you are uncertain of.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
0

if someone is using Ionic: you can write a hook to remove unwanted permissions. this can help with ci-cd

For example, in your Cordova project create hooks/remove_permissions.js:

#!/usr/bin/env node
'use strict';
var permissionsToRemove = ['BLUETOOTH', 'WAKE_LOCK', 'FOREGROUND_SERVICE', 'BACKGROUND_SERVICE'];

var fs = require('fs');
var path = require('path');
var rootdir = '';
var manifestFile = path.join(rootdir, 'platforms/android/app/src/main/AndroidManifest.xml');

fs.readFile(manifestFile, 'utf8', function (err, data) {
    if (err) {
        return console.log(err);
    }

    var result = data;
    for (var i = 0; i < permissionsToRemove.length; i++) {

        console.log('Removing: <uses-permission android:name="android.permission.' + permissionsToRemove[i] + '" />');
        result = result.replace(
            '<uses-permission android:name="android.permission.' + permissionsToRemove[i] + '" />', '');
    }

    fs.writeFile(manifestFile, result, 'utf8', function (err) {
        if (err) {
            return console.log(err);
        }
    });
});

Then reference it from your config.xml:

<platform name="android">
...
<hook type="after_prepare" src="hooks/remove_permissions.js" />
</platform>
Ragesh Pikalmunde
  • 1,333
  • 1
  • 20
  • 44
0

You should have to know which function and component are use in your application. On that component's need basis you have to add only those permission. Not alls. Jusi check and remove other permission by manually from manifest.

user370305
  • 108,599
  • 23
  • 164
  • 151
  • some times we adopt open source, to complete our task, and there is possibility that we are not known. and remove permissions manually, it may happend that by mistake I remove needed one and it will generate exception. – Mitul Nakum Nov 24 '11 at 13:09