I figured out how to remove the permissions manually, in manifest.xml. Using APK Studio it’s possible to open the manifest.xml file and remove these permissions:
can anyone see a disadvantage to manually removing these permissions from manifest.xml? (assuming of course that my app doesn’t use the above features of Thunkable)? Am I likely to break anything internally?
Is there any way to remove these permissions in the Thunkable IDE? If not, I’d humbly suggest that it would be a nice option… I would never install an app that asks for access to my contacts without good reason.
It looks like Thunkable adds these permissions into every app? I just created a new app and inserted a single button, then built the APK and examined it’s manifest.xml, and it created all of the above permissions too, including the need to read my contacts…
Does anyone know why that is?
And if there isn’t already a way to disable that, maybe it would make a good feature request?
It’s more of a workaround than a solution I think, but I’m glad to mark it solved if you think that’s appropriate.
We know about this. Given our product architecture it’s a bit more complex to deal with than we’d like, so it might take a while. For the most part, it doesn’t interfere with the actual working of your apps, but I appreciate that you (and your users) don’t want to see unneeded permissions in the list.
Thanks for the explanation. I still don’t understand why access to contacts would ever be required, given the available widgets? Of all the requested default permissions that seems like the most alarming to users.
And maybe the ability to turn these off in app settings?
I am not sure how this will manifest itself, in the App Listing, or just requiring a Privacy Policy, can someone explain, since we do not use any of there permissions? Also, would thunkable in an important case will willing to review the App and remove these from any manifests?
These permissions are default installed. It is much simpler and means there is less chance of a mess up with the code if you add a component then remove it. Everything is pre imported. Just make a privacy policy with Free Privacy Policy.
If I’m understanding the suggestion, you’re suggesting keeping all permissions (including access to contacts), and assume that users will seek out a privacy policy to see how their information will be used? And to trust the app creator to abide by that privacy policy?
If you app tries to actually access contacts, location, etc, Android/iOS will prompt the user with an Alert asking to give permissions. Otherwise no permissions are given. By default Android has all permissions set to false. So your users will not have to worry about you reading their contacts or viewing their location, unless of course your app does that.
To be more specific, our app does not use any of these, very simple. I understand since we do not use these, it wont ask for permission while the app is running, unless I am wrong. Will the user be prompted for any of these permissions on installation? Really wish since we do not use these they were not there.
It’s just an XML file (manifest.xml), it should be easy enough to have Thunkable selectively grant those permissions depending on which modules are used, no?
As you can see from some of the responses above, these permissions often depend on the components you are using in your project. Which of these have you used? I believe the permissions can remain even if you add and then remove a component.