Remove unnecessary permissions?

I’m trying to remove unnecessary permissions from my Android Thunkable app. By default the Play Store is telling me my app is requesting this:

android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.READ_PHONE_STATE
android.permission.READ_CONTACTS

My app simply plays a few sounds, so these are completely unnecessary. Any advice on removing them?

3 Likes

Hi,
What components have you used?

Seems you used Camera

Seems you used Sound Recorder (Voice Recognizer)

Seems you used Photo Album


From where?
Have you taken them in assets?

Thanks!

1 Like

Seems you used Camera, sound recorder, etc

That’s odd, I haven’t done any of those things, at least not intentionally.

My app is just a bunch of buttons that trigger sounds (a “soundboard”), nothing more. The sounds are just MP3s that I imported into the files section.

1 Like

I figured out how to remove the permissions manually, in manifest.xml. Using APK Studio it’s possible to open the manifest.xml file and remove these permissions:

<uses-permission android:name="android.permission.CAMERA"/>
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.READ_CALENDAR"/>
<uses-permission android:name="android.permission.WRITE_CALENDAR"/>
<uses-permission android:name="android.permission.RECORD_AUDIO"/>

Two questions:

  • can anyone see a disadvantage to manually removing these permissions from manifest.xml? (assuming of course that my app doesn’t use the above features of Thunkable)? Am I likely to break anything internally?

  • Is there any way to remove these permissions in the Thunkable IDE? If not, I’d humbly suggest that it would be a nice option… I would never install an app that asks for access to my contacts without good reason.

2 Likes

I wonder how these silly permissions even got into your app… :thinking:

So, is your Problem solved for now?
If yes, Mark this (Click this to see the post :sweat_smile:) post as the Solution! :white_check_mark:

It will clear this topic from the unsolved topics, and move his to solved topics. :wink:

Thanks! :blush:

1 Like

It looks like Thunkable adds these permissions into every app? I just created a new app and inserted a single button, then built the APK and examined it’s manifest.xml, and it created all of the above permissions too, including the need to read my contacts…

Does anyone know why that is?

And if there isn’t already a way to disable that, maybe it would make a good feature request?

It’s more of a workaround than a solution I think, but I’m glad to mark it solved if you think that’s appropriate.

2 Likes

@Mark will help and solve i hope it will be great.
Thanks

2 Likes

We know about this. Given our product architecture it’s a bit more complex to deal with than we’d like, so it might take a while. For the most part, it doesn’t interfere with the actual working of your apps, but I appreciate that you (and your users) don’t want to see unneeded permissions in the list.

-Mark

3 Likes

Thanks for the explanation. I still don’t understand why access to contacts would ever be required, given the available widgets? Of all the requested default permissions that seems like the most alarming to users.

And maybe the ability to turn these off in app settings?

1 Like

And by the way @mark (and all the devs) thanks massively for the amazing work you do! Hopefully it’s clear the above is all meant constructively.

2 Likes

Yeah, I think it’s worth us looking into that one specifically.

-Mark

1 Like

Thanks, @wrybread! We appreciate your appreciation!

-Mark

2 Likes

I am not sure how this will manifest itself, in the App Listing, or just requiring a Privacy Policy, can someone explain, since we do not use any of there permissions? Also, would thunkable in an important case will willing to review the App and remove these from any manifests?

Ed

These permissions are default installed. It is much simpler and means there is less chance of a mess up with the code if you add a component then remove it. Everything is pre imported. Just make a privacy policy with Free Privacy Policy.

If I’m understanding the suggestion, you’re suggesting keeping all permissions (including access to contacts), and assume that users will seek out a privacy policy to see how their information will be used? And to trust the app creator to abide by that privacy policy?

If you app tries to actually access contacts, location, etc, Android/iOS will prompt the user with an Alert asking to give permissions. Otherwise no permissions are given. By default Android has all permissions set to false. So your users will not have to worry about you reading their contacts or viewing their location, unless of course your app does that.

To be more specific, our app does not use any of these, very simple. I understand since we do not use these, it wont ask for permission while the app is running, unless I am wrong. Will the user be prompted for any of these permissions on installation? Really wish since we do not use these they were not there.

It prompted me to grant those permissions.

It’s just an XML file (manifest.xml), it should be easy enough to have Thunkable selectively grant those permissions depending on which modules are used, no?