Why is my app requesting permissions for contacts, camera, etc?

When to launch a beta app that only has 2 buttons for the entire app.

Why did i get this error?

“Your app has an apk with version code 1 that requests the following permission(s): android.permission.CAMERA,android.permission.RECORD_AUDIO,android.permission.READ_PHONE_STATE,android.permission.READ_CONTACTS. Apps using these permissions in an APK are required to have a privacy policy set.”

and how do i fix this?

Hi @Christopher_Rogers,

Are you using Classic or X to build your app?

Just out of curiosity, why are you trying to publish an app with just two buttons? Does it have a WebViewer too by any chance??

Check out @pavi2410’s post on creating privacy policies for your app here:

Learn how to create Privacy Policy for your apps

1 Like

yes i am using X to build the app. I have an app published that has has the same camera, contacts, etc permissions that is only buttons linked to links, so there is no reason why the app would have the permissions. I got an email from Google saying i needed to remove the permissions or the app would be deleted.

so i created a simply 2 button app to see what permissions would be created… and it showed the same permissions of camera, contacts, etc.

I am a newbie here, am i missing something?

Are you sure? When I create the same app and install (I know I’m skipping the Play store here) I get this message

again i am new here, but how are you installing it? i get this error when i was going through the process of uploading to google play.

“Your app has an apk with version code 1 that requests the following permission(s): android.permission.CAMERA,android.permission.RECORD_AUDIO,android.permission.READ_PHONE_STATE,android.permission.READ_CONTACTS. Apps using these permissions in an APK are required to have a privacy policy set.”

I’m just side-loading the apk. I’m away from my computer right now but I’ll see what happens when I upload to Google play tomorrow.

In any event, it’s good practice to have a privacy policy anyway. If you upload one that will get rid of the error message you are seeing.

http://community.thunkable.com/t/google-play-violation/47334/38?u=domhnall

1 Like

I actually have a privacy policy, but got this email from Google.

Hello Google Play Developer,

In October, we [announced updates] to our Permissions policy that will limit which apps are allowed to request Call Log and SMS permissions. This policy will impact one or more of your apps.

Only an app that has been selected as a user’s default app for making calls or text messages, or whose core functionality is approved for one of the exception use cases, will be able to request access to Call Log or SMS permissions.

Action required

Below, we’ve listed apps from your catalog which do not meet the requirements for permission requests. Please remove any disallowed or unused permissions from your app’s manifest (specified below), migrate to an alternative implementation (e.g. SMS Retriever API for most cases of OTP verification), or evaluate if your app qualifies for an exception.

Next steps

  1. Read through the Permissions policy and the Play Console Help Center article, which describes intended uses, exceptions, invalid uses, and alternative implementation options for usage of Call Log or SMS permissions.

  2. Update your app or submit a Permissions Declaration Form.

  • Option 1) If your app does not require access to Call Log or SMS permissions: Make appropriate changes to your app by removing the specified permissions from your app’s manifest or migrating to an available alternative implementation by January 9, 2019 .

  • Option 2) If your app is a default handler or you believe your app qualifies for an exception: Please submit a request via the Permissions Declaration Form. You do not need to have implemented APK changes in order to submit a form. Declaration Forms received by January 9, 2019 may be eligible for additional time to make changes to bring their app(s) into compliance. If you have recently submitted a Permissions Declaration Form, we are in the process of reviewing your information and will respond to your application.

  1. Make sure that your app is otherwise compliant with all other Developer Program Policies to prevent your app from being removed.

Alternatively, you can choose to unpublish the app.

Our Developer Program Policies are designed to provide a safe and secure experience for our users while also giving developers the tools they need to succeed. That is why we will remove apps that violate our policies. In cases of repeated or serious violations of our policies, we may also terminate your developer account and any related developer accounts.

We appreciate your willingness to partner with us as we make these improvements to better protect users.

Affected apps

Affected apps and permissions are listed below, up to 20; if you have additional apps, please ensure that they are also compliant with the Permissions policy.

************************** READ_SMS

I guess im just trying to figure how to be in compliance?

Thanks for the additional info, that’ll help me find a solution.

One more thing:

When you say linked to links… what are you linking to? Social media pages? Are you using the activity starter in this published app too??

I have buttons that have links to pdf files in my dropbox. literally that is all that is in my app. just buttons to navigate between pages, and buttons that link to the pdf files stored in my dropbox. I will send you any additional info that you need, if it can help.

I REALLY appreciate all your help!

still looking for a fix here… any takers that can help a new guy out?

Because of how Thunkable X apps are built, they will ask for all of the permissions that any Thunkable app could possibly use. Long term this won’t be the case, but that’s how it’s setup right now.

I think we’ve removed the SMS permission from Thunkable X apps in a recent release, so if you download your apk again, then the SMS permission won’t be there, and this e-mail from Google Play will not affect you.

1 Like

i to got the same mail from my play store … what to do

This is the response I got from Thunkable

"Because of how Thunkable X apps are built, they will ask for all of the permissions that any Thunkable app could possibly use. Long term this won’t be the case, but that’s how it’s setup right now.

I think we’ve removed the SMS permission from Thunkable X apps in a recent release, so if you download your apk again, then the SMS permission won’t be there, and this e-mail from Google Play will not affect you."

are you absolutely sure? I

I have the same issue. What can be done to overcome this?

I have the same issue. Help me!

HI @guido.marangoni :wave:

What components are you using in your app?

Thanks!

Ciao @domhnallohanlon and thank you! :slight_smile:
It’s a very simple app. I use only image, rows, columns, label, buttons, fields and webviewer…
…but I read in Google Play Console many requests for unnecessary authorization.Why?

android.permission.ACCESS_NETWORK_STATE, android.permission.ACCESS_WIFI_STATE, android.permission.BLUETOOTH, android.permission.BLUETOOTH_ADMIN, android.permission.CAMERA, android.permission.FOREGROUND_SERVICE, android.permission.INTERNET, android.permission.MANAGE_DOCUMENTS, android.permission.MODIFY_AUDIO_SETTINGS, android.permission.READ_APP_BADGE, android.permission.READ_CALENDAR, android.permission.READ_CONTACTS, android.permission.READ_EXTERNAL_STORAGE, android.permission.READ_INTERNAL_STORAGE, android.permission.READ_PHONE_STATE, android.permission.RECEIVE_BOOT_COMPLETED, android.permission.RECORD_AUDIO, android.permission.STORAGE, android.permission.SYSTEM_ALERT_WINDOW, android.permission.USE_FINGERPRINT, android.permission.VIBRATE, android.permission.WAKE_LOCK, android.permission.WRITE_CALENDAR, android.permission.WRITE_EXTERNAL_STORAGE, android.permission.WRITE_SETTINGS,

Thank you very much!

Guido

Web Viewer will require a lot of permissions as it is possible to access pages that ask for the use of (eg) the camera, in order to cover all possible requirements of pages that could be visited. Permissions cannot be requested ad hoc based on the pages visited in the Web Viewer.

1 Like

Hello, I have this:

Your app has an apk with version code 1 that requests the following permission(s): android.permission.CAMERA,android.permission.RECORD_AUDIO,android.permission.READ_PHONE_STATE,android.permission.READ_CONTACTS. Apps using these permissions in an APK are required to have a privacy policy set.

My app does not use any of these, and I would like it if I could just remove these from my code, as I do not use them and I don’t want my users to have to approve these, as it’s kind of weird and I just want no permissions. Is there no way to fix this? Or do I just have to stick with it? I’m even fine with editing the APK file myself if you guys can point me in the right direction of the code I can change, I just really don’t want these odd permissions in my app.

Thank you!