[Android SDK] Migrating from rx:0.5.4 to 0.6.0@aar adds new permissions

beetlebum · September 26, 2016, 3:50pm

I’ve noticed that after migrating to the new 0.6.0@aar version, there are two new permissions added to the manifest file:

 <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />

This is causing some distress on our users who think they’re being spied on. Is there any way we can make these optional?

Thanks!

josh · September 27, 2016, 4:44am

Hi @beetlebum there are no new permissions between the 0.5.4 and 0.6.0. These have been there for a while as way to grab the geolocation context. If you do not wish to grab the geolocation context then you do not need to include these permissions.

From the 0.5.4 core gradle: https://github.com/snowplow/snowplow-android-tracker/blob/0.5.4/snowplow-android-core/src/main/AndroidManifest.xml#L6-L8

Hope that helps,
Josh

beetlebum · September 27, 2016, 7:29am

Hi Josh,

The fact of the matter is we migrated from rx 0.5.4 to core 0.6.0 and got the new permissions added.

From 0.5.4 rx: https://github.com/snowplow/snowplow-android-tracker/blob/0.5.4/snowplow-android-tracker-rx/src/main/AndroidManifest.xml

We’re not including the permissions, they are being merged into the manifest from the aar dependency. We can try to remove them in our manifest using tools:remove but it feels hacky.

Thanks again,
Diego.

josh · September 27, 2016, 7:42am

Ahh yes perhaps due to the fact that these were included from the core in the past they were not dragged along with the 0.5.4 install.

I will make a ticket to address this in a bug fix, thanks for raising!

beetlebum · September 27, 2016, 8:59am

Thanks Josh.

As a workaround, I’ve done the following:

<uses-permission
      android:name="android.permission.ACCESS_COARSE_LOCATION"
      tools:node="remove"/>
  <uses-permission
      android:name="android.permission.ACCESS_FINE_LOCATION"
      tools:node="remove"/>

It will remove the permissions from the merged manifest.
I would suggest having the geolocation components as a separate aar with the required permissions.

Cheers,
Diego.

josh · September 27, 2016, 12:58pm

Hi @beetlebum,

Thanks for the workaround! I will publish a version of the library which does not contain these permissions - akin to the manifest from 0.5.4.

Cheers,
Josh

josh · September 27, 2016, 5:08pm

Hi @beetlebum,

I have published an 0.6.1-M1 to JCenter. Would you be able to have an attempt at consuming the library now and letting me know whether or not the problem is resolved?

Cheers,
Josh

Topic		Replies	Views
Snowplow Android and iOS Tracker version 5.2.0 released New releases	0	1006	June 2, 2023
Geolocation context with manual opt-in? Tracking SDKs	3	1407	December 14, 2017
Snowplow Android Tracker 0.6.2 released New releases	3	990	January 14, 2017
Snowplow Android tracker v4.1.1 released New releases	0	663	December 2, 2022
Snowplow Android and iOS Trackers version 4.1 New releases	0	685	November 16, 2022

[Android SDK] Migrating from rx:0.5.4 to 0.6.0@aar adds new permissions

Related Topics