Hi @beetlebum there are no new permissions between the 0.5.4 and 0.6.0. These have been there for a while as way to grab the geolocation context. If you do not wish to grab the geolocation context then you do not need to include these permissions.
We’re not including the permissions, they are being merged into the manifest from the aar dependency. We can try to remove them in our manifest using tools:remove but it feels hacky.
It will remove the permissions from the merged manifest.
I would suggest having the geolocation components as a separate aar with the required permissions.
I have published an 0.6.1-M1 to JCenter. Would you be able to have an attempt at consuming the library now and letting me know whether or not the problem is resolved?