0

I develop watchfaces for WearOS. I'm trying to modularize my code, by creating a base module that contains the common code for all my projects. Amoung other things, it should contain the code responsible for the in-app purchases. For this reason, I have to add <uses-permission android:name="com.android.vending.BILLING"/>. However, some projects don't have an in-app purchase. Therefore, these projects would inherit the BILLING permission, but actually woudn't need it.

So my questions are:

  • Is there a way around it? Like a way to conditionally specify aspects of the Manifest?
  • What are the consequences if I simply let this BILLING permission in, even if it's not required?
  • More generally, are there more "dangerous" permissions to let in when not required?
cyphics
  • 300
  • 3
  • 16

2 Answers2

1

Is there a way around it? Like a way to conditionally specify aspects of the Manifest?

I think there is no way of not declaring permissions in the manifest:

What are the consequences if I simply let this BILLING permission in, even if it's not required?

If it is a install-time permission the system will grant it automatically. But if it is a runtime-permission you must request the permission at runtime before usage.

So if you declare permissions that you do not need, in best case nothing happens. But I am not that much aware what kind of security issues can arrise from doing that.

Be aware that requesting permissions that you do not need in your App is against good practice:

Caution: Carefully consider which permissions you declare in your app's manifest. Add only the permissions that your app needs. For each permission that your app requests, make sure that it offers clear benefits to the user and that the request is done in a way that's obvious to them.

See also this post

Remove Permissions

You can also consider removing permissions in your (sub)modules that you declared in your base modules:

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:node="remove"/>
ChristianB
  • 1,508
  • 2
  • 5
  • 15
1

When uploading the app, you need to complete a Permissions declaration and the app goes through review. What you're seeking to do seems to explicitly run counter to the Play Store "Permissions policy" guidelines:

You may only request permissions that are necessary to implement current features or services in your app that are promoted in your Play Store listing.

I would expect your app to fail the review in light of this (or if it did pass the first time somehow, to possibly fail future reviews if it gets caught at a later stage).

anotherdave
  • 6,670
  • 4
  • 31
  • 62