Disable App Permissions and third party services

6 replies [Last post]
marksumarksu
User offline. Last seen 1 day 5 hours ago. Offline
Joined: 10 Jan 2011

Hi!

I have recently started compiling several of my iOS apps to Android for the first time. Everything runs smoothly and the simple process really shows what a great tool Corona is!

However, it feels like things are somewhat messy and weird on the finish line: when it comes to creating the .apk. Unnecessary permissions like READ_PHONE_STATE are automatically added, several third party tools leave traces in the binary as well as the AndroidManifest.xml file.

To me and many other, this is an issue, especially since many of my app focus on learning targeted to kids - and the parents buying the apps are senitive to unnecessary statistics, as they should be. Since I do not use any statistics, ad programs or similar third party services offered by Corona, it feels pretty strange that the app asks for permissions and it does not even use, which might scare my users. I basically need no special permissions for most of my apps, yet they all come fully loaded with them!

Today, it seems like my only option is to manually decompile the .apk using apktool for example, and manually remove the permissions from the manifest, as well as the unnecessary binary components. This feels a bit risky for obvious reasons. I see this as a temporary but far from preferred way to solve this issue.

I know has been discussed several times on the forum (trust me I've done the searching and reading :) ) and see some references to coming changes in the daily builds - but no real answers have been set in stone for this, as far as I can tell.

So, to the corona team and everyone else willing to give their two cents - once and for all:

Is there a way to safely disable the "standard" permissions, i.e. using build.settings? If not, what is your recommended procedure for disabling these?

Can we disable the third party services from being included in the binary - and if not, how far up on the roadmap is this?

Thanks!

PS!

Some related reading on this subject here on the forum:
http://developer.anscamobile.com/forum/2011/10/08/amazon-kindle-fire-warning
https://developer.anscamobile.com/forum/2011/08/02/amazon-app-store-issue-latest-build-591
http://developer.anscamobile.com/forum/2011/10/12/suggested-settings-permissions-submitting-amazon-app-store
http://developer.anscamobile.com/forum/2012/02/03/android-permissions-without-features

Replies

Omnigeek Media
User offline. Last seen 1 week 6 days ago. Offline
Joined: 18 Jan 2011

Add:

launchPad = false,

to your application = {} block in your config.lua.

This will turn off the analytics unless you do something to force it on like ads, gameNetwork, etc.

That should hopefully get rid of the need for the phone information access. You control the internet permission yourself in build.settings.

There are a few other threads about cleaning up the .apk files, cutting out some of the extra bits that are not necessary coming.

WauloK
User offline. Last seen 4 years 50 weeks ago. Offline
Joined: 21 Oct 2010

I had a feeling that read phone state was necessary in all apk apps and not just a Corona thing...

WauloK
User offline. Last seen 4 years 50 weeks ago. Offline
Joined: 21 Oct 2010

This is from Adobe's AIR site. I wonder if it applies to Corona as well:

"READ_PHONE_STATE
Allows the AIR runtime to mute audio during phone calls. You should set this permission if your app plays audio while in the background."

marksumarksu
User offline. Last seen 1 day 5 hours ago. Offline
Joined: 10 Jan 2011

Unfortunately the launchPad-argument does not seem to get rid of the READ_PHONE_STATE-permission.

rob: Can you specify how the internet permission can be controlled, in that case. I cannot seem the deactivate it either.

From what I can see, READ_PHONE_STATE is used to gather info like the unique device ID of the device, something I honestly have no use for. And as far as I can see, there are MANY apps on the Android Market that don't use it, so I don't really think it's needed.

I know there are several other threads, but many of them are old and contain outdated or contradictory information. So I though we could have the opportunity to clear this up once and for all, hopefully with some input from the Ansca team!

Omnigeek Media
User offline. Last seen 1 week 6 days ago. Offline
Joined: 18 Jan 2011

Like an idiot, I didn't turn it off when I re-submitted it to Amazon, but in your build.settings make sure you DO NOT include this:

androidPermissions =
{
"android.permission.INTERNET"
},

That should turn off the permissions unless analytics or something else is turning it back on.

I still got the READ_PHONE_STATE.

marksumarksu
User offline. Last seen 1 day 5 hours ago. Offline
Joined: 10 Jan 2011

For the record - removing "android.permission.INTERNET" doesn't seem to have any effect at this time. I have to remove them manually.

Sadly, it seems the only option is to remove the permissions manually and just deal with the third party libraries being added.

For mac users interested in decompiling their apk, I can really recommend the apk manager found here:
http://forum.xda-developers.com/showthread.php?t=1285130

It can be a bit tricky to install coreectly but once it's running, it's amazing!

Viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.