• Hey Guest! Ever feel like entering a Game Jam, but the time limit is always too much pressure? We get it... You lead a hectic life and dedicating 3 whole days to make a game just doesn't work for you! So, why not enter the GMC SLOW JAM? Take your time! Kick back and make your game over 4 months! Interested? Then just click here!
  • Hello [name]! Thanks for joining the GMC. Before making any posts in the Tech Support forum, can we suggest you read the forum rules? These are simple guidelines that we ask you to follow so that you can get the best help possible for your issue.

Android AndroidManifest.xml dangerous permission is automatically injected

A

ahinbazly

Guest
Creating a new empty project without any extension and choosing Android as the target, will generate an APK with the following permissions in AndroidManifest.xml:

Code:
 <!-- uses here -->
  <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-feature android:glEsVersion="0x00020000"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
I made sure no permission is enabled, in Game Options - Android.

Code:
Environment:

Windows 10.
IDE Version: 2.0.7.171
Current Runtime: 2.0.7.110

Android Build Settings:

Build Tools: 25.0.2
Support lib: 25.3.1
Target SDK 22
Min SDK 9
Compile SDK 25
 
Last edited by a moderator:
A

ahinbazly

Guest
I can confirm the same problem on macOS IDE version.
The problem is that Write External Storage permission is classified by Google as dangerous, it will be listed with a terrifying description in the app store listing:
This app can:
- read the contents of your USB storage
- modify or delete the contents of your USB storage
Also, it requires the user to explicitly grant this permission, This severely impacts both downloads and user experience for nothing, since my game doesn't use this permission anyway.

I wonder if anyone else has the same issue?
 
Last edited by a moderator:

Mool

Member
You can decompile your apk and delete these permissions. After that you can build and sign your apk -> upload

-->apktool
-->but its against the YYG rules
 
H

HW.

Guest
i also get that External Write/Read Storage.

That makes my app in Google Play more uncompetitive now with the storage permission.

YYG please check this. the storage permission is automatically added, without it being ticked in the setting.
 

FrostyCat

Redemption Seeker
Not only could the hack be against the EULA for tampering with a compiled output, it could also be ineffectual to boot.

I went into the runner and searched for things that may insert the permissions, and here's the only occurrence:
Code:
            if (android.os.Build.VERSION.SDK_INT >  android.os.Build.VERSION_CODES.JELLY_BEAN)
            {
                if(ContextCompat.checkSelfPermission(RunnerActivity.CurrentActivity,Manifest.permission.WRITE_EXTERNAL_STORAGE)!= PackageManager.PERMISSION_GRANTED)
                {
                    permissionstoreq.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
                }
               
                if(ContextCompat.checkSelfPermission(RunnerActivity.CurrentActivity,Manifest.permission.READ_EXTERNAL_STORAGE)!= PackageManager.PERMISSION_GRANTED)
                {
                    permissionstoreq.add(Manifest.permission.READ_EXTERNAL_STORAGE);
                }
            }
Source: C:\ProgramData\GameMakerStudio2\Cache\runtimes\runtime-2.1.0.136\android\runner\ProjectFiles\src\main\java\YYAndroidPackageDomain\YYAndroidPackageCompany\YYAndroidPackageProduct

While this isn't exactly what I'm looking for, this is still in the APK as part of the build process. Even if you unpackage the APK and edit out the permission in the manifest, this call still exists in the product. It's the same class of problems as the UWP environment variable issue fixed in 1.4.1773.

Worse yet, because the hack involves editing the APK after compilation is done, the signature of the APK would also have been violated in the process. That's expected procedure if you're trying to pirate an app, but not if you're trying to publish an app.

This hack might pass a cursory check on a developer device, but I have no confidence in this passing a Google Play publishing audit. The developers at YoYo shouldn't consider this a done deal just yet.
 
H

HW.

Guest
:rolleyes:It seems to be fixed internally by YYG said Claire, YY staff from the other twinsie thread...:p

I can't wait for the fix to be released soon..;)

Finally, a magical cure for all players of my apks on Google Play developed using GMS2 Mobile (\:D/)

:banana::bunny::banana::bunny::banana:
 
H

HW.

Guest
EDIT: Solved, read other similar thread.
 
Last edited by a moderator:

rIKmAN

Member
Pleaseeeeee update again...... OMG :(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
There is no need post the same thing in multiple threads dude.

I replied in the other thread asking why you can't remove the permission from the manifest yourself manually until it gets included in a future update.
 
G

Guest

Guest
This seems to be resolved for me, as I posted here.

(And I'm posting in both of these threads because they stick around forever, and it sucks when you're trying to find a solution with multiple threads and no cross-referencing.)
 
Top