When uploading a swedish app build with SAB 5.0 to Google Play, I get a warning that the app is using the android.permission.READ_PHONE_STATE. This seams to be new for SAB 5.0?
I also needed to update the secretes policy about what data is collected, not sure on what to include here. Why is the app reading the Phone State?
Anyone that have had the same issue?
Does anyone have a link to a secretes policy for a SAB app that can be used as a template?
https://developer.android.com/about/versions/pie/android-9.0-migration says in section Key changes that affect apps when targetSdkVersion is set to 28.:
Removal of direct access to Build.serial
Apps needing the Build.serial identifier must now request the READ_PHONE_STATE permission and then use the new Build.getSerial() method added in Android 9.
This gets technical and may relate to increased security in Android 9.
Thanks for the links and the technical details, it is good to know the reason for the usage of READ_PHONE_STATE permission.
Iām not using analytic, but I had to add link to a policy page on the translations website that states that no data is collected in the app. This seams to allow me to upload the apk file and publish the app in the Google Play console. Right now the app is in Beta testing, but so far it looks good.
The Android READ_PHONE_STATE permission is needed to access the IMEI or serial number of a phone or tablet.
But this will only be needed if you are using one of the restricted user modes (see App > Security) in the builder, where you can choose to restrict the use of the app to certain devices. Otherwise, if you have chosen āAllow anyone to install and use this appā, no IMEI check will be made.
No IMEI or serial number information is used when sending Analytics.
It looks as if Google Play is flagging up this issue because it finds some code in the app asking for the IMEI - but it does not realise that your app does not actually run this part of the code.
It would be better if the lines of IMEI checking code are omitted when your app will not call them - so as to not confuse Googleās checking program. I will make a note of this as something to look at for a future release. In the meantime, you will need to supply a privacy policy and state clearly that your app does not collect any sensitive user information.
Iām using SAB 5.1. I created a new release of a Scripture app and now get the warning that the app requires the READ_PHONE_STATE permission. Previous versions didnāt require it. I have chosen āAllow anyone to install and use this app.ā When someone tries to install this app, they will have to give it permission āto determine the phone number and device IDs, whether a call is active and the remote number connected by a call.ā !! In the area where I am distributing the app, this would be a huge red flag, and itās very possible the person would choose not to install it. (I wouldnāt install it.) I think this issue needs to be fixed.
No, Iāve always used the āallow anyoneā option. There are some work-arounds Iāve found on Google, but Iām not ready to jump in and try any of themāa bit risky in my opinion. If I have to go back to a previous release of SAB, I will. But that might not solve the problem.
Iād like to see your .appdef file to see what is in that. Though if you never changed the restriction that is unlikely. You can send it in a Private Message. Click on my icon and select message.
It says Iām not allowed to send a personal message to you. Also, when I tried to upload the file into the message, it wouldnāt accept the .appdef format. Is there another way I can send the file?
Just thought Iād put it out there that Iāve had this same problem as well. Thereās no reason that these requirements should be in the app, but they are. Iāve never even messed with the security page, except to āCompress and encrypt data in the appā.
Has this been fixed? I noticed that it says in the Release Notes of SAB 5.2:
Separated out code for security modes requiring access to the device IMEI number into a separate library. The code will only be included in the app if it needs to be.
I think we have discovered why this is happening. The additional permission is being inserted during the build process. It has been fixed for the next version, to be released in the next few days.
Hi - Iāve just rebuilt my app in 5.2 and have the same problem
Iād rather not have to deal with a privacy policy so Iāll not launch my update for now.
Thanks for working on this.