I’ve noticed that after migrating to the new 0.6.0@aar version, there are two new permissions added to the manifest file:
<!-- Enable the permissions below for getting users geographical location. --> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
This is causing some distress on our users who think they’re being spied on. Is there any way we can make these optional?
Hi @beetlebum there are no new permissions between the 0.5.4 and 0.6.0. These have been there for a while as way to grab the geolocation context. If you do not wish to grab the geolocation context then you do not need to include these permissions.
From the 0.5.4 core gradle: https://github.com/snowplow/snowplow-android-tracker/blob/0.5.4/snowplow-android-core/src/main/AndroidManifest.xml#L6-L8
Hope that helps,
The fact of the matter is we migrated from rx 0.5.4 to core 0.6.0 and got the new permissions added.
From 0.5.4 rx: https://github.com/snowplow/snowplow-android-tracker/blob/0.5.4/snowplow-android-tracker-rx/src/main/AndroidManifest.xml
We’re not including the permissions, they are being merged into the manifest from the aar dependency. We can try to remove them in our manifest using
tools:remove but it feels hacky.
Ahh yes perhaps due to the fact that these were included from the core in the past they were not dragged along with the 0.5.4 install.
I will make a ticket to address this in a bug fix, thanks for raising!
As a workaround, I’ve done the following:
It will remove the permissions from the merged manifest.
I would suggest having the geolocation components as a separate aar with the required permissions.
Thanks for the workaround! I will publish a version of the library which does not contain these permissions - akin to the manifest from 0.5.4.
I have published an 0.6.1-M1 to JCenter. Would you be able to have an attempt at consuming the library now and letting me know whether or not the problem is resolved?