Home > Enterprise >  Remove unwanted permissions from Expo app
Remove unwanted permissions from Expo app

Time:05-19

I developed an Expo app (managed) and generated the Android binary using EAS. After submitting the binary for internal testing, I see many dangerous unwanted permissions on the Google Play store.

unwanted permissions on Google Play store

The worse ones are "Camera: take pictures" and "Microphone: record audio." These scare away anyone concerned with privacy.

My app doesn't access the camera or the microphone, and I have no idea how these permissions got there.

I found questions related to React-Native and Android development, and their solution is to edit the AndroidManifest.xml. This solution is not compatible with my case, a Managed Expo environment. And no, I'm not ejecting the app.

PS: There are similar questions to this, but none related to Managed Expo environments - they are all about Android or React Native. Not the same thing.

CodePudding user response:

To use ONLY the following minimum necessary permissions and none of the extras supported by Expo in a default managed app, set permissions to []. The minimum necessary permissions do not require a Privacy Policy when uploading to Google Play Store and are: • receive data from Internet • view network connections • full network access • change your audio settings • prevent device from sleeping To use ALL permissions supported by Expo by default, do not specify the permissions key. To use the minimum necessary permissions ALONG with certain additional permissions, specify those extras in permissions, e.g. [ "CAMERA", "ACCESS_FINE_LOCATION" ].

Thats why you have extra permissions, you can read about it here

CodePudding user response:

Short answer: add permissions and blockedPermissions to your app.json

"android": {
  // ...
  "permissions": [],
  "blockedPermissions": [
    "android.permission.RECORD_AUDIO",
    "android.permission.CAMERA"
  ]
}

After doing this, my binary finally got rid of the unwanted permissions.

Long Answer

It happens that Expo automatically includes lots of permissions by default: camera access, microphone recording, read and write external storage, etc.

To remove these permissions, it is necessary to include an android.permissions key on app.json.

For example, to remove them all: "permissions": [] (thanks, Mehdi, for pointing this out!).

But after doing this, it didn't change anything. The generated binary kept requesting "CAMERA" and "RECORD_AUDIO" permissions.

That's because some of the libraries I had on package.json have these permissions on their own manifests and expo automatically merges them with my permissions. From the official documentation:

When adding Expo and other React Native modules to your project, certain Android permissions might be implied automatically

In my case, the culprits were expo-av, sentry-expo, and some others.

To force Expo to remove the permissions, it's necessary to also set android.blockedPermissions and pass an array with the fully-qualified permission name (ex. android.permission.RECORD_AUDIO).

So my app.json became this:

"android": {
  // ...
  "permissions": [],
  "blockedPermissions": [
    "android.permission.RECORD_AUDIO",
    "android.permission.CAMERA"
  ]
}

After adding permissions and blockedPermissions, my binary finally got rid of the unwanted permissions.

Page link:https//www.codepudding.com/Enterprise/411218.html

Prev:ObjectBox, how to drop-everything migration on conflicts?
Next:ggraph specify both fill and colour of nodes
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding