How to find source of a permission in Unity Android

Question

Note: This question is specific to Unity3D

I have a very clean android manifest file in Unity project under Plugins/Android/ folder with no <uses-permissions/> tag at all. I believe that some permissions in final APK comes from Android Player Settings for-example READ_EXTERNAL_STORAGE. In my Gear VR project I see following lines added in final manifest which can be accessed in Temp/StagingArea/:

<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-feature android:name="android.hardware.microphone" android:required="false" />

Now this is definitely coming from one of the plugins that I have in my project (I have many plugins).

My app is getting rejected from Oculus saying

Your app is asking for excessive user permissions for using user permissions inappropriately.

I found a workaround here, but I dont want to do such a thing as this may result in app rejection once again.

So

Is there a way I can find out that where this permission is coming from?

How to find out if there is some code in my scripts which causes unity to include this permission?

Thanks


Show source
| android   | unity3d   | android-manifest   2016-12-02 12:12 2 Answers

Answers ( 2 )

  1. 2016-12-02 12:12

    Unity will add permissions for you on the fly during build time as mentioned by eriQue of Unity Technologies this is to prevent malfunction of code, and unexpected behaviours.

    You could use a tool such as this Apk-decompiler to take a look at your new manifest, and which permissions this uses. Based on that you may look for certain functions that could trigger these permissions.

    Certain functions such as isGeniune will require several permissions as it will use verification against an external server.

    Alternatively you can also replace your manifest in the decompiled APK, manually change out the manifest with the one intended, and resign it. This is some more grunt work, but if proper error logging is in place it might speed up the process of tracking down the problematic functions.

    Update

    As I mentioned in the comments below as well. There is no real way to pinpoint functions. But a quick check list can not hurt, but will require some work

    • Are you using any external services?

    A lot of external services, think of google, twitter, facebook api's and tools require additional permissions. Usually these are storage/network related, but depending on the goals of the tool / api, it could be many more.

    Try building your APK with and without the tools/apis to see if there are any differences.

    • Are you using unity ads?

    Unity ads makes use of 3 permissions by itself, and older versions might still even make use of 5. If you are using their ads, then you will have to take these for granted.

    • Did you disable unity statistics?

    Ever looked at those fancy stats Unity seems to be able to provide? Well, unless you disabled this, you are most likely participating in this as well.

    These stats require several permissions, as the phone will be analysed on a hardware level as well as seen in the provided stats.

    • Are you really using all your api/tool/assets requirements?

    You might have included some api's, tools or just about any dll from an external party that may or may not include code that requires dependencies. Just as often those are not 100% sanitized, and might include permission requirements not relevant to their functionality, or to the functionality that you require.

    Say, some ad service might want to access a users microphone. But as you are not using their "OMG vocal response analyses" functions, this permission is not required for you.

    These permissions can either be removed manually, as I earlier described in my answer. Or through some form of automation such as the post build marked editor script.

    QUESTION SPECIFIC:

    RECORD_AUDIO permission makes its way into android manifest file if there is a call to Microphone library in any of script in project. It doesn't matter if the script exists in scene or not. In this specific case, if Oculus Platform SDK is imported in project (which is a store requirement) there are few scripts which uses Microphone library. So if you don't use any audio recording feature e.g voice input, just remove the following files under OculusPlatform/Scripts: MicrophoneInput.cs, IMicrophone.cs, MicrophoneInputNative.cs

  2. 2016-12-02 12:12

    @mx-d is right. I just want to add another way of fixing this: in build settings you can tick the Google Android Project which will generate an Android Studio project. From there you can use Android Studio's manifest merger tool to override the permissions.

    Question #1: the only way to find which library is throwing in the extra permission is to remove libraries one by one, building the project and checking the .apk manifest. Unfortunately unity is not as flexible as Android Studio production-wise.

    Question #2: You can not add permissions in Unity through code (unless it's a custom editor script specifically designed for stitching up manifest files)

◀ Go back