How to test reduced Android permissions in dev? (SDK 40)

  1. SDK Version: ^40.0.0
  2. Platforms(Android/iOS/web/all): Android

I know there are lots of permissions topics around, but I searched hard and couldn’t find this specific one.

I’m trying to reduce my permissions set to the minimum. But I can’t figure out if certain ones are needed, or what the existing ones are used for. I use camera, lowest accuracy location, and notifications (remote only - so I don’t need RECEIVE_BOOT_COMPLETED). Based on the features I use I think I can reduce it in app.json to just ["ACCESS_COARSE_LOCATION", "CAMERA"] but I’m not sure how to test this in dev, any ideas?

I use notifications, but I don’t know if I need all the permissions that come default.

I can’t figure out if I use anything that needs the following permissions that are included:

      "permissions": [
        "ACCESS_COARSE_LOCATION",
        "ACCESS_FINE_LOCATION",
        "READ_EXTERNAL_STORAGE",
        "READ_PHONE_STATE",
        "USE_FINGERPRINT",
        "VIBRATE",
        "WRITE_EXTERNAL_STORAGE",
        "com.anddoes.launcher.permission.UPDATE_COUNT",
        "com.android.launcher.permission.INSTALL_SHORTCUT",
        "com.google.android.c2dm.permission.RECEIVE",
        "com.google.android.gms.permission.ACTIVITY_RECOGNITION",
        "com.google.android.providers.gsf.permission.READ_GSERVICES",
        "com.htc.launcher.permission.READ_SETTINGS",
        "com.htc.launcher.permission.UPDATE_SHORTCUT",
        "com.majeur.launcher.permission.UPDATE_BADGE",
        "com.sec.android.provider.badge.permission.READ",
        "com.sec.android.provider.badge.permission.WRITE",
        "com.sonyericsson.home.permission.BROADCAST_BADGE",
        "CAMERA"
      ],
  • I know I definitely need “Camera” I added that. So I retain this.
  • For location I don’t use any exact location I don’t think. I use hasServicesEnabledAsync, getLastKnownPositionAsync with no requiredAccuracy (so Im guessing it gives whatever lowest? the default param isn’t so clear in docs or code) and, getCurrentPositionAsync with accuracy: Location.LocationAccuracy.Lowest. This makes me think I can remove ACCESS_FINE_LOCATION and just keep ACCESS_COARSE_LOCATION.
  • I do have notifications that cause vibration but I don’t think I need VIBRATE.
  • I don’t install short cuts so I think I can get rid of com.android.launcher.permission.INSTALL_SHORTCUT and ``
  • I don’t do jogging, sitting, climbing stairs stuff so I’m thinking I can remove com.google.android.gms.permission.ACTIVITY_RECOGNITION
  • I don’t read settings so not sure what uses com.htc.launcher.permission.READ_SETTINGS. or com.google.android.providers.gsf.permission.READ_GSERVICES

What I ended up doing was creating a prod APK and then installing it onto my device and making sure all the features I had worked. I left in the com.htc.launcher.permission.READ_SETTINGS and com.google.android.providers.gsf.permission.READ_GSERVICES just because they sound important, I’m totally unsure what they are needed for.