Today i have got this email:
Last July, we announced Advertising policy changes to help bolster
security and privacy. We added new restrictions on identifiers used by
apps that target children. When users choose to delete their
advertising ID in order to opt out of personalization advertising,
developers will receive a string of zeros instead of the identifier if
they attempt to access the identifier. This behavior will extend to
phones, tablets, and Android TV starting April 1, 2022. We also
announced that you need to declare an AD_ID permission when you update
your app targeting API level to 31 (Android 12). Today, we are sharing
that we will give developers more time to ease the transition. We will
require this permission declaration when your apps are able to target
Android 13 instead of starting with Android 12.
Action Items If you use an advertising ID, you must declare the AD_ID
Permission when your app targets Android 13 or above. Apps that don’t
declare the permission will get a string of zeros. Note: You’ll be
able to target Android 13 later this year. If your app uses an SDK
that has declared the Ad ID permission, it will acquire the permission
declaration through manifest merge. If your app’s target audience
includes children, you must not transmit Android Advertising ID (AAID)
from children or users of unknown age.
My app is not using the Advertising ID. Should i declare the AD_ID Permission in Manifest or not?
Case 1: The app doesn't contain any Ads:
You can simply remove/ignore it by adding tools:node="remove" in the AndroidManifest.xml file.
<uses-permission android:name="com.google.android.gms.permission.AD_ID" tools:node="remove"/>
Make sure you have xmlns:tools at the top of AndroidManifest.xml file
Even if another third-party library asks for this specific permission, the build will be forced not to merge it in your final Manifest file.
You can get more info from this SO answer.
Case 2: The app contains Ads:
Add the following to AndroidManifest.xml before </manifest>:
<uses-permission android:name="com.google.android.gms.permission.AD_ID"/>
You can get more information from here.
If your app uses the Google Mobile Ads SDK(Admob) version 20.4.0 or higher, you can skip setting up the permission manually since the SDK automatically declares it
More informations here:
https://developers.google.com/admob/android/quick-start
Case 1: Your App has Ads
Add the following to AndroidManifest.xml before </manifest>:
<uses-permission android:name="com.google.android.gms.permission.AD_ID"/>
Case 2: Your App Doesn't have Ads
At the top of your AndroidManifest.xml make sure you have xmlns:tools on the <manifest ...>. (kudos to this answer) e.g.
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.mycompany.myapp">
Then, add the following at the bottom of the page, before </manifest> tag:
<uses-permission android:name="com.google.android.gms.permission.AD_ID" tools:node="remove"/>
Source:
Google's Doc: https://developers.google.com/android/reference/com/google/android/gms/ads/identifier/AdvertisingIdClient.Info#public-methods
Google describe here how to solve
https://support.google.com/googleplay/android-developer/answer/6048248?hl=en
Add in manifest
<uses-permission android:name="com.google.android.gms.permission.AD_ID"/>
If your app doesn't contain ads, make sure you complete the survey on App content page (Policy > App content) in Play Console.
Just select the option: No, my app does not contain ads.
If you don't do that, you won't be able to upload new releases of your app to Google Play.
First of all,
com.google.android.gms.permission.AD_ID can be added by other third party SDK like
Play Services-ads
firebase-analytics etc
So, if you haven't added permission.AD_ID manually, make sure it is not added by any other SDK by checking merged manifest file.
merged-manifest path:
project > app > build > intermediate > merged_manifest > release > AndroidManifest.xml
Now go to your play console > app content > Adverstising ID and
Select NO if your merged manifest doesn't contain AD_ID, else
Select YES and complete next option.
In my case, I used Firebase Analytics only for crash reports etc.
You can set your app to use advertising ID.
And use Analytics only.
Don't worry. All developer who uses Admob for advertisement received this warning. Just make sure you are using Latest Google Mobile Ads SDK(Admob) OR AdMob SDK version higher or equal to 20.4.0 in your build.gradle file. In that case SDK automatically manage it.
Otherwise for older sdk below 20.4.0, we need to manually mention below line in our AndroidManifest.xml
<uses-permission android:name="com.google.android.gms.permission.AD_ID"/>
There are two different forms:
Ads
Advertising ID
Initially, I got stuck because I did not notice the other. So your app can be in any combination, for example, no ads, but yes, advertising ID.
In this documentation it is explained that Google services can include the advertising ID for other reasons that are not ads: Analytics.
Google Play Services version 4.0 introduced new APIs and an ID for use by advertising and analytics providers. Terms for the use of this ID are below.
And in this other documentation, in the examples section is very clear that ads are understood as what is commonly understood as ads: banners, pop-ups, a tile in the middle of a list, etc.
Analyzing the merged manifest we can see that the library play-services-measurement-api is adding the permission and is related to Analytics. The library manifest looks like this:
<uses-permission android:name="com.google.android.gms.permission.AD_ID" />
<application>
<service
android:name="com.google.firebase.components.ComponentDiscoveryService"
android:exported="false" >
<meta-data
android:name="com.google.firebase.components:com.google.firebase.analytics.connector.internal.AnalyticsConnectorRegistrar"
android:value="com.google.firebase.components.ComponentRegistrar" />
</service>
</application>
Please notice that library is registering analytics.connector.internal.AnalyticsConnectorRegistrar.
In this case the Ads form must be mark with no but the Adverising ID form must be mark with yes and then the Analytics option.
I have seen people recommending force the manifest to not merge the permission.AD_ID but that would break the Analytics.
I also received today's mail from the PlayStore team to all developers. Asking to declare AD_ID permission.
Since we developed and released our application using Flutter with android targeting to API level 31. I'm using the advertising_identifier: ^0.1.1 plugin to get the advertising client ID. I haven't declared AD_ID permission in my manifest file.
Additionally, apps updating their target API level to 31 (Android 12) and using advertise identifier / advertise id client info fetch will need to declare a Google Play services normal permission in the manifest file as follows:
<uses-permission android:name="com.google.android.gms.permission.AD_ID"/>
Refered,
https://support.google.com/googleplay/android-developer/answer/6048248?hl=en
when you set targetSdkVersion 33 you must need to add the below line in the manifest file
<uses-permission android:name="com.google.android.gms.permission.AD_ID" tools:node="remove"/>
if you are not set this, show a warning on the play console when your is in production.
My app has to adjust the screen brightness of the phone. To do so, I needed the following permission:
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
Android Studio shows the following error, when I hover over the permission:
Permission is only granted to system apps
But: the code still works when I upload it to my phone. Can somebody explain me why? Furthermore, I'd need to know, if this code will also work, if the user downloads the app from Google Play.
Is there a different approach to change the screen brightness?
I have developed an android app. All the things are working fine but the main problem is, using the Hack App Data anyone can see the ad codes which is a very dangerous threat.
Now how can i prevent hack app to open my application or edit my application data or how can i prevent hack app data to access this sensitive information?
note: I have turned off android:exported="false" and also add <permission android:protectionLevel="signature"
android:name="apricot.com.newshunt"/> to my menifest file
you can set the Copy Protection to On in the Android Market upload page. It's near the bottom. I doubt it is fool-proof but it can help keep some of the people likely to do this from being able to.
You should add the view in Java instead of XML and obfuscate your code.
What is the different between
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" android:maxSdkVersion="18"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" android:maxSdkVersion="18"/>
and
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE">
This is the highest SDK version that the permission will be applied to. This is because some permission are no longer required to be requested, say because of a change to the android framework.
As the documentation states:
The highest API level at which this permission should be granted to
your app. Setting this attribute is useful if the permission your app
requires is no longer needed beginning at a certain API level.
For example, beginning with Android 4.4 (API level 19), it's no longer
necessary for your app to request the WRITE_EXTERNAL_STORAGE
permission when your app wants to write to its own
application-specific directories on external storage (the directories
provided by getExternalFilesDir()). However, the permission is
required for API level 18 and lower.
android:maxSdkVersion:
The highest API level at which this permission should be granted to
your app. Setting this attribute is useful if the permission your app
requires is no longer needed beginning at a certain API level.
From developer.android.com
From android documentation:
android:maxSdkVersion
The highest API level at which this permission should be granted to your app. Setting this attribute is useful if the permission your app requires is no longer needed beginning at a certain API level.
I'm trying to turn airplanemode on on Android but I got the following message:
java.lang.SecurityException: Permission Denial: not allowed to send broadcast android.intent.action.AIRPLANE_MODE
From my point of view (and some researches):
(1) I'm using all necessary permission to do that:
<uses-permission android:name="android.permission.WRITE_SETTINGS"/>
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
(2) The code is not wrong:
Settings.Global.putInt(
context.getContentResolver(),
Settings.Global.AIRPLANE_MODE_ON, 1);
Intent intent = new Intent(Intent.ACTION_AIRPLANE_MODE_CHANGED);
intent.putExtra("state", true);
context.sendBroadcast(intent);
I know that the app needs to be installed as a system app, so I'm installing that under /system/app/my-app/ (I tried /system/priv-app/my-app/ too) and added all the permissions to the folder and to the apk.
The last thing that I tried was the include of android:sharedUserId="android.uid.system" at the AndroidManifest.xml, but doing that the application disappears.
What am I missing here, after all those attempts?
ps: The device is rooted.
Thanks in advance
It seems although Airplane Mode has become a Constant value as of API Level 17 as per the Android development documentation.
Why are you turning airplane mode on? Is there a certain functionality you are trying to accomplish?
I would've posted this in the comments, but I don't have enough rep... tfw