crazecoder
Remove `REQUEST_INSTALL_PACKAGES` permission
Today I received a new message regarding a Flutter app published in Play Store, with the following information:
You'll need to complete a declaration soon for apps using REQUEST_INSTALL_PACKAGES
We found that your manifest file contains the REQUEST_INSTALL_PACKAGES permission. Starting September 29, 2022, apps that use this permission will not be able to submit updates for review until they have completed a new sensitive permission declaration. This declaration will be available in Play Console on August 31, 2022. You'll need to declare which permitted functionality your app provides, tell us about a core feature in your app that uses the permission, and provide a video showing its use. You must remove this sensitive permission from your manifest if your app does not use the permitted functionalities, or if you no longer use this permission. To learn more, watch this PolicyBytes video. Learn more
We don't directly need the permission to install other packages, so this should be removed from the plugin's manifest and instead be added to the apps that require it, otherwise it'll require apps to fill that Play Store form even if they don't need to
There is a fork that got this permission removed.
Maybe that helps you for the moment.
(Kudos to this SO question.)
I created an updated fork with
- updated ffi dependency (2.0.1)
- removed REQUEST_INSTALL_PACKAGES permission
- embedding 2 (Android)
- and other smaller updates
You can use it via:
open_filex:
git:
url: https://github.com/GoldenSoju/open_file.git
@Zazo032 no, for the moment only via manual dependency specification:
open_filex:
git:
url: https://github.com/GoldenSoju/open_file.git
I'll try it, thanks! You could also try to create a PR with the fixes
Yeah...problem is that the other original package has no acitivity. Most fixes I did already have PRs, but they don't get merged etc...
Is that one available through pub.dev?
A fork of open_file is available in pub.dev as open_filex which removes the Request Install APK Permission.
Could we get this fixed here? It's an important issue and the latest fix was in no more than 15 days
My app currently has a Google Play policy issue because I submitted a build with this permission but cannot properly prove I need it. I really need to open files, please do not add this to the manifest unconditionally
https://pub.dev/packages/open_file_safe you can use this instead. It's the same package but it removed the .apk from the files supported so this permission is no longer needed
@gerritwitkamp I think both are the same, they just removed support for .apk so this request_install_packages is not needed anymore.
are there any differences between open_file_safe and open_filex?
https://github.com/javaherisaber/open_filex seems more actively maintained
In my case this was related to the open_file in Flutter. This package is using REQUEST_INSTALL_PACKAGES permission in the manifest.
I fixed by using (open_file_safe) :https://pub.dev/packages/open_file_safe
or you can also use open_filex: https://pub.dev/packages/open_filex
both packages are same as open_file, but .apk file type is not supported. Thus, android.permission.REQUEST_INSTALL_PACKAGES permission not required.
Note : If you are facing this issue with native android project You may be querying all packages with the package manager, this is no longer allowed since Android 8.0. To resolve open the android project of your app in android studio and check the Merged Manifests portion of the AndroidManifest.xml to see if you find that permission being used in your app if it is being used remove the permission.
See more info here. https://support.google.com/googleplay/android-developer/answer/12085295?hl=en
i faced same issue and changed open_file to open_file_safe then build the application got error Permission denied: android.Manifest.permission.MANAGE_EXTERNAL_STORAGE
My AndroidManifest.xml
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.hardware.location.gps" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.MANAGE_EXTERNAL_STORAGE" />
<queries>
<!-- If your app opens https URLs -->
<intent>
<action android:name="android.intent.action.VIEW" />
<data android:scheme="https" />
</intent>
<!-- If your app makes calls -->
<intent>
<action android:name="android.intent.action.DIAL" />
<data android:scheme="tel" />
</intent>
<!-- If your app emails -->
<intent>
<action android:name="android.intent.action.SEND" />
<data android:mimeType="*/*" />
</intent>
</queries>
<application
android:name="${applicationName}"
android:label="XXXXXXXXX"
android:icon="@mipmap/ic_launcher"
android:exported="true">
<activity
android:name=".MainActivity"
android:launchMode="singleTop"
android:theme="@style/LaunchTheme"
android:configChanges="orientation|keyboardHidden|keyboard|screenSize|smallestScreenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode"
android:hardwareAccelerated="true"
android:usesCleartextTraffic="true"
android:windowSoftInputMode="adjustResize"
android:exported="true">
<!-- Specifies an Android theme to apply to this Activity as soon as
the Android process has started. This theme is visible to the user
while the Flutter UI initializes. After that, this theme continues
to determine the Window background behind the Flutter UI. -->
<meta-data
android:name="io.flutter.embedding.android.NormalTheme"
android:resource="@style/NormalTheme"
/>
<!-- Displays an Android View that continues showing the launch screen
Drawable until Flutter paints its first frame, then this splash
screen fades out. A splash screen is useful to avoid any visual
gap between the end of Android's launch screen and the painting of
Flutter's first frame. -->
<meta-data
android:name="io.flutter.embedding.android.SplashScreenDrawable"
android:resource="@drawable/launch_background"
/>
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
<!-- Deep links -->
<!-- Scheme+host filter -->
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:scheme="https"
android:host="xxxxxxxxxxx.link" />
</intent-filter>
<!-- App Links -->
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<!-- Accepts URIs that begin with https://YOUR_HOST -->
<data
android:scheme="https"
android:host="XXXXXXXXXX.link" />
</intent-filter>
<!-- Scheme-only filter -->
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="https" />
</intent-filter>
<!-- *** FIREBASE :: FCM Add below to ensure we get the payload when tapping on a notification *** -->
<intent-filter>
<action android:name="FLUTTER_NOTIFICATION_CLICK" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
<meta-data android:name="com.google.android.geo.API_KEY"
android:value="XXXXXXXXXXXXXXXX"/>
<activity
android:name="com.yalantis.ucrop.UCropActivity"
android:screenOrientation="portrait"
android:theme="@style/Theme.AppCompat.Light.NoActionBar"
android:exported="true"/>
<!-- *** LocalNotifications ***-->
<receiver android:name="com.dexterous.flutterlocalnotifications.ScheduledNotificationBootReceiver"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED"/>
<action android:name="android.intent.action.MY_PACKAGE_REPLACED"/>
</intent-filter>
</receiver>
<receiver android:name="com.dexterous.flutterlocalnotifications.ScheduledNotificationReceiver"
android:exported="true" />
<!-- upto this notifcation -->
<provider
android:name="androidx.core.content.FileProvider"
android:authorities="${applicationId}.fileProvider"
android:exported="false"
android:grantUriPermissions="true"
tools:replace="android:authorities">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/filepaths"
tools:replace="android:resource" />
</provider>
<!-- Don't delete the meta-data below.
This is used by the Flutter tool to generate GeneratedPluginRegistrant.java -->
<meta-data
android:name="flutterEmbedding"
android:value="2" />
</application>
My Pubspec.yaml
name: ******* description: A new Flutter project.
The following line prevents the package from being accidentally published to
pub.dev using pub publish. This is preferred for private packages.
publish_to: 'none' # Remove this line if you wish to publish to pub.dev
The following defines the version and build number for your application.
A version number is three numbers separated by dots, like 1.2.43
followed by an optional build number separated by a +.
Both the version and the builder number may be overridden in flutter
build by specifying --build-name and --build-number, respectively.
In Android, build-name is used as versionName while build-number used as versionCode.
Read more about Android versioning at https://developer.android.com/studio/publish/versioning
In iOS, build-name is used as CFBundleShortVersionString while build-number used as CFBundleVersion.
Read more about iOS versioning at
https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html
version: 1.0.27+27
environment: sdk: ">=2.12.0 <3.0.0"
dependencies: flutter: sdk: flutter
The following adds the Cupertino Icons font to your application.
Use with the CupertinoIcons class for iOS style icons.
cupertino_icons: "^1.0.3"
#firebase
firebase_dynamic_links: ^0.5.0+11
firebase_auth: "^2.0.0"
google_sign_in: "^5.0.4"
flutter_facebook_login: ^3.0.0
firebase_messaging: "^10.0.3" # "^6.0.16" flutter_local_notifications: "^6.0.0" firebase_database: "^7.1.1" firebase_storage: "^9.0.0" cloud_firestore: "^2.3.0" firebase_analytics: "^8.1.2"
# state management - dependencies
rxdart: "^0.27.1" get: "^4.1.4" get_it: "^7.1.3"
fluttertoast: "^8.0.7"
hive: "^2.0.4" path_provider: "^2.0.2"
device_preview: ^1.1.0
lottie: "^1.0.1" flutter_treeview: "^1.0.6+1"
sms_autofill: "^2.2.0 "
contacts_service: ^0.6.1
permission_handler: "^10.0.0" jwt_decode: "^0.3.1"
image pickers
flutter_exif_rotation: "^0.4.1" image_picker: "^0.8.1+3" dio: "^4.0.0" mime: "^1.0.0" string_splitter: "^1.0.0+1" percent_indicator: "^3.0.1" flutter_datetime_picker: git: url: https://github.com/Realank/flutter_datetime_picker.git ref: master flutter_typeahead: "^3.1.3" outline_gradient_button: "^2.0.0+1" file_picker: "^3.0.3" uuid: "^3.0.4" photo_view: "^0.12.0" country_code_picker: "^2.0.2" group_button: "^2.3.0"
flutter_localizations:
collection: ^1.15.0-nullsafety.4
currency_picker: "^2.0.4" flutter_map: "^0.13.1"
latlong: ^0.6.1
latlong2: "^0.8.0" geolocator: url_launcher: "^6.0.9" geocoding: "^2.0.0" dotted_border: "^2.0.0" shimmer: "^2.0.0" pdf: "^3.4.2" printing: "^5.4.3" flutter_echarts: "^2.2.0" intl_phone_number_input: "^0.7.0+2"
flutter_libphonenumber: ^1.1.0
image_cropper: "^1.4.1" scrollable_positioned_list: "^0.2.0-nullsafety.0" swipe_to: "^0.1.0-nullsafety.1" share: "^2.0.4" upgrader: "^4.4.0" device_info: "^2.0.2" horizontal_data_table: "^3.6.1+1" getwidget: "^2.0.4" package_info_plus: "^1.4.0" flutter_app_badger: "^1.3.0" flutter_svg: "^1.0.3" flutter_statusbarcolor_ns: "^0.4.0" razorpay_flutter: ^1.2.7
flutter_app_restart: ^1.0.0
flutter_phoenix: "^1.0.0"
google_maps_flutter: "^2.1.12" showcaseview: "^1.1.8" firebase_core: "^1.12.0" flutter_native_splash: "^1.3.2" open_file_safe: ^3.2.3
dev_dependencies: flutter_test: sdk: flutter flutter_launcher_icons: ^0.9.0
flutter_icons: image_path: "assets/icons/app_icon.png" android: "ic_launcher" ios: true remove_alpha_ios: true
For information on the generic Dart part of this file, see the
following page: https://dart.dev/tools/pub/pubspec
The following section is specific to Flutter.
flutter:
The following line ensures that the Material Icons font is
included with your application, so that you can use the icons in
the material Icons class.
uses-material-design: true
To add assets to your application, add an assets section, like this:
assets: - assets/images/ - assets/ - assets/icons/ - assets/tab_icons/ - assets/role_icons/ - assets/file_type_icons/ - assets/profile_icons/ - assets/lottie/
An image asset can refer to one or more resolution-specific "variants", see
https://flutter.dev/assets-and-images/#resolution-aware.
For details regarding adding assets from package dependencies, see
https://flutter.dev/assets-and-images/#from-packages
To add custom fonts to your application, add a fonts section here,
in this "flutter" section. Each entry in this list should have a
"family" key with the font family name, and a "fonts" key with a
list giving the asset and other descriptors for the font. For
example:
fonts: - family: Gilroy fonts: - asset: assets/fonts/Gilroy-ExtraBold.otf - asset: assets/fonts/Gilroy-Light.otf - asset: assets/fonts/Gilroy-SemiBold.ttf weight: 600 - asset: assets/fonts/Gilroy-Black.ttf weight: 900
flutter_native_splash: image: assets/icons/app_icon.png color: FFFFFF
fonts:
- family: Schyler
fonts:
- asset: fonts/Schyler-Regular.ttf
- asset: fonts/Schyler-Italic.ttf
style: italic
- family: Trajan Pro
fonts:
- asset: fonts/TrajanPro.ttf
- asset: fonts/TrajanPro_Bold.ttf
weight: 700
For details regarding fonts from package dependencies,
see https://flutter.dev/custom-fonts/#from-packages
Please solve my problem, Thanks in advance
I am having the same issue and i have used open_file_sefee and oopen_filex i even took out the feature that depended on it but still got rejected
here are my dependencies
permission_handler: 7.1.0
permission_handler: ^8.1.1
slide_button: ^0.2.8 async: ^2.4.2 contacts_service: ^0.6.0 md2_tab_indicator: ^1.0.2 icofont_flutter: ^1.3.0 flutter_feather_icons: ^1.0.3 image_gallery_saver: ^1.7.0 showcaseview: ^1.1.1 flutter_share: ^2.0.0 flutter_svg: ^0.21.0 stack: ^0.2.1 keyboard_actions: ^3.4.6 keyboard_avoider: ^0.1.2 file_picker: ^4.4.0 overlay_support: ^1.2.1 badges: ^2.0.1 grouped_list: ^4.1.0
in_app_review: 2.0.0
flutter_local_notifications: 5.0.0 image_picker: ^0.8.4+1 flutter_html: ^0.11.1 auto_size_text: ^2.0.2 flutter_switch: ^0.3.1 ext_storage: flutter_speed_dial: ^3.0.5 flutter_dialpad_plus: ^0.2.1 fraction: ^3.0.1 path_provider: ^2.0.1 step_progress_indicator: ^1.0.0 percent_indicator: ^2.1.5 connectivity: ^3.0.6 device_info_plus: ^3.2.2 cupertino_icons: ^0.1.3 device_info_plus_linux: ^2.1.1 device_info_plus_windows: ^2.1.1 flutter_screenutil: ^4.0.3+1 dio: ^4.0.0 tuple: 2.0.0 dartz: ^0.9.2 dotted_border: ^2.0.0 dotted_line: ^3.0.0 flushbar: ^1.10.4 firebase_core: 1.3.0 firebase_messaging: 10.0.2 pretty_dio_logger: ^1.1.1 flip_card: ^0.6.0 dropdown_search: ^0.5.0 flutter_apns: ^1.5.1 flutter_apns_only: 1.5.0 hive: ^2.0.4 hive_flutter: ^1.1.0 flutter_collapse: ^0.1.1 flutter_secure_storage: ^3.2.1+1 easy_contact_picker: ^0.0.2
flutter_money_formatter: ^0.8.3
flutter_spinkit: ^3.1.0 rate_my_app: 1.1.1 pedantic: ^1.11.1 flutter_platform_widgets: ^0.60.2 sized_context: ^0.2.1+1 flutter_swiper: ^1.1.6 http_parser: ^4.0.0 material_design_icons_flutter: 4.0.5345 modal_bottom_sheet: 1.0.0+1 modal_progress_hud: 0.1.3 share: 0.6.5 external_path: 1.0.1 signalr_netcore: 0.1.7+2-nullsafety.2 shared_preferences: 2.0.5 flutter_shimmer: 1.3.0 json_annotation: any provider: 6.0.0 flutter_bloc: ^7.2.0 equatable: ^1.2.3 camera: ^0.5.8+17 cached_network_image: ^2.5.0 pin_entry_text_field: ^0.1.4 pull_to_refresh: ^2.0.0 pin_code_fields: ^7.0.0 introduction_screen: ^2.1.0 expandable: ^5.0.1 collection: ^1.15.0 location: ^4.4.0 qr_flutter: ^4.0.0 qr_code_scanner: ^0.4.0 timeline_tile: ^2.0.0 flutter_icons: ^1.1.0 assorted_layout_widgets: 5.5.0 popup_menu: ^1.0.5
another_flushbar: ^1.10.5
shimmer: ^2.0.0 uuid: ^3.0.2 rxdart: ^0.25.0 intl: ^0.17.0 gap: ^1.2.0 simple_tooltip: ^0.1.16 screenshot: ^1.2.3 flutter_masked_text2: ^0.9.1 stream_transform: ^0.0.19 url_launcher: ^6.0.0 syncfusion_flutter_datepicker: ^19.2.59 infinite_scroll_pagination: 2.3.0 syncfusion_flutter_pdfviewer: 19.4.55-beta photo_view: ^0.13.0 open_file_safe: ^3.2.3 flutter_web_browser: ^0.15.0 lottie: 1.2.1 font_awesome_flutter: ^9.1.0 link_preview_flutter: ^0.0.5 share_extend: ^2.0.0 app_tracking_transparency: ^2.0.2+1 sentry_flutter: 4.0.6 appsflyer_sdk: ^6.4.0+2 flutter_linkify: ^5.0.2 mixpanel_flutter: ^1.4.5 local_auth: ^1.1.7 package_info_plus: ^1.4.2 mati_plugin_flutter: any fluttertoast: ^8.0.7 http: ^0.13.3 webview_flutter: ^0.3.3
If you add this to your AndroidManifest.xml should exclude the permission from the merged manifest. However if you are using this functionality will probably crash the app(I haven't seen the code). In modern android apps the lib should only receive that the permission is denied.
<uses-permission
android:name="android.permission.REQUEST_INSTALL_PACKAGES"
tools:node="remove" />
Thanks for this. I have also done this, but for some reason google still flags the app or having this permission.
I have submitted an update on my build this morning and was approved.
Make sure you are adding it in the right manifest.
app/src/main/AndroidManifest.xml
After you made your build can check if the permission is still decleared in the merged manifest in
build/app/intermediates/merged_manifest/
Maybe you are mmissing something. Make screenshots of your manifest, then the location of the manifest. Also show the merged manifest after you have built the app, located at build/app/intermediates/merged_manifest/
second image is not the right one, should be from merged_manifest folder(scroll down) not from bundle_manifest
In general it looks OK.
this is the merged manifest
What I did:
-
replacing open_file to better_open_file
-
adding to android manifest
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove" />
At this point Still getting rejected. After much researching this is what I found:
for some reason Play console will reject the latest build if you use this permission usage in other tracks (internal, alpha, etc). The REQUEST_INSTALL_PACKAGES detection may referring to existing build in other tracks instead of the latest build. The review feedback message is confusing and not helpful.
-
In Play console (your affected app), click
App ContentunderPolicy -
Look for
Sensitive permissions and APIsand click Start. -
Select
APKs and bundles, the list will show you the build and track that contain sensitive permission/API. -
Navigate to each affected track,
create a new releaseupload a clean build( with the previous alterations ) to replace existing,submit to review. -
Navigate to
Publishing overviewand check whether the review is pending to submit, if any, send the review.
Then it got accepted
Thanks for this @RuhtracBP I just did that this morning and its in review currently, Hopefully no more rejections