{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Rolldiameter 的问题《Why is my app asking for phone id permission?》','https://www.manongdao.com/q-324168.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In my manifest I only ask for these two permissions:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
But when I install the app on my phone I also get this notice:
Low-risk permissions
Phone ID
Get your phone ID, including IMEI, IMSI, etc.
From what I gather from this SO answer, I should need to use TelephonyManager and call
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
to require this permission. But I'm not using TelephonyManager or calling that permission. I don't want to ask users to give this permission. I've looked through my manifest and gradle files. Could it be that some code I used triggered this permission being called without me specifically asking for it? I know I'm not giving you a lot to go on, by I don't know where else to look.
Update 1
I created a completely new project in Android Studio and generated a signed APK from it. I installed it but no permissions were asked. (That at least confirmed for me that it wasn't some "new feature" in Android Studio that automatically asked for this permission.)
Update 2
As of @antonio's answer I found app/build/outputs/logs/manifest-merger-release-report.txt However, I didn't find any implied permissions being requested.
Update 3
Here are the dependencies my app is using (from gradle.build):
dependencies {
compile 'com.android.support:support-v4:21.0.3'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+'
}
I tested a new application with both of these dependencies and no permissions were requested.
My next step is to add every activity again from scratch and see if I can find where this permission starts getting called. To be continued...
Update 4
I played around with copying everything to a new project and refactoring the project name and removing pieces, but it turned out to be quite complex. I wasn't able to isolate a reason.
Update 5
I set the targetSdkVersion to 1. This gives a new message when announcing permissions before installing the app:
read phone status and identity
Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether the call is active, and the remote number connected by a call.
The old Phone ID permission notice that I wrote about at the beginning is still there (showing up after the app is installed). This makes me wonder if it is related to the OS (I'm using MIUI Android on a Xiaomi phone). There is still something about the app that causes this to display in this app but not in other apps. I need to test this out on other devices next.
Add the following code to your AndroidManifest.xml to remove the unnecesary permission(s):
Source:
https://stackoverflow.com/a/27542669/406295
This happens because you are importing a library with a targetSdkVersion lower than your application's targetSdkVersion
From the Manifest Merger documentation:
The permissions that can be added are:
You can inspect the report generated by Manifest Merger (In \app\build\outputs\apk\manifest-merger-XXX-report) to see what library caused the adding of the READ_PHONE_STATE permission. You will see something like: