Android permissions: Phone Calls: read phone state and identity

Question

My android app has nothing to do with phone calls, but I'm seeing that when I install a debug build on my test device it requires "Phone Calls: read phone state and identity" permissions. (I make no mention of this in AndroidManifest.xml).

I'd like to have the minimum possible permissions, and wondered if anyone knew how to get rid of this? I commented out the part where I was logging some stuff from Build.MODEL, Build.VERSION.*, etc. I also commented out the part where I was detecting the landscape/portrait orientation thinking that that might be the "phone state". But neither of those seemed to remove that permission required.

I found this bug report: http://code.google.com/p/android/issues/detail?id=4101 but it's marked working-as-intended with a note about permissions being correct from the market but not otherwise. Is this other people's experience? (I'd hate to have to publish to the market just to test that out.) Otherwise, does anyone know if there's an API I can avoid calling that will make it so my app doesn't need this permission?

Thanks!

Answer 1

(Answering my own question in case anyone else runs into this problem and searches for it.)

Digging around in PackageParser.java in the android source, I found out that the system will automatically assign

android.permission.WRITE_EXTERNAL_STORAGE and 
android.permission.READ_PHONE_STATE

to any app that declares a targetSdk version of less than 4 (donut). There must be a compatibility reason for this, maybe apps targeting older versions could assume they had these permissions without declaring them explicitly. So, if you don't want these permissions added to your app implicitly, add a section like the following in AndroidManifest.xml

<uses-sdk android:minSdkVersion="4" android:targetSdkVersion="4" />

That is all.

Have fun, -Mike

Answer 2

Android 1.6 changelog: http://developer.android.com/sdk/android-1.6.html#api

WRITE_EXTERNAL_STORAGE: Allows an application to write to external storage. Applications using API Level 3 and lower will be implicitly granted this permission (and this will be visible to the user); Applications using API Level 4 or higher must explicitly request this permission.

But that is only one of them. For some reason the official change log is missing the info about READ_PHONE_STATE. The full story is cleared up here: http://blogs.zdnet.com/Burnette/?p=1369&page=3

New permissions. 1.6 programs must explicitly request the WRITE_EXTERNAL_STORAGE permission to be able to modify the contents of the SD card, and they must explicitly request the READ_PHONE_STATE permission to be able to be able to retrieve phone state info. Apps targeting earlier versions will always request these permissions implicitly.

So as you can see, there is no way to publish an app targeted at 1.5 or earlier without requesting those permissions when installed on phones running 1.6 or higher.

Answer 3

I don't have an answer - just an additional question. What does this permission do? Is it something I need to worry about?

Answer 4

Yes, you'd need to worry. It allows the app to get info about your phone number, and the numbers you dial. Also allows it to detect the model of your phone