swisscodemonkeys/appbrain-sdk

Why does the SDK use READ_PHONE_STATE permission?

egedib opened this issue · 2 comments

egedib commented

According to your SDK Help page, The only permissions needed are internet permission and access network state which is untrue as of now.

Why is this permission needed and why can't I find any information about that?

I followed your guide, so I added to my project's build.gradle this snippet:
repositories { maven { url 'https://swisscodemonkeys.github.io/appbrain-sdk/maven' } } dependencies { implementation 'com.appbrain:appbrain-sdk:+'}

My layout XML contains this snippet:
<com.appbrain.AppBrainBanner android:layout_width="match_parent" android:layout_height="wrap_content"/>

Edit: Using v15.00, the READ_PHONE_STATE is not needed. So something went wrong when you updated the new version I guess.

mathijs81 commented

Thanks for reporting this. This is quite weird, as our SDK source itself doesn't request this permission.

I looked into it, and it turns out to be caused by a Google dependency.
We depend on the Google Play install referrer library (this one, it's commonly used by 60+ other projects as well) .
It turns out that starting from version 1.1 that we depend on there's a bug in that library that it doesn't set a proper targetSdkVersion which in turn causes extra permissions to be requested. It's quite extensively discussed in this stackoverflow post.

We will look deeper into if there's a way for us to mitigate this for our next SDK release (but it doesn't look hopeful, Google released a 1.1.1 version that also doesn't fix the problem).

What you can do to fix the problem now is to add the following to your gradle buildfile. Your project will then depend on an older version that doesn't have this problem (our SDK should still work fine and hopefully your app doesn't have other SDKs that depend on the 1.1+ version?):

allprojects {
  configurations.all {
    resolutionStrategy {
      force 'com.android.installreferrer:installreferrer:1.0'
    }
  }
}

It would be great if you can let me know if this fixes the issue for you.

mathijs81 commented

This is fixed in the latest v16.00 version of our SDK (as that depends on installreferrer:1.1.2 where Google fixed the problem).