Hacker News new | ask | show | jobs
by Dig1t 1473 days ago
You are right, but that doesn't seem like a good excuse to remove that information from the Play Store completely. It would be trivial for the Android APIs to require that all permissions requested programmatically are also present in the manifest. This would continue to give user's a picture of what the app could/would request.

They could just change their play store listing from "Required permissions" to "Permissions this app can request". This is similar to the "nutrition label" approach that the Apple App Store has.
1 comments
djbusby 1473 days ago
IIRC it's already in the manifest.
link
abeyer 1473 days ago
Yup, you must _both_ put the perms in your manifest, and then _also_ request them at runtime now (at least for many "sensitive" ones... not sure if there are exceptions for any others.)

Google's docs are very clear that apps are meant to explain the need for perms, and the impact of denying them at runtime... I'd love to see the play store to also provide publishers a way to specify what the impact/loss of features is if you deny them at runtime. Trustworthy publishers would love this, and the non-trustworthy ones... ¯\_(ツ)_/¯

link