Limiting required permissions of org.apache.cordova.media pluging

  • 1
  • Question
  • Updated 4 years ago
Is there a way to reduce the number of permissions for the org.apache.cordova.media plugin if all I am wanting to do is be able to play a sound?

I'm trying to keep the permissions required by my PhoneGap Build app to a minimum. But I wanted to be able to play a short sound when a user completes an action, so I added the org.apache.cordova.media plugin to my config file. I can now play an mp3 file using the Media object's play method. However, when I install my app, it now asks for permission to:

- read phone status and identity
- record audio
- modify or delete the contents of your USB storage
- read the contents of your USB storage
- change your audio settings

That seems like a lot of extra permissions! Is there a way I can limit the permissions being requested since I am not using all of those extra features of the Media plugin?
Photo of John Weidner

John Weidner, Champion

  • 435 Posts
  • 80 Reply Likes

Posted 6 years ago

  • 1
Photo of ismael jimoh

ismael jimoh

  • 4116 Posts
  • 192 Reply Likes
Hi John,

Most of the permissions stated would be needed because to play Audio  you would need them

I'll explain each: 

read phone status and identity: Detects if phone is in stand by mode.
record audio: Is part of the core, not needed for play only app. 
modify or delete the contents of your USB storage: Not needed but some players do need this.
read the contents of your USB storage: Needed for playing files stored on USB storage.
change your audio settings:  Used for controlling audio files e.g volume control.

If you want to remove specific permissions, give configap a try.

Hope that helps.
Photo of John Weidner

John Weidner, Champion

  • 435 Posts
  • 80 Reply Likes
I don't see how configap is supposed to help. It appears to me that once I include the following line in my config.xml:


<gap:plugin name="org.apache.cordova.media" />


that phonegap build, automatically puts


<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />


in my AndroidManifest.xml file.
Photo of John Weidner

John Weidner, Champion

  • 435 Posts
  • 80 Reply Likes
I was hoping that I'd be able to override which permissions were being requested using the code below. But it appears that the permissions specified by the plugins configuration take precedence over those set using gap:config.



<gap:config-file platform="android" parent="/manifest">
<uses-permission android:name="android.permission.INTERNET"></uses-permission>
<uses-permission android:name="android.permission.RECORD_AUDIO" android:maxSdkVersion="1"/>
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" android:maxSdkVersion="1"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" android:maxSdkVersion="1"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE" android:maxSdkVersion="1"/>
</gap:config-file>



Could this be changed so that I can limit the permissions required? Or do I need to create a plugin that is a subset of the existing Media plugin that just plays sound files?
Photo of John Weidner

John Weidner, Champion

  • 435 Posts
  • 80 Reply Likes
As mentioned at http://stackoverflow.com/questions/21... none of these permissions are really necessary if you are just wanting to play sounds. But now to get that to work on Android w/o adding all the permissions I will be forced to either develop and publish my own plugin or start using the PhoneGap CLI instead of PhoneGap Build.
Photo of ismael jimoh

ismael jimoh

  • 4116 Posts
  • 192 Reply Likes
Hi John,

As a last resort and a simple way around this, you can do the following.

Download your Built app apk from PGB.
With apktool, unpack the apk file.
Edit the permissions in Android Manifest(removing unwanted permissions).
Repack the apk.

This should resolve the issue.

This is just a workaround and not an actual solution and it would save you time of building the whole thing locally.
Photo of John Weidner

John Weidner, Champion

  • 435 Posts
  • 80 Reply Likes
Ismael,

I did follow your suggestion and got this to work. Here's the commands I used.



java -jar apktool.jar decode MyAwesome.apk
notepad MyAwesome\AndroidManifest.xml
erase MyAwesome.apk
java -jar apktool.jar build MyAwesome MyAwesome.apk
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore mykeystore MyAwesome.apk myalias
zipalign -f -v 4 MyAwesome.apk
Photo of ismael jimoh

ismael jimoh

  • 4116 Posts
  • 192 Reply Likes
You welcome.
Photo of John Weidner

John Weidner, Champion

  • 435 Posts
  • 80 Reply Likes
You can now remove permissions using the config.xml!!!

http://community.phonegap.com/nitobi/...
Photo of Sherri Wheeler Noecker

Sherri Wheeler Noecker

  • 12 Posts
  • 0 Reply Likes
Anyone looking for the more recent way to do this:


<config-file platform="android" parent="/manifest" mode="delete">
<uses-permission platform="android" name="android.permission.RECORD_AUDIO" />
<uses-permission platform="android" name="android.permission.MODIFY_AUDIO_SETTINGS" />
<uses-permission platform="android" name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission platform="android" name="android.permission.READ_PHONE_STATE" />
</config-file>
Photo of Sherri Wheeler Noecker

Sherri Wheeler Noecker

  • 12 Posts
  • 0 Reply Likes
Actually when I build via PGBuild it is still including these perms. I really wish it would obey this....
Photo of Petra V.

Petra V., Champion

  • 7794 Posts
  • 1391 Reply Likes
It does obey such deletions (otherwise you would never have posted this in the first place, would you?).
Unless, of course, you made an error, like:
- wrong directory structure; your config isn't found, read and/or parsed
- not well-formed xml; does your config validate?
- wrong order of code lines in your config; do you have this config-file block prior to the plugin that adds these permissions?
Photo of Sherri Wheeler Noecker

Sherri Wheeler Noecker

  • 12 Posts
  • 0 Reply Likes
It builds successfully using other settings in my config. This block is AFTER the part that adds the media plugin. But for some reason the perms are not being deleted from the manifest.
Photo of Petra V.

Petra V., Champion

  • 7794 Posts
  • 1391 Reply Likes
Could you please post your config. I'll be happy to have a look.
Photo of Sherri Wheeler Noecker

Sherri Wheeler Noecker

  • 12 Posts
  • 0 Reply Likes
Sure. Thank you! (Watch out, several things are commented out.)



<?xml version='1.0' encoding='utf-8'?>

<!-- config.xml reference: https://build.phonegap.com/docs/config-xml -->
<widget xmlns = "http://www.w3.org/ns/widgets"
xmlns:gap = "http://phonegap.com/ns/1.0"
id = "com.removed"
version = "1.1.4"
versionCode = "5" >

<name>Removed</name>

<description>
Removed
</description>

<author href="Removed" email="Removed">
Removed
</author>

<content src="index.html" />
<preference name="android-minSdkVersion" value="14" />

<!--
If you do not want any permissions to be added to your app, add the
following tag to your config.xml; you will still have the INTERNET
permission on your app, which PhoneGap requires.
-->
<preference name="permissions" value="none" />

<!-- Customize your app and platform with the preference element. -->
<preference name="orientation" value="landscape" /> <!-- all: default means both landscape and portrait are enabled -->
<preference name="target-device" value="universal" /> <!-- all: possible values handset, tablet, or universal -->
<preference name="fullscreen" value="true" /> <!-- all: hides the status bar at the top of the screen -->
<preference name="webviewbounce" value="true" /> <!-- ios: control whether the screen 'bounces' when scrolled beyond the top -->
<preference name="prerendered-icon" value="false" /> <!-- ios: if icon is prerendered, iOS will not apply it's gloss to the app's icon on the user's home screen -->
<preference name="stay-in-webview" value="false" /> <!-- ios: external links should open in the default browser, 'true' would use the webview the app lives in -->
<preference name="ios-statusbarstyle" value="black-opaque" /> <!-- ios: black-translucent will appear black because the PhoneGap webview doesn't go beneath the status bar -->
<preference name="detect-data-types" value="false" /> <!-- ios: controls whether data types (such as phone no. and dates) are automatically turned into links by the system -->
<preference name="exit-on-suspend" value="false" /> <!-- ios: if set to true, app will terminate when home button is pressed -->
<preference name="show-splash-screen-spinner" value="false" /> <!-- ios: if set to false, the spinner won't appear on the splash screen during app loading -->
<preference name="auto-hide-splash-screen" value="true" /> <!-- ios: if set to false, the splash screen must be hidden using a JavaScript API -->
<preference name="disable-cursor" value="false" /> <!-- blackberry: prevents a mouse-icon/cursor from being displayed on the app -->
<preference name="android-installLocation" value="auto" /> <!-- android: app install location. 'auto' will choose. 'internalOnly' is device memory. 'preferExternal' is SDCard. -->

<!-- Define a specific version of PhoneGap to build into your app.
<preference name="phonegap-version" value="3.5.0" />
-->

<!-- Plugins -->

<plugin name="cordova-plugin-inappbrowser" source="npm" spec=">1.0.0" />
<plugin name="cordova-plugin-media" source="npm" spec=">1.0.0" />
<!-- <plugin name="cordova-plugin-network-information" source="npm" spec=">1.0.0" /> -->

<!-- Plugin Overrides - Not needed from PhoneGap's Media plugin pack. -->
<config-file platform="android" parent="/manifest" mode="delete">
<uses-permission platform="android" name="android.permission.READ_PHONE_STATE" />
<uses-permission platform="android" name="android.permission.RECORD_AUDIO" />
<uses-permission platform="android" name="android.permission.MODIFY_AUDIO_SETTINGS" />
<uses-permission platform="android" name="android.permission.WRITE_EXTERNAL_STORAGE" />
</config-file>

<!-- Define app icon for each platform. -->
<icon src="icon.png" />
<icon src="res/icon/android/icon-36-ldpi.png" gap:platform="android" gap:qualifier="ldpi" />
<icon src="res/icon/android/icon-48-mdpi.png" gap:platform="android" gap:qualifier="mdpi" />
<icon src="res/icon/android/icon-72-hdpi.png" gap:platform="android" gap:qualifier="hdpi" />
<icon src="res/icon/android/icon-96-xhdpi.png" gap:platform="android" gap:qualifier="xhdpi" />
<icon src="res/icon/ios/icon-57.png" gap:platform="ios" width="57" height="57" />
<icon src="res/icon/ios/icon-72.png" gap:platform="ios" width="72" height="72" />
<icon src="res/icon/ios/icon-57-2x.png" gap:platform="ios" width="114" height="114" />
<icon src="res/icon/ios/icon-72-2x.png" gap:platform="ios" width="144" height="144" />

<!--
Define access to external domains.

<access /> - a blank access tag denies access to all external resources.
<access origin="*" /> - a wildcard access tag allows access to all external resource.

Otherwise, you can specify specific domains:

<access origin="http://phonegap.com" /> - allow any secure requests to http://phonegap.com/
<access origin="http://phonegap.com" subdomains="true" /> - same as above, but including subdomains, such as http://build.phonegap.com/
<access origin="http://phonegap.com" browserOnly="true" /> - only allows http://phonegap.com to be opened by the child browser.
-->
<access />

<!-- Added the following intents to support the removal of whitelist code from base cordova to a plugin -->
<!-- Whitelist configuration. Refer to https://cordova.apache.org/docs/en/edge/guide_appdev_whitelist_index.md.html -->
<plugin name="cordova-plugin-whitelist" version="1" />
<!--
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
-->

<platform name="android" />
</widget>

Photo of Petra V.

Petra V., Champion

  • 7794 Posts
  • 1391 Reply Likes
Yup. Thought so. Your XML is invalid (does not validate as well-formed).
The 'android:' namespace is missing. See the Config-File section of the PGB Docs.
Photo of Sherri Wheeler Noecker

Sherri Wheeler Noecker

  • 12 Posts
  • 0 Reply Likes
You sir, are awesome. Thank you. There was a difference when building with PGB vs with CLI. I will post a new Reply with the updated info.
Photo of Sherri Wheeler Noecker

Sherri Wheeler Noecker

  • 12 Posts
  • 0 Reply Likes
Correction to my above reply. Note you have to do it differently when building via CLI (command line) or via PhoneGapBuild.

PhoneGap Build:
Make sure to add to your widget tag at the top the android namespace as per the docs like so:
xmlns:android = "http://schemas.android.com/apk/res/android"

Then:

<config-file platform="android" parent="/manifest" mode="delete">
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
</config-file>


CLI:

<config-file platform="android" parent="/manifest" mode="delete">
<uses-permission platform="android" name="android.permission.READ_PHONE_STATE" />
<uses-permission platform="android" name="android.permission.RECORD_AUDIO" />
<uses-permission platform="android" name="android.permission.MODIFY_AUDIO_SETTINGS" />
<uses-permission platform="android" name="android.permission.WRITE_EXTERNAL_STORAGE" />
</config-file>
Photo of Sherri Wheeler Noecker

Sherri Wheeler Noecker

  • 12 Posts
  • 0 Reply Likes
And success! Tested on my phone. I have sound, and no scary perms. :)
Photo of Petra V.

Petra V., Champion

  • 7794 Posts
  • 1391 Reply Likes
Thanks for reporting back.