Marketing Method: Too many permissions in my app? So What!

So we end up releasing an application with 3-7 permissions for in-app purchase, internet, and some ad networks.
We find this ad network isn’t making us revenue.

We change our ad network and start monetizing the revenue there… Still no good, We end up changing from one ad network to another…

Until we fall into the mistake. We upload the apk and realize something bad happening… what “-400 devices excluded!” We start to panic and try to find the reason for:

Is it this jar file we added? Is it something in my code I deleted? Did I change the supportminSDK? Question after question until we find out our manifest file has over 20 permissions.
<uses-permission android:name=“android.permission.INTERNET” />
<uses-permission android:name=“android.permission.ACCESS_NETWORK_STATE” />
<uses-permission android:name=“com.android.vending.BILLING” />
<uses-permission android:name=“android.permission.WRITE_EXTERNAL_STORAGE”/>
<uses-permission android:name=“android.permission.WAKE_LOCK” />
<uses-permission android:name=“android.permission.ACCESS_WIFI_STATE”/>
<uses-permission android:name=“android.permission.CHANGE_WIFI_STATE” />
<uses-permission android:name=“android.permission.ACCESS_FINE_LOCATION”/>
<uses-permission android:name=“android.permission.RECEIVE_BOOT_COMPLETED”/>
<uses-permission android:name=“android.permission.ACCESS_LOCATION_EXTRA_COMMANDS” />
<uses-permission android:name=“android.permission.READ_PHONE_STATE” />
<uses-permission android:name=“com.android.launcher.permission.INSTALL_SHORTCUT” />
<uses-permission android:name=“android.permission.ACCESS_COARSE_LOCATION” />
<uses-permission android:name=“android.permission.GET_ACCOUNTS” />
<uses-permission android:name=“android.permission.INTERNET”/>
<uses-permission android:name=“android.permission.VIBRATE”/>
<uses-permission android:name=“android.permission.SYSTEM_ALERT_WINDOW”/>
<uses-permission android:name=“android.permission.WAKE_LOCK”/>
<uses-permission android:name=“android.permission.READ_PHONE_STATE”/>
<uses-permission android:name=“android.permission.RECEIVE_BOOT_COMPLETED”/>
<uses-permission android:name=“android.permission.DISABLE_KEYGUARD”/>
<uses-permission android:name=“android.permission.ACCESS_NETWORK_STATE”/>
<uses-permission android:name=“com.android.launcher.permission.UNINSTALL_SHORTCUT”/>
<uses-permission android:name=“com.android.launcher.permission.INSTALL_SHORTCUT”/>
<uses-permission android:name=“android.permission.READ_CONTACTS”/>
<uses-permission android:name=“android.permission.BLUETOOTH”/>
<uses-permission android:name=“android.permission.READ_LOGS”/>
<uses-permission android:name=“android.permission.GET_ACCOUNTS”/>
<uses-permission android:required=“false” android:name=“android.permission.ACCESS_FINE_LOCATION”/>
<uses-permission android:required=“false” android:name=“android.permission.ACCESS_COARSE_LOCATION”/>
<uses-permission android:required=“false” android:name=“android.permission.ACCESS_WIFI_STATE”/>
<uses-permission android:required=“false” android:name=“android.permission.RECEIVE_SMS”/>
<uses-permission android:required=“false” android:name=“android.permission.RECORD_AUDIO”/>
<uses-permission android:required=“false” android:name=“android.permission.READ_SMS”/>
<uses-permission android:name=“com.android.browser.permission.READ_HISTORY_BOOKMARKS” />

Wow now that is a massive number for permissions needed for application or game. Why are these permissions there?

A Developers mistake:
When changing anything in your code/adding or removing jar files make sure you delete permissions not needed! If permissions are just laying in your manifest with no effect of your app, this can cause lower downloads and yet mean bad ratings. As users don’t understand the way a developer sees permissions are used for.

User see permissions as: A hacking monster trying to eat his phone
Developer: bit of coding to make the maximum revenue.

When should I change to a new ad network?
Well how does a developer know when he should change to a new ad network? Look at the revenue and do some research on what other developers are getting with the same active user base/same user country.
You find it too low? Change ad networks (but make sure when you change to a new ad network to stick on it for 7 days.) If you app isn’t generating enough revenue then this ad network isn’t for your type of application category.

The reason I write this is because: I have been following an app for a long time, it’s permissions are now up to 31. What it does is really basic that only need maximum 2 permissions.

Smile as you may have got taught something new!

Honestly I didnt understand what are you asking or saying, but if those permissions are from your app, remove all unused immediately.

Having this much of permissions will both make your app not be downloaded (many people actually check permissions before installing), and also will trigger a red flag for Google to ban your app, because most of those permissions do “system interference” stuff.

Many permissions are duplicated. since you are a beginner, read older posts on this forum, they contain quite interesting stuff for you.

This post was actually targeting beginner developers, I am a advanced Android/Marketing developer =]

If some permissions are only used by a particular feature, move it to an add-on (separate app). All the provider permission (READ_CONTACTS, READ_HISTORY_BOOKMARKS, etc) can easily be moved with almost no extra code using a proxy.

We are all hear to learn mistakes. This is why I have created this post. To teach other developers not to do this mistake.
I don’t have all these permissions in my app guys so calm down already

Which brings up the question: What is a basic minimum set of permissions that all apps should have ?

My list:
<uses-permission android:name=“android.permission.INTERNET” />
<uses-permission android:name=“android.permission.ACCESS_WIFI_STATE” />
<uses-permission android:name=“android.permission.ACCESS_NETWORK_STATE” />
<uses-permission android:name=“android.permission.VIBRATE” />
<uses-permission android:name=“com.android.vending.BILLING”>
<uses-permission android:name=“android.permission.WRITE_EXTERNAL_STORAGE” />

And the advertiser stuff:
<uses-permission android:name=“android.permission.READ_PHONE_STATE” />
<uses-permission android:name=“android.permission.ACCESS_COARSE_LOCATION” />

hmm i guess 1-9 permissions is okay.
10-17 is close to pushing it.

But on the end its not whats minimum, it’s what your needs.

I agree. I use also ACCESS_FINE_LOCATION for advertising, and I get some complains/bad reviews due to it.

Why ACCESS_WIFI_STATE state? Do you want to switch WIFI on/off, or read the list of available access points? ACCESS_NETWORK_STATE should be sufficient for most use cases.

WRITE_EXTERNAL_STORAGE is highly dependent on the type of app. I think some video ad providers need this, to cache their videos? But if you don’t allow video ads, it’s not really needed.

READ_PHONE_STATE is something many users are paranoid about. I think ad networks nowadays have less intrusive ways to generate a unique user fingerprint, without reading the IMEI.

There’s a great Google Talk on this topic: Google I/O 2012 - Ten Things Game Developers Should Know - YouTube

WIFI_STATE is required by some advert SDK’s. Ditto for PHONE_STATE.

EXTERNAL_STORAGE… well… if you ever want your app to post to facebook or take a screenshot, you will need it!

Seems like a great video. Watched a few minutes only but will see it fully. Thanks.