Easy Way

I think this easier approach applies if your Unity project is being built with gradle. If it isn't, here is one more reason to upgrade.

Also, a big shout-out to an article called, Hey, Where Did These Permissions Come From?)

  1. Build Your Project
  2. Open the file /path/to/my/project/Temp/gradleOut/build/outputs/logs/manifest-merger-release-report.txt
  3. Profit!
  4. Search the file for the name of your permission, and it'll show you where it came from.

Here is part of the file, where I'm looking for the WRITE_EXTERNAL_STORAGE permission.

uses-permission#android.permission.WRITE_EXTERNAL_STORAGE ADDED from /Users/clinton/Projects/<<ProjectName>>/Temp/gradleOut/src/main/AndroidManifest.xml:7:3-79 MERGED from [gradleOut:IronSource:unspecified] /Users/clinton/Projects/<<ProjectName>>/Temp/gradleOut/IronSource/build/intermediates/bundles/default/AndroidManifest.xml:13:5-81 android:name ADDED from /Users/clinton/Projects/<<ProjectName>>/Temp/gradleOut/src/main/AndroidManifest.xml:7:20-76

Hard Way

There are three ways permissions get added to your project.

  1. They are specified in an Android Manifest file.
  2. They are specified in library (a .aar file).
  3. Unity adds the permission when you use a certain feature. (Added)

My examples use command-line tools on a Mac. I don't know Windows equivalents, but it is possible to find and run unix tools there (using the linux subsystem for windows 10, cygwin, custom binaries, etc.)

1. Find all permissions used in (uncompressed) Android Manifests.

cd /path/to/my/project/Assets grep -r "uses-permission" --include "AndroidManifest.xml" .

This will find all files named AndroidManifest in the current folder (.) or any of its subfolders (-rtells it to search recursively) and spit out any line with the words 'uses-permission'.

In my current project, I get output something like this:

./Plugins/Android/AndroidManifest.xml: <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> ./Plugins/Android/AndroidManifest.xml: <uses-permission android:name="android.permission.INTERNET" /> ./Plugins/Android/AndroidManifest.xml: <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> ./Plugins/Android/AndroidManifest.xml: <uses-permission ./Plugins/Android/IronSource/AndroidManifest.xml: <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> ./Plugins/Android/IronSource/AndroidManifest.xml: <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

2. Find the permissions required in Android Libraries

Your project likely contains android libraries (.aar files) and java archives (.jar files). Some android libraries contain an android manifest and specify permissions needed to use the library. (I don't think .jar files actually do this, but .aar files absolutely do). Both .aar and .jar files are .zip files, with a different extension and with specific metadata in specific places.

Find them by running:

find . -iname "*.?ar" -print -exec zipgrep "uses-permission" "{}" "AndroidManifest.xml" ";" 2> /dev/null

Here's what this does. It finds any file (in the current folder (.) and its subfolders) has an extension of (something) a r, thus .jar, or .aar (-name "*.?ar"). It outputs the archive's file name (-print). It then runs zipgrep (-exec). Zipgrep is told to search through any files in the archive ({}) named "AndroidManifest.xml", and output any line with the words "uses-permission". We then pipe the errors to the bit bucket (2> /dev/null) so we don't see lots of errors about archives that don't have android manifests in them.

An example output looks like this:

./OneSignal/Platforms/Android/onesignal-unity.aar AndroidManifest.xml: <uses-permission android:name="android.permission.INTERNET" /> AndroidManifest.xml: <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> AndroidManifest.xml: <uses-permission android:name="android.permission.WAKE_LOCK" /> AndroidManifest.xml: <uses-permission android:name="android.permission.VIBRATE" /> ... ./Plugins/Android/android.arch.core.common-1.1.0.jar ./Plugins/Android/android.arch.core.runtime-1.1.0.aar ./Plugins/Android/android.arch.lifecycle.common-1.1.0.jar ... ./Plugins/Android/com.google.android.gms.play-services-gcm-11.8.0.aar AndroidManifest.xml: <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> AndroidManifest.xml: <uses-permission android:name="android.permission.INTERNET" /> ./Plugins/Android/com.google.android.gms.play-services-gcm-license-11.8.0.aar ./Plugins/Android/com.google.android.gms.play-services-iid-11.8.0.aar AndroidManifest.xml: <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> AndroidManifest.xml: <uses-permission android:name="android.permission.INTERNET" /> ./Plugins/Android/com.google.android.gms.play-services-iid-license-11.8.0.aar ...

The filenames all start with periods. I can thus see, for example, that the onesignal-unity.aar sets several permissions, several .jar files were searched with no permissions inside them, and some of the play services libraries specify permissions.

If I needed to change a library, I could rename the .aar to .zip, extract it, edit it, compress it, and rename it back. (It isn't necessarily wise to change the permissions inside a library, but possible.)

3. Unity Adds the Permission

I didn't have anything to add on this; as said above, if you use the Microphone API, Unity will add a permission for you so your app will work.

However, I've since realized that you can do the following:

  • bring up the Build Settings for Android
  • tick the 'Export Project' box
  • Export the project, noting the location
  • go to /my/project/export/src/main/AndroidManifest.xml. This is what Unity emits for the android manifest (before google's tools do all the merging).
  • compare it (using your favourite diff tool) to Assets/plugins/Android/AndroidManifest.xml; the differences come from Unity.





How to find source of a permission in Unity Android

Note: This question is specific to Unity3D I have a very clean android manifest file in Unity project under Plugins/Android/ folder with no tag at all. I believe that some



Unity v5.6.7, Android SDK 최신 버전에서 READ_PHONE_STATE 권한을 제거 했는데도 계속 추가되는 문제가 있어서 알아본 결과 Android SDK 최신 버전에서 필요하다고 판단되면 READ_PHONE_STATE를 강제로 추가하고 있다.

(Unity 최신버전(현재 Unity 2018이상 버전)에서는 해당 버그가 수정된 듯 하다.)


내 경우는 SystemInfo.deviceUniqueIdentifier를 사용하게 되면서 필요하다고 판단해서 READ_PHONE_STATE를 추가시키고 있었다.


아래 설명대로 Android SDK 25.2.5 버전에서는 강제로 추가하는 문제가 없어서 SDK 버전을 되돌렸는데

Manifest Merge 관련 문제가 많이 나와서(최신 Android SDK에서는 자동 정리해주는 중복 Manifest 관련 문제를 25.2.5에서는 자동으로 해결해주지 못해서 직접 수정함) 문제되는 aar 파일 안의 AndroidManifest 파일을 모두 수정해서 해결 했다.

한 10개정도 수정한 듯..




Steps to reproduce:

1) Update SDK to the latest version (26.0.2) 
2) Download attached project 'Repo.zip' and open in Unity 
3) Build .apk file 
4) Open 'AndroidManifest.xml' file (Temp/StagingArea/AndroidManifest.xml)

Expected result:READ_PHONE_STATE permission should not be added in the AndroidManifest.xml (check attachment 'AndroidManifest_created_with_26.0.2.xml') 
Actual result: READ_PHONE_STATE permission is added in the AndroidManifest.xml (check attachment 'AndroidManifest_created_with.25.2.3.xml')

Reproduced with: 
5.5.4p1, 5.6.2p1, 2017.1.0f1, 2017.2.0b1

Note: READ_PHONE_STATE permission wasn't added using 25.2.5 sdk

RESOLUTION: By design. The project includes a plugin (com.nerd.TapdaqUnityPlugin) which does not specify targetSdkVersion in its manifest. Thus android manifest merger correctly assumes that the SDK version is lower than 4 and implicitly grants the READ_PHONE_STATE permission. See https://developer.android.com/reference/android/Manifest.permission.html#READ_PHONE_STATE. The difference between 25.2.5 and 26.0.2 SDKs is that in the latter we use different manifest merger implementation which is more strict.





Unity IssueTracker - [Android] READ_PHONE_STATE permission is added in the AndroidManifest.xml file using latest (26.0.2) SDK

Steps to reproduce: 1) Update SDK to the latest version (26.0.2) 2) Download attached project 'Repo.zip' and open in Unity 3) Build ...



표 1. 위험한 권한 및 권한 그룹.

권한 그룹권한



