Requirements for the application Manifest file content
Unused permissions should not be there in the Manifest file. If developer wants to use the below permissions, document describing the Use case should be provided before review process
- android.permission.ACCESS_COARSE_LOCATION
- android.permission.ACCESS_FINE_LOCATION
- android.permission.WAKE_LOCK
- android.permission.RECEIVE_BOOT_COMPLETED
- android.permission.GET_ACCOUNTS
There are some permissions that are not allowed in the Manifest file. So the AndroidManifest.xml SHOULD NOT contain
- android.permission.SHUTDOWN
- android.permission.DISABLE_KEYGUARD
- android.permission-group.SYSTEM_TOOLS
- android.permission.MANAGE_USERS
- android.permission.MOUNT_UNMOUNT_FILESYSTEMS
- android.permission.CLEAR_APP_CACHE
Launcher permissions that are not allowed in manifest file.
- com.android.launcher.permission.READ_SETTINGS
- com.android.launcher.permission.WRITE_SETTINGS
Some of the Android Intent Actions are prohibited. So these should not be present in the Manifest file.
- android.app.action.DEVICE_ADMIN_ENABLED
- android.intent.action.USER_PRESENT
- android.intent.action.PACKAGE_CHANGED
- android.app.action.DEVICE_ADMIN_ENABLED
- android.intent.action.PACKAGE_REPLACED
- android.intent.action.PACKAGE_REMOVED
- android.intent.action.BOOT_COMPLETED"
- android.intent.action.DEVICE_INITIALIZATION_WIZARD
- android.app.action.DEVICE_ADMIN_ENABLED
- android.intent.category.HOME
Android apps should not have Implementations as below
- Any activity or App should not be launched on boot complete. So the AndroidManifest.xml file SHOULD NOT contain: "android.intent.action.BOOT_COMPLETED"
- Any activity or App should not be launched after device wakeup.
- App should not set any priority for broadcast receiver/service through Intent Filters to be launched. The AndroidManifest.xml file SHOULD NOT contain e.g. android:priority="999"
- App should not have intent action as “HOME". The AndroidManifest.xml file SHOULD NOT contain: "android.intent.category.HOME"
- App should not be launched in “Kiosk Mode". Developer shall not disable Android features that can be used to leave the app. So AndroidManifest.xml file SHOULD NOT contain: "android.permission.RECEIVE_BOOT_COMPLETED", "android.intent.action.BOOT_COMPLETED"
- App should not set any Device Admin Receiver components or MDM to control device behavior. So the AndroidManifest.xml file SHOULD NOT contain: "android.app.action.DEVICE_ADMIN_ENABLED"
- App cannot be a device initializer. The AndroidManifest.xml file SHOULD NOT contain: "android.intent.action.DEVICE_INITIALIZATION_WIZARD"