Manifest requirements

Requirements for the application Manifest file content


Unused permissions should not be there in the Manifest file. If developer wants to use the below permissions, document describing the Use case should be provided before review process
  • android.permission.ACCESS_COARSE_LOCATION
  • android.permission.ACCESS_FINE_LOCATION
  • android.permission.WAKE_LOCK
  • android.permission.RECEIVE_BOOT_COMPLETED
  • android.permission.GET_ACCOUNTS

There are some permissions that are not allowed in the Manifest file. So the AndroidManifest.xml SHOULD NOT contain 
  • android.permission.SHUTDOWN
  • android.permission.DISABLE_KEYGUARD
  • android.permission-group.SYSTEM_TOOLS
  • android.permission.MANAGE_USERS
  • android.permission.MOUNT_UNMOUNT_FILESYSTEMS
  • android.permission.CLEAR_APP_CACHE


Launcher permissions that are not allowed in manifest file.
  • com.android.launcher.permission.READ_SETTINGS
  • com.android.launcher.permission.WRITE_SETTINGS

Some of the Android Intent Actions are prohibited. So these should not be present in the Manifest file.
  • android.app.action.DEVICE_ADMIN_ENABLED
  • android.intent.action.USER_PRESENT
  • android.intent.action.PACKAGE_CHANGED
  • android.app.action.DEVICE_ADMIN_ENABLED
  • android.intent.action.PACKAGE_REPLACED
  • android.intent.action.PACKAGE_REMOVED
  • android.intent.action.BOOT_COMPLETED"
  • android.intent.action.DEVICE_INITIALIZATION_WIZARD
  • android.app.action.DEVICE_ADMIN_ENABLED
  • android.intent.category.HOME
   

Android apps should not have Implementations as below

 
  • Any activity or App should not be launched on boot complete. So the AndroidManifest.xml file SHOULD NOT contain: "android.intent.action.BOOT_COMPLETED"
  • Any activity or App should not be launched after device wakeup. 
  • App should not set any priority for broadcast receiver/service through Intent Filters to be launched. The AndroidManifest.xml file SHOULD NOT contain e.g. android:priority="999"
  • App should not have intent action as “HOME". The AndroidManifest.xml file SHOULD NOT contain: "android.intent.category.HOME"
  • App should not be launched in “Kiosk Mode". Developer shall not  disable Android features that can be used to leave the app. So AndroidManifest.xml file SHOULD NOT contain: "android.permission.RECEIVE_BOOT_COMPLETED", "android.intent.action.BOOT_COMPLETED"
  • App should not set any Device Admin Receiver components or MDM to control device behavior. So the AndroidManifest.xml file SHOULD NOT contain: "android.app.action.DEVICE_ADMIN_ENABLED"
  • App cannot be a device initializer. The AndroidManifest.xml file SHOULD NOT contain: "android.intent.action.DEVICE_INITIALIZATION_WIZARD"