How to remove unnecessary Android permissions from React Native apps — 1x05

Hi there, my name is Tasos and I have been coding in React Native for a year now. This story is part of a series where I will be sharing my experiences: how I approached and worked with RN Components, APIs, external packages and all sorts of issues i.e. Animations, responsive UI, react-native-fbsdk package. I hope that this series of posts will prove useful to the React Native community and provide helpful insights.


The “drawing over other apps” permission

If you are developing in React Native, chances are you have seen the following screen:

Image 1: The view that developers see when they first run their app in a device

It’s a screen that appears when users/developers execute their app for the first time in a device/emulator where the built application asks for permission. Permission to be able to “draw over other apps”. When I saw it for the first time I wondered:

What is that permission? And where did it come from?

After doing some web research, it turns out that this Android permission is called SYSTEM_ALERT_WINDOW and is needed from React Native when executing the app in debug mode only. But besides the fact that it is needed for debug mode only, it also appears in the list of permissions of the release mode APK. And after looking at the Android permissions’ documentation we notice that it is a special permission which is particularly sensitive and should not used in most apps. That being said, users will probably not install the app if they check the list of required permissions. So let’s see how to remove it from production!

I try to remove it but it’s still there… How to get it off?

In general, the way to add/remove a permission in Android apps is by modifying the AndroidManifest.xml file that lives in android/app/src/main folder. Indeed, if we open this file we see the following xml code:

<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />

Trying to simply remove this line and save the file won’t work. RN needs it for debug mode, thus the moment you will start building your code and produce your APK (either debug or release) it will be added again automatically. We can get it off from production though as shown below:

  1. Delete the permission line mentioned above from android/app/src/main/AndroidManifest.xml file
  2. Create a new folder called release in android/app/src/mainpath
  3. Create a new AndroidManifest.xml inside the file you created on previous step
  4. Add the following xml code inside the new AndroidManifest.xml file:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="your.package.name">
<uses-permission tools:node="remove" android:name="android.permission.SYSTEM_ALERT_WINDOW" />

Now check that even though we keep the SYSTEM_ALERT_WINDOW xml code, we configure it with the prop tools:node with value set to string “remove”. That way we have created a separate Android Manifest file for release mode that explicitly instructs the builder to exclude this permission from the release APK. Don’t forget to change your.package.name above to the actual package of your Android application.

How to remove more Android permissions

Image 2: Android sample permissions

Besides this tricky permission there are more permissions RN adds automatically and are not essential for the app building. One of them is the READ_PHONE_STATE, a permission that reads data that most users will not want to give and they might not install the app because of that.

The simple way to remove this type of permission, is by deleting its xml code line from the original Android Manifest file in android/app/src/main.

If this tactic doesn’t work and the the permission gets auto generated again, then, you need to add to it the prop, tools:node with to value “remove” as we did before. Just to clarify again, we do this in the original android/app/src/main/AndroidManifest.xml file because we want these permissions to be removed for all versions of the app. So we have:

<uses-permission tools:node=”remove” android:name=”android.permission.READ_PHONE_STATE” />

With the ways mentioned above, you should be able to remove all of the annoying RN permissions for Android.


What do you think?

What do you think about this article? How did you remove yourself the permissions not needed? Offer your perspective and ideas in the comments section below, either contact me on Twitter or directly via email: tasos.maroudas@wizope.com.

Do you have a specific subject that you would like me to cover? If I have worked on it, I will be more than happy to share my perspective.

If you enjoyed this article, feel free to hit that clap button 👏 to help others find it.

Tasos Maroudas is the the lead front end developer of Math Warriors game. Math Warriors is currently available for Android and soon to be released for iOS.