So today we did a release of an app and unfortunately we didn't notice a new permission had been added which is android.permission.READ_PHONE_STATE.
A few users pointed out that a new permission category had been added to the app which was
Device ID & call information
read phone status and identity
After some looking into this I found that this is linked to the aforementioned permission however I don't have that in any of my manifests. After a search on my project, I found it was contained in the manifest-merger-release-report.txt.
android:uses-permission#android.permission.READ_PHONE_STATE
IMPLIED from AndroidManifest.xml:6:1 reason: com.getpebble.android.kit has a targetSdkVersion < 4
I don't want this permission to be requested of the user, especially if it's only because an external library hasn't got its targetSdkVersion set.
I make this a dependency of my module using the following.
compile 'com.getpebble:pebblekit:2.6.0@aar'
MY QUESTION
How do I override the library's targetSdkVersion without access to it's AndroidManifest.xml file?
UPDATE
After looking at the library's source code on GitHub I can in fact see that it does have its targetSdkVersion and minSdkVersion set correctly so the prompt in the manifest-merger-release-report.txt is incorrect.
To override 'uses-permission' attribute coming from a library, you can use Selector:
Selector
Each tools:node or tools:attr declaration can be augmented by a tools:selector attribute which is contextual information on whether or not the merging strategy should be applied to the current lower priority XML description. For instance, this is useful when removing a permission only if coming for one particular library as opposed to any library:
<permission android:name="permissionOne" tools:node="remove" tools:selector="com.example.lib1">