READ_PHONE_STATE permission on Android

Hi,

I noticed that the latest Unity IAP plugin adds READ_PHONE_STATE on Android builds. Why is this and can we disable it?

Having this permission leads to users getting asked if they’d “Allow X to make and manage phone calls?”

@mikatu

Thanks for letting us know about this. I will talk with our IAP engineers and see why this would be the case.

1 Like

I can confirm this. Happening to us as well. Down-grading to a previous Purchasing version fixes the issue. It’s really bad because it scares away players from playing the game.

@mikatu and @vexe Thank you both again for the reports. Yes, agreed this is urgent. We have found the issue and are working on a fix. It’s an oversight and I apologize - we’ll add integration tests to ensure unplanned permissions changes don’t recur.

We have a convenience feature which is adding this permission as a side-effect, so we’ll strip the feature. For Android stores needing to manage digital wallets through mixed user/server-side login, which is basically a raft full of upcoming store implementations, a persistent unique identifier for the user is required. For “online games” (those with backing game servers and already having a user identifier) this is trivial. For “offline games” (standalone without identity systems) binding payment and persistent wallet to a user, so when they uninstall / reinstall or add a new app they can access their digital wallet with that payment provider. The convenience feature we added is to call Unity’s SystemInfo.deviceUniqueIdentifier which has this side-effect, inapplicable to the majority of Unity IAP’s current userbase. Stripping means developers will need to explicitly supply some kind of user identifier which we’ll recommend, via documentation, the SystemInfo.deviceUniqueIdentifier again.

The fix will likely be in 1.9.2. We’re at 1.9.0 currently, and we’re almost finished pushing out 1.9.1 (want to share fixes for other platforms first).

Edit: For your convenience here is a link to a version not exhibiting this behavior, 1.8.4

Just wanted to update this thread.

1.9.2 was released and it removed the READ_PHONE_STATE permission:

1 Like