I found an interesting demo app on another blog and thought I would try it out on my phone. I downloaded the code, built the project, and then decided I’d package it as an apk file so I could share it easily in email. I sent it to myself and was ready to install it. I was a bit surprised to see a request for permissions. The app was requesting permission to modify SD card contents and to read phone state and identity.
Generally, it has been my policy not to install any Android app that asks for too much access to my Android device. Upon seeing this, I stopped. There was no reason for any permissions. A fix would certainly be easy, I thought.
I checked the Android manifest file, expecting to see those permissions, but there was nothing there. At first, I suspected that there was some alternate way to request permissions or cause these requests. It turned out that the answer was much simpler than that. Permissions introduced in newer versions of Android are unknown to very old versions. If your app does not say where it can be used, the check is done with the assumption that you might be on one of those old versions.
So always specify the min SDK version in your manifest file. As soon as I added these lines in my manifest, installation was fine. No more permission requests.
<uses-sdk android:minSdkVersion="8"
android:targetSdkVersion="10"/>
The answer to this is out there in several places. The answer I found is this one: Why do so many Android apps require permissions to read phone state? It took me awhile to find the answer so I’ve written it up here, as a reminder to myself and other developers regarding packaging apps for release.
(By the way, the demo app I was trying is quite fascinating. See Particle Explosion With Android for a really good demo app where particles explode and bounce around on the screen.)
More Is Not Always Better 