Consider removing READ_PHONE_STATE

[breedx-splk]

So in our Splunk distro, a user raised an issue about READ_PHONE_STATE permission being a security concern. It exists in the manifest here.

I don't remember the exact details right now, but I think that maybe network detection doesn't work correctly on older versions of Android without it?

Curious if other folks know specifics, and if we should consider relaxing the requirement around this permission.

Relates to #49.

[marandaneto]

The issue is here

opentelemetry-android/instrumentation/src/main/java/io/opentelemetry/android/instrumentation/network/PostApi28NetworkDetector.java

Lines 52 to 54 in 1775b15

	if (hasPermission(Manifest.permission.READ_PHONE_STATE)) {
	subType = getDataNetworkTypeName(telephonyManager.getDataNetworkType());
	}

It checks if the permission is available, so you can technically remove the SDK implicit permission but that if will always return false. If they want that info, you can tell people via docs to add the permission directly on their app.

[ber4444]

Just to clarify, will Open telemetry as well as Splunk RUM properly handle network subtype being null?

If so, it should not be added here by default:

opentelemetry-android/instrumentation/src/main/AndroidManifest.xml

Line 6 in 1775b15

<uses-permission android:name="android.permission.READ_PHONE_STATE" />