(permissions updated on 16 Dec 2021)
This guide explains how you can restrict the permissions that are given to Speakap regarding the Google Play Developer account used for publishing Android white-label apps. It's an addition to the main article Allow Speakap to publish and manage your Android White-Label App | Full Walkthrough
The two Speakap accounts
Speakap needs permissions for two accounts:
- developer account (firstname.lastname@example.org)
- service account (used via the JSON API key)
We use the developer account to make manual adjustments, while we use the service account to push changes automatically (like frequent app updates).
Our recommendation is almost the same for the two accounts.
The difference is that we recommend giving full Admin permissions for the developer account, while that's less important for the service account.
Admin - the recommended option
The easiest option for clients is to give Speakap Admin permissions at the Account level (as opposed to the App level). Mind that the account owner (you, the client) has permissions that are higher than Admin, so they are always in control.
Having Admin permissions allows us to manage more aspects of the account without having to contact the client frequently. This makes maintaining the app in future easier, and reduces the chances of getting blocked (rejected updates, rejected app etc).
Examples include: solving issues with the Google app review process, changing settings/information in future to adhere to new requirements, adding another app etc.
The image below shows how to give permissions at the Account level.
The two images below contain all permissions that are given when selecting Admin.
Restricted permissions - the option for extra security
Clients who have stronger concerns about security may opt to give us permissions at the App level (as opposed to the Account level). This would mean that Speakap will only have access to the specified app, and no other apps that might have been published in the same account.
The image below shows how to give permissions at the App level. You also need to click on "Add app" and select the draft app that you created.
An additional measure is to Not give us Admin permissions. This would make it harder for both parties to diagnose problems, but would still allow us to publish and update the app.
Note: Restricting our permissions could lead to complications in future, but it's a valid strategy that gives us only the control we need at the moment. In this case we may have to contact you to resolve problems in the future.
The two images below show which permissions are required.
- Admin (all permissions)
RECOMMENDED, but not absolutely required
Admin permissions make it easier for both parties to address problems in future, and to keep the app and account up-to-date.
- View app information and download bulk reports (read-only)
We need to be able to see information about the app in order to manage it properly, and also to analyze any problems and address them. We will not see financial data of the app. If you want to hide the data of other apps on the same account, you can set the permissions on the App level of our app (instead of on the Account level).
Not required (but it's completely safe to allow it, as it's a Free app)
Play Games Services
Not required (but it's completely safe to allow it, as it's not a Game)
- All permissions in this category are required, as they allow us to test and release your app.
- Possible exception: "Create, edit, and delete draft apps" -> not always required (but completely safe). If you create a draft app for us, and everything goes smoothly, we may not need this specific permission.
We need to be able to update the apps's store listing.