Dangerous READ_PHONE_STATE permission added

[Phecda]

Which package are you using?

@react-native-vector-icons/*

What platform(s) does this occur on?

Android

Minimal reproducible example

npx @react-native-community/cli@latest init AwesomeProject; cd AwesomeProject; yarn add @react-native-vector-icons/evil-icons; cd android; ./gradlew assembleRelease;

What happened?

Similar to this issue.

Every build.gradle of the icon packages did not specify a targetSdkVersion, leading the manifest merger assumes it < 4 and then adds READ_PHONE_STATE automatically into the final AndroidManifest.xml.

You can know from android/app/build/outputs/logs/manifest-merger-release-report.txt

Relevant log output

uses-permission#android.permission.WRITE_EXTERNAL_STORAGE
IMPLIED from /Users/jerry/Projects/AwesomeProject/android/app/src/main/AndroidManifest.xml:1:1-27:12 reason: com.reactnativevectoricons.evil_icons has a targetSdkVersion < 4
uses-permission#android.permission.READ_PHONE_STATE
IMPLIED from /Users/jerry/Projects/AwesomeProject/android/app/src/main/AndroidManifest.xml:1:1-27:12 reason: com.reactnativevectoricons.evil_icons has a targetSdkVersion < 4
uses-permission#android.permission.READ_EXTERNAL_STORAGE
IMPLIED from /Users/jerry/Projects/AwesomeProject/android/app/src/main/AndroidManifest.xml:1:1-27:12 reason: com.reactnativevectoricons.evil_icons requested WRITE_EXTERNAL_STORAGE

Your computer environment

System:
  OS: macOS 15.7.2
  CPU: (10) arm64 Apple M4
  Memory: 188.92 MB / 24.00 GB
  Shell:
    version: "5.9"
    path: /bin/zsh
Binaries:
  Node:
    version: 22.21.1
    path: /Users/jerry/.nvm/versions/node/v22.21.1/bin/node
  Yarn:
    version: 1.22.22
    path: /Users/jerry/.nvm/versions/node/v22.21.1/bin/yarn
  npm:
    version: 10.9.4
    path: /Users/jerry/.nvm/versions/node/v22.21.1/bin/npm
  Watchman:
    version: 2025.11.10.00
    path: /opt/homebrew/bin/watchman
Managers:
  CocoaPods: Not Found
SDKs:
  iOS SDK:
    Platforms:
      - DriverKit 25.1
      - iOS 26.1
      - macOS 26.1
      - tvOS 26.1
      - visionOS 26.1
      - watchOS 26.1
  Android SDK: Not Found
IDEs:
  Android Studio: 2025.2 AI-252.25557.131.2521.14432022
  Xcode:
    version: 26.1.1/17B100
    path: /usr/bin/xcodebuild
Languages:
  Java:
    version: 17.0.17
    path: /usr/bin/javac
  Ruby:
    version: 2.7.8
    path: /Users/jerry/.rbenv/shims/ruby
npmPackages:
  "@react-native-community/cli":
    installed: 20.0.0
    wanted: 20.0.0
  react:
    installed: 19.1.1
    wanted: 19.1.1
  react-native:
    installed: 0.82.1
    wanted: 0.82.1
  react-native-macos: Not Found
npmGlobalPackages:
  "*react-native*": Not Found
Android:
  hermesEnabled: true
  newArchEnabled: true
iOS:
  hermesEnabled: Not found
  newArchEnabled: false

[Daniel3711997]

Up?