fix(android): remove broad media permissions

[bmarsaud]

Platforms affected

Android

Motivation and Context

As discussed on #288, broad media permissions (READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, READ_MEDIA_AUDIO) policy will be enforced on August 31, 2024, threatening the Google Play approval of apps using this plugin.

For a more privacy preserving experience for users, we’re introducing the Photo and Video Permissions policy to reduce the number of apps permitted to request broad photo/video permissions (READ_MEDIA_IMAGES and READ_MEDIA_VIDEO). Apps may only access photos and videos for purposes directly related to app functionality. Apps that have a one-time or infrequent need to access these files are requested to use a system picker, such as the Android photo picker.

Apps that request access to the READ_MEDIA_VIDEO or READ_MEDIA_IMAGES permission must successfully demonstrate a core use case that requires persistent or frequent need of photo/video access located in shared storage.

The purpose of this PR is to not use broad media permissions.

Description

My understanding is that, we don't need these permissions in the first place.
I would be interested to know why the changes of #262 were considered necessary at the time, am I missing something?

Here are the requirements that I've gathered:

Android Version	Requirement	Source
<= 9	READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE are needed to "access any media file"	https://developer.android.com/training/data-storage/shared/media?hl=en#extra-permissions
10	Same as Android 11+ (see below) BUT if the app has opted-out of scoped storage we still need the EXTERNAL_STORAGE permissions	https://developer.android.com/training/data-storage/use-cases?hl=en#running_on_android_10 https://developer.android.com/training/data-storage/use-cases?hl=en#opt-out-in-production-app
11+	There is no permission needed to perform a MediaCapture intent, save the media file to the MediaStore.Images collection and read it later because you "own" the file	https://developer.android.com/training/data-storage/shared/media?hl=en#storage-permission

For Android 10, I would suggest this plugin be resilient to handle apps that have opted-out of scoped storage by using the android:requestLegacyExternalStorage="true" configuration.

With these information in mind, here is what I've changed:

• READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE declared in the manifest and asked at runtime only for Android up to 10
• Removal of READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, READ_MEDIA_AUDIO from the manifest and runtime request.

Testing

I have tested an image capture on Android 14, 13, 12L, 11, 10 and 9: the photo app opens, the file is well saved and can be read.

I there a documentation on how to run the unit-tests ?

Checklist

• I've run the tests to see all new and existing tests pass
• I added automated test coverage as appropriate for this change
• Commit is prefixed with (platform) if this change only applies to one platform (e.g. (android))
• If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct keyword to close issues using keywords)
• I've updated the documentation if necessary

[breautek]

For Android 10, I would suggest this plugin be resilient to handle apps that have opted-out of scoped storage by using the android:requestLegacyExternalStorage="true" configuration.

The requestLegacyExternalStorage is just a request. It is always rejected if the target SDK is 30 or later (current google play requires API 33 as a target). If you're targeting API 29, the request is only honoured if your app exists in google play before hand. Newer apps created after API 29 can be rejected (forcing developers to use scoped storage).

In otherwords, scoped storage is always enforced today on API 29+ devices.