Question on permissions
IzzySoft opened this issue · comments
My scanner received a few additional checks in January, and on today's update reported:
! repo/deltazero.amarok.foss_76.apk declares sensitive permission(s):
android.permission.READ_EXTERNAL_STORAGE android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.QUERY_ALL_PACKAGES android.permission.SYSTEM_ALERT_WINDOW
While I was able to "assign" most of those permissions to their corresponding usage, I couldn't see what SYSTEM_ALERT_WINDOW
is needed for. Could you please clarify?
As for that DEPENDENCY_INFO_BLOCK
, that's easy to get rid of:
android {
dependenciesInfo {
// Disables dependency metadata when building APKs.
includeInApk = false
// Disables dependency metadata when building Android App Bundles.
includeInBundle = false
}
}
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.
Hi @IzzySoft 👏
I couldn't see what SYSTEM_ALERT_WINDOW is needed for. Could you please clarify?
SYSTEM_ALERT_WINDOW
enables the display of a system-wide panic button.
We request this permission at runtime through a dialog that explains the need for it. And definitely, it's optional - the permission can be bypassed if the panic button isn't enabled.
As for that DEPENDENCY_INFO_BLOCK, that's easy to get rid of
Sure! I'll add the code snippet in the upcoming release.
Thanks! Added SYSTEM_ALERT_WINDOW
to the allow-list as well then, accompanied by your explanation, effective immediately if you want to check for yourself 😉
I'll add the code snippet in the upcoming release.
Thanks!
LGTM! Closing the issue now.