My scanner got some additional checks recently, and reported on today's update:

! repo/com.zacharee1.systemuituner_356.apk declares sensitive permission(s): android.permission.QUERY_ALL_PACKAGES android.permission.SYSTEM_ALERT_WINDOW

Could you please clarify what those are needed for? Thanks in advance!

QUERY_ALL_PACKAGES is used to show all installed applications and Activities for features like the Lock Screen Shortcuts and the Immersive Mode include/exclude lists.

SYSTEM_ALERT_WINDOW is optional, and used to work around background launch restrictions on later Android versions to let Persistent Options properly start on boot.

Thanks! Added to the allow list then:

If you want reasons for the other permissions to be shown there as well, be welcome to list them here and I'll add them.

As for the DEPENDENCY_INFO_BLOCK: Mind to get rid of that?

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.

I have explanations for most permissions in the terms doc: https://github.com/zacharee/Tweaker/blob/master/app/src/main/assets/terms.md.

For the blob thing, I can add that block to exclude it I think. I wish Google would stop being so ridiculous with this stuff.

Thanks! Copied the most over. Missing there: POST_NOTIFICATIONS and WAKE_LOCK 😉

(yes, vending.BILLING is not there. Only android.permission.* is covered by that code)