Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

question on permissions #10

Open
IzzySoft opened this issue Feb 22, 2024 · 4 comments
Open

question on permissions #10

IzzySoft opened this issue Feb 22, 2024 · 4 comments

Comments

@IzzySoft
Copy link

My scanner got some additional checks in January, and on today's update of your app reports:

! repo/com.puutaro.commandclick_62.apk declares flag(s): usesCleartextTraffic
! repo/com.puutaro.commandclick_62.apk declares sensitive permission(s):
  android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_COARSE_LOCATION
  android.permission.READ_EXTERNAL_STORAGE android.permission.MANAGE_EXTERNAL_STORAGE
  android.permission.QUERY_ALL_PACKAGES android.permission.CAMERA
! repo/com.puutaro.commandclick_62.apk contains signature block blobs: 0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

Could you please clarify what these permissions are needed for? The flag (usesCleartextTraffic) is rather clear for a browser. And as for DEPENDENCY_INFO_BLOCK, you can easily get rid of that:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.

Thanks in advance!
@IzzySoft
Copy link
Author

PS: You also might wish to take a look here

@puutaro
Copy link
Owner

puutaro commented Feb 23, 2024

Thank you for question.
QUERY_ALL_PACKAGES -> CommandClick is also QR executor. So QUERY_ALL_PACKAGES is used for executing qr image contents.: WIFI, URL, SMS, MAIL etc..
ACCESS_FINE_LOCATION -> Ths require WIFI setting via QR reader .
READ_EXTERNAL_STORAGE -> CommandClick base is file system. This app data is saved to file. So, without this permission, CC is not feasible.

CC is muilti feature application like termux. Therefore, this app has various permission. Still, only the minimum permission is set.
And I don't think that having many permissions is a problem.

@IzzySoft
Copy link
Author

Thanks for your reply! Though I must admit I do not fully understand all:

used for executing qr image contents.: WIFI, URL, SMS, MAIL etc..

I don't understand what that has to do with querying the list of installed apps. Can you please give an example?

The others I (hopefully) got so far:

image

@puutaro
Copy link
Owner

puutaro commented Feb 25, 2024

Like your comment, QUERY_ALL_PACKAGES don't use currently. So I remove once in this release
Apparently, this permission add 5. 2023. In this season, I feel like I explore package other than termux or cobination app.
So, in order to seek app, I use QUERY_ALL_PACKAGES. But, I don't use this now.
In any way, Thanks for your comemnt, I can removing useless and no-require permission.
Thank you.

@puutaro puutaro mentioned this issue Feb 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@IzzySoft @puutaro