CommandClick icon indicating copy to clipboard operation
CommandClick copied to clipboard

Published 20 hours ago verified publisher icon puutaro

question on permissions

Open IzzySoft opened this issue 1 year ago • 4 comments

My scanner got some additional checks in January, and on today's update of your app reports:

! repo/com.puutaro.commandclick_62.apk declares flag(s): usesCleartextTraffic
! repo/com.puutaro.commandclick_62.apk declares sensitive permission(s):
  android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_COARSE_LOCATION
  android.permission.READ_EXTERNAL_STORAGE android.permission.MANAGE_EXTERNAL_STORAGE
  android.permission.QUERY_ALL_PACKAGES android.permission.CAMERA
! repo/com.puutaro.commandclick_62.apk contains signature block blobs: 0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

Could you please clarify what these permissions are needed for? The flag (usesCleartextTraffic) is rather clear for a browser. And as for DEPENDENCY_INFO_BLOCK, you can easily get rid of that:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.

Thanks in advance!

IzzySoft avatar Feb 22 '24 19:02 IzzySoft

PS: You also might wish to take a look here

IzzySoft avatar Feb 22 '24 19:02 IzzySoft

Thank you for question.
QUERY_ALL_PACKAGES -> CommandClick is also QR executor. So QUERY_ALL_PACKAGES is used for executing qr image contents.: WIFI, URL, SMS, MAIL etc.. ACCESS_FINE_LOCATION -> Ths require WIFI setting via QR reader . READ_EXTERNAL_STORAGE -> CommandClick base is file system. This app data is saved to file. So, without this permission, CC is not feasible.

CC is muilti feature application like termux. Therefore, this app has various permission. Still, only the minimum permission is set.
And I don't think that having many permissions is a problem.

puutaro avatar Feb 23 '24 03:02 puutaro

Thanks for your reply! Though I must admit I do not fully understand all:

used for executing qr image contents.: WIFI, URL, SMS, MAIL etc..

I don't understand what that has to do with querying the list of installed apps. Can you please give an example?

The others I (hopefully) got so far:

image

IzzySoft avatar Feb 23 '24 18:02 IzzySoft

Like your comment, QUERY_ALL_PACKAGES don't use currently. So I remove once in this release
Apparently, this permission add 5. 2023. In this season, I feel like I explore package other than termux or cobination app. So, in order to seek app, I use QUERY_ALL_PACKAGES. But, I don't use this now. In any way, Thanks for your comemnt, I can removing useless and no-require permission. Thank you.

puutaro avatar Feb 25 '24 16:02 puutaro