RFAnalyzer
RFAnalyzer copied to clipboard
Check & request operation missing before using Environment.getExternalStorageDirectory()
Issue description
Hi, in RFAnalyzer v1.13, we found a dangerous API usage (https://github.com/demantz/RFAnalyzer/blob/master/app/src/main/java/com/mantz_it/rfanalyzer/MainActivity.java#L118) which requires Manifest.permission.WRITE_EXTERNAL_STORAGE in accordance to the Android official documentation (https://developer.android.com/reference/android/os/Environment?hl=en#getExternalStorageDirectory()).
However, it seems that it missed the “check” and “request” operation in the following call chain starting from the MainActivity.onCreate(Bundle savedInstanceState) activity if permission is not granted.
CALLCHAIN:
com.mantz_it.rfanalyzer.MainActivity.onCreate(android.os.Bundle)void
android.os.Environment.getExternalStorageDirectory()java.io.File
This may lead to a SecurityException or related functions unavailable if the user denies the storage permission but still calls the API in this chain, resulting in bad user experience.
@demantz Could you help me review this issue? Thx