AnyMemo icon indicating copy to clipboard operation
AnyMemo copied to clipboard

Published 20 hours ago verified publisher icon helloworld1

Excessive permissions for google drive integration

Open expipiplus1 opened this issue 4 years ago • 1 comments

This app requests three permissions:

  • View and manage files opened or created with this app
  • See, edit, create, delete all google drive files
  • See, edit, create, delete your spreadsheets in google drive

The last two seem unnecessary and are a little frightening!

expipiplus1 avatar Jan 19 '21 14:01 expipiplus1

Those are the scope requested: https://github.com/helloworld1/AnyMemo/blob/master/app/src/main/java/org/liberty/android/fantastischmemo/common/AMEnv.java#L50

https://www.googleapis.com/auth/plus.login -> For login https://docs.google.com/feeds/ -> For legacy API listing files, probably not needed anymore https://docs.googleusercontent.com/ -> For legacy API reading files, probably not needed https://spreadsheets.google.com/feeds/ -> For operating spreadsheets. This is the one showing "See, edit, create, delete your spreadsheets in google drive" https://www.googleapis.com/auth/drive.file -> That is the one showing "See, edit, create, delete all google drive files"

We may need to figure out the correct scope to limit the permission.

helloworld1 avatar Jan 19 '21 19:01 helloworld1