kiwix-android
kiwix-android copied to clipboard
kiwix
Improve to 10/10 on Exodus
Our assessment on Exodus is 9/10 https://reports.exodus-privacy.eu.org/fr/reports/org.kiwix.kiwixmobile/latest/
I would like to see if we can improve to 10/10
@gouri-panda @MohitMaliDeveloper Do you know why we need the permissions ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION?
ACCESS_COARSE_LOCATION for hosting the zim files and ACCESS_FINE_LOCATION for zim files transfer. https://github.com/kiwix/kiwix-android/commit/d18d25d6fb32795757b734638a193476fe10c20b https://github.com/kiwix/kiwix-android/commit/e76c05f34a845060a7ba12f06c1708458deff254
@gouri-panda thank you for your response. If I refer to https://developer.android.com/reference/android/Manifest.permission, I have:
ACCESS_COARSE_LOCATION"Allows an app to access approximate location". I don't understand how this could be necessary for "hosting the zim files" (which I guess you mean launching a HTTP daemon and the WIFI in Hotspot mode). Would you be able to explain please to give more details?ACCESS_FINE_LOCATION"Allows an app to access precise location." I don't understand how this should be necessary for anythin... and Kiwix has not feature to transfer ZIM files (to whom? how?)
@kelson42 We use WI-FI for hosting zim files and sharing(not transfer) zim files to nearby devices. A successful WI-Fi discovery peer needs these permissions to scan available WI-Fi peers for the purpose of establishing a connection[^1].
But starting from android 13 we can make this go away by adding this permission to our manifest. NEARBY_WIFI_DEVICES allows apps to manage device's connections to nearby access points over WIFI. By adding the neverForLocation value we ensure that we'll never derive location information from WIFi APIs.
<uses-permission android:name="android.permission.NEARBY_WIFI_DEVICES"
android:usesPermissionFlags="neverForLocation" />
But below android 13 we need these permissions. [^1]: https://developer.android.com/guide/topics/connectivity/wifi-scan#wifi-scan-restrictions
A successful WI-Fi discovery peer needs these permissions to scan available WI-Fi peers for the purpose of establishing a connection
Why we need to "scan" for devices? The feature is only about creating a WiFi hotspot and other users access it normally via any Web browsers. I still don't understand why we need this.
hi @kelson42 ,
We can only get rid of these permission once we target android 13 and above below we do requires this permission https://developer.android.com/about/versions/13/features/nearby-wifi-devices-permission. We require this permission for Peer to Peer connection https://developer.android.com/guide/topics/connectivity/wifip2p .
@MohitMaliFtechiz Ok so we should change for android13+. There is no way to require only this permission when this specific feature is used? To avoid a bad note?
@MohitMaliFtechiz Ok so we should change for android13+. There is no way to require only this permission when this specific feature is used? To avoid a bad note?
yes currently i have checked we are requesting this permission on runtime when specific feature is used.
This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}