cordova-plugin-badge icon indicating copy to clipboard operation
cordova-plugin-badge copied to clipboard

Published 20 hours ago verified publisher icon katzer

privacy problem related to android.permission.MY_READ_INSTALLED_PACKAGES

Open pierresh opened this issue 3 years ago • 4 comments

Hello,

Xiaomi app store has added new restrictions related to the privacy policy. It seems that this plugin reads the list of installed app on the device at the startup of the app, before the end-user could agree the privacy policy.

Below is the log provided by Xiaomi store, I could find reference to the file BadgeImpl.java:

违规行为:未经许可读取个人信息 | 获取应用列表
发生时间:2022-07-15 04:25:27 
违规md5:md5=623AB2A7B5102C49AA986E8302E397B1,
违规包名:pkg=com.app.mobile,
违规动作:action=android.permission.MY_READ_INSTALLED_PACKAGES,
违规详情:content=查询条件(Intent { act=android.intent.action.MAIN cat=[android.intent.category.INFO] 
违规包名:pkg=com.app.mobile }),输出包名(),callstack:android.app.ApplicationPackageManager.queryIntentActivitiesAsUser:1130;android.app.ApplicationPackageManager.queryIntentActivities:1077;android.app.ApplicationPackageManager.getLaunchIntentForPackage:228;me.leolin.shortcutbadger.ShortcutBadger.initBadger:192;me.leolin.shortcutbadger.ShortcutBadger.isBadgeCounterSupported:142;de.appplant.cordova.plugin.badge.BadgeImpl.<init>:54;de.appplant.cordova.plugin.badge.Badge.pluginInitialize:40;org.apache.cordova.CordovaPlugin.privateInitialize:58;org.apache.cordova.PluginManager.getPlugin:171;org.apache.cordova.PluginManager.exec:122;org.apache.cordova.CordovaBridge.jsExec:59;org.apache.cordova.engine.SystemExposedJsApi.exec:41;android.os.MessageQueue.nativePollOnce:-2;android.os.MessageQueue.next:326;android.os.Looper.loop:160;android.os.HandlerThread.run:65;

Is it possible to prevent this plugin reading the list of installed apps? This sounds not related to the badge function, thanks!

pierresh avatar Sep 08 '22 13:09 pierresh

solved?

5thgfka avatar Sep 18 '22 17:09 5thgfka

solved?

No, it seems the problem actually comes from another library ShortcutBadger used by this plugin

pierresh avatar Sep 19 '22 02:09 pierresh

someone solved this issue, but also rejected by Xiaomi. Because the function loadUrl of Cordova also request that permission.

5thgfka avatar Sep 21 '22 06:09 5thgfka

We finally removed this plugin and also cordova-plugin-local-notifications to get our app accepted by the Xiaomi store.

pierresh avatar Sep 21 '22 08:09 pierresh