question on permissions

[IzzySoft]

Our scanners got extended since your last release, so on the current one they reported:

! repo/com.m3u.androidApp_144.apk declares sensitive permission(s):
  android.permission.READ_EXTERNAL_STORAGE
! repo/com.m3u.androidApp_144.apk contains signature block blobs: 0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

I guess READ_EXTERNAL_STORAGE is used to access local media files (but what is WRITE_EXTERNAL_STORAGE needed/used for then)? Concerning DEPENDENCY_INFO_BLOCK, thats easily avoided with a little addition to your build.gradle`:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains. More details can be found e.g. here: Ramping up security: additional APK checks are in place with the IzzyOnDroid repo.

Thanks in advance!