search

Automattic / simplenote-android

Simplenote for Android
https://simplenote.com
GNU General Public License v2.0
1.76k stars 299 forks source link

embedded APK? #1589

Open IzzySoft opened 1 year ago

IzzySoft commented 1 year ago

My scanner just alerted me about an embedded APK. Can you please clarify what res/raw/android_wear_micro_apk.apk is for? I guess that's pushed to the Wear device by your app? Trouble is, that embedded APK contains non-free dependencies (well, it's Wear):

Offending libs:
---------------
* Android Wear APIs (/com/google/android/gms/wearable): NonFreeDep
* Google Mobile Services (/com/google/android/gms): NonFreeDep

2 offenders.

Which makes the entire app non-free. Is this embedded APK essential for SimpleNote itself? If not (which I assume), would it be possible to have a "foss build flavor" coming without it?

peril-automattic[bot] commented 1 year ago
Fails
:no_entry_sign: Please add a type label to this issue. e.g. '[Type] Enhancement'
:no_entry_sign: Please add a feature label to this issue. e.g. 'Stats'

Generated by :no_entry_sign: dangerJS

IzzySoft commented 1 year ago

Uck, sorry – I see the app already carries the anti-features NonFreeDep, NonFreeNet and Tracking. So please let me amend: if that alternative flavor had Automattic-Tracks-Android removed and Sentry strictly opt-in, the Tracking anti-feature could be dropped. NonFreeNet is caused by BillingClient, and NonFreeDep by BillingClient, Wear & GMS. So I might ask a little too much here – still, I try.