Why camera access?

[7wells]

Hello!

I get the message from Sophos Intercept X that DroidHole includes camera access, and the Android permissions confirm that camera access could be granted (by default, it is denied).

If camera access is not required, can you please remove it from the code?

Thanks for your kind consideration and great work! 👍

[JGeek00]

Hello! The application requires access to the camera to scan the QR of the API token. I discovered when reading this that Pi-hole generates the API token by hashing two times with SHA-256 the password. So DroidHole does the same, and then automatically tests the auto generated API key agnaist the server. But in case that the generated token doesn't work, the app will ask you to manually introduce the API key or to scan the QR code. That's why DroidHole could ask you at some point permission of camera access. In normal circunstances it won't be used, but as I explainded before, it could be necessary if the auto generated token doesn't work.

But in any case, the code is published here, and you can see exactly what is the app doing with the camera. I hope I have answered your question. If you have other questions about how the app works, feel free to ask me and I hope you enjoy the application.

[7wells]

Hello! Thank you so much that you took your time to answer in such detail - highly appreciated and well understood. :-) Your app is really helpful and the design is beautiful. 👍

[JGeek00]

This has changed quite a bit since that, because after v3.0.0 the authentication method is different. The password is not being used anymore, and instead of that, we are using the API token, which can be found on the web admin panel. Also access to the camera is required if you want to scan the QR code to automatically insert the API token, but the API token can also be inserted manually on it's corresponding field. Thanks for using the app and for your support.