Permissions and Privacy Information

[issuant]

A note app that does not arbitrarily call out to the internet has been hard to find and there is no information about the permissions EasyNotes utilizes (internet for example) or their privacy implications.

[Kin69]

First of all, the app doesn't require internet permission; it requires ACCESS_NETWORK_STATE, which allows it to check if the network is connected. These permissions are added by a third-party library, Glance (widget), which for some reason needs them. I will try to block the ACCESS_NETWORK_STATE permission in the app manifest, but other permissions may be necessary for the widget's functionality. Additionally, Glance isn't just a random library from the internet; it's an official Android library for creating widgets. I will also create a Privacy Policy in the README.md file.

[issuant]

It seems I was not clear.

I do not actually know what permissions Easynotes requires. I was just pointing out I have been looking for an Android notes app that was featureful with good aesthetics yet also private and Easynotes seemed to be the closest, but I could not find information about its privacy/permissions situation. This is simply a feature request for information on that.

[Kin69]

So you are looking for a Privacy Policy like this https://github.com/Kin69/EasyNotes/wiki/Privacy-Policy?

[issuant]

That's good.

I never did check it myself and I no longer have it installed as I am primarily waiting for e2ee and app lock to be implemented and stable but if the app is as 'dead silent' as Aegis authenticator (no background data usage even with wifi/mobile data on), I can't wait to begin using this.

[derei]

@issuant

To answer your question:

(if you have any questions regarding the permissions, let's say, if you are unable to find documentation and explanation for them - which I strongly doubt, anyway - please ask here and I'll be happy to provide clarifications).

[issuant]

@derei

Thanks. My only question would be about the last two permissions, especially DYNAMIC_RECEIVER. What app are you using to observe these btw?

[derei]

@issuant

The permission is added to the app automatically and is meant as a security measure against unprotected broadcasts. In my understanding, what this specific permission does, is preventing the registered broadcast receiver to be visible to other apps. Which is a good thing 😜

https://stackoverflow.com/questions/74146297/android-adding-dynamic-receiver-not-exported-permission-in-release-build

Now, regarding sensors permission, that permission has been introduced with Android 11 and it manages sensors such as environmental (temp, pressure, humid.), proximity, motion, etc. Whilst I can't tell 100% why the app needs it, it could potentially be for preventing accidental touches when editing a note. Perhaps @Kin69 can clarify this.

Overall, the app doesn't send anything out, because it has no internet access permission, no call or sms permission, so it has no means to send data out. I disabled the sensor permission in app settings and there was no visible consequence. It's also possible to be part of the widget. Again, the author could bring some light over this.

This app is in its early dev stage, you can see there are incomplete settings menus and non-functional menu entries... this may also suggest that some permission may be there for some work in progress feature.

[derei]

@issuant

The app I used in this case is Permission Pilot https://apt.izzysoft.de/fdroid/index/apk/eu.darken.myperm

But you could also use Exodus https://f-droid.org/packages/org.eu.exodus_privacy.exodusprivacy/

[issuant]

That makes sense. Thanks for the links.

[Kin69]

In the latest update, the permissions that were previously added by the widget plugin have been removed, as they are no needed. It appears this might be a bug on the module’s side.