search

MohGovIL / Ramzor

https://corona.health.gov.il/en/ramzor-model
Creative Commons Zero v1.0 Universal
20 stars 11 forks source link

Explain android permissions & remove not needed permissions #12

Closed emanuelb closed 3 years ago

emanuelb commented 3 years ago

From AndroidManifest

<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.CAMERA"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="com.moh.alert.ramzor.deveventspermission"/>

From GooglePlay:

This app has access to:
Location

    approximate location (network-based)
    precise location (GPS and network-based)

Phone

    read phone status and identity

Photos/Media/Files

    read the contents of your USB storage
    modify or delete the contents of your USB storage

Storage

    read the contents of your USB storage
    modify or delete the contents of your USB storage

Camera

    take pictures and videos

Device ID & call information

    read phone status and identity

Other

    view network connections
    full network access
    run at startup
    prevent device from sleeping

see for example explanation of other apps: https://support.signal.org/hc/en-us/articles/360007062172-Signal-Permissions#android_permissions https://support.mozilla.org/en-US/kb/how-firefox-android-use-permissions-it-requests

Please explain all used permissions in the android app, why they are needed & for what usage, remove unused or not necessary permissions.

You can read the related IsraelDefense article in hebrew: https://www.israeldefense.co.il/node/48468

דעה | אפליקציית ״רמזור״ מבקשת הרשאות שאינן מידתיות למהות היישום פלוני יכול לחשוב שאפליקציית ״רמזור״ שפרסם משרד הבריאות, היא אפליקציית ריגול בכסות ממשלתית.

svetamorag commented 3 years ago

Done. The "read phone status and identity" is not requested by the app manifest. We still checking it.

Kafow commented 3 years ago

Why do you need to access location in the background? According to your specs you only use it to assess the user current city to give him guidelines, such thing shouldn't be in the background.

svetamorag commented 3 years ago

We use background location services to monitor movement between cities and notify you about the guidelines in the updated location. We are still testing this feature, but it will be available shortly or removed from the app include the permissions.