search

Sensirion / SmartGadget-Android

Deprecated and not maintained anymore. The Sensirion Smart Gadget app allows you to establish a BLE (Bluetooth Low Energy) connection to your Sensirion Smart Gadget. The app displays the current temperature and relative humidity values measured by the integrated sensors.
BSD 3-Clause "New" or "Revised" License
30 stars 15 forks source link

Permission <READ_PHONE_STATE> is declared but not used #39

Closed denis-bogdanas closed 7 years ago

denis-bogdanas commented 7 years ago

Hello, I'm Denis Bogdanas, a research assistant at Oregon Stat University. I'm working on a tool that automatically introduces runtime permission checks and requests for Android 6 apps. As part of this study I analyzed this app. I was looking at the way permissions are referred in the code.

This app declares permissions in the apk manifest, but doesn't have any code that requires them. It is possible that source code doesn't declare the permissions. I only analyzed apk builds from f-droid. Yet android build mechanism may introduce them when the app uses certain libraries:

https://commonsware.com/blog/2015/06/25/hey-where-did-these-permissions-come-from.html

It won't create any problems on Android 6, but on Android 5- users may wonder why the app needs these permissions and be skeptical of installing the app.

Do you think this is an issue?

best regards, Denis

MBjoern commented 7 years ago

The READ_PHONE_STATE was introduced by a dependency we had in the application. The permission will be removed in the upcoming release. Thank you for mentioning it.