MANAGE_EXTERNAL_STORAGE

[IzzySoft]

My scanners improved engine just sent me this report:

repo/org.cagnulein.qzcompanionnordictracktreadmill_108.apk declares risky permissions: android.permission.MANAGE_EXTERNAL_STORAGE

As this permission is rather considered "risky" and reserved to file managers and such, may I ask if it's really needed here – and if so, what for? Maybe SAF (Storage Access Framework) would be sufficient for file system access?

[cagnulein]

Hi @IzzySoft actually I added it from the beginning and I don't know if it's really important for this app. One thing that you may don't know about this app is that it's not for classic phone or tablet, but it's for nordictrack tablet that has a particular android flavour system. So actually I really don't mind about security and stuff, since the user that it's installing this he's aware about the fact that it's hacking his tablet :)

[IzzySoft]

since the user that it's installing this he's aware about the fact that it's hacking his tablet

Someone installing Magisk, Xposed etc) also is aware of that :wink: So IMHO especially with such risks, one should not add more risks on top.

Granted, I have no idea of the specific Android flavor on this particular device.But as you don't know if that permission is really needed, could you please verify? I mean, if it's as simple as not declaring that permission, and everything still works all the same, maybe that's worth the little effort? I'm no Android dev, so I cannot tell how much work it would otherwise be to e.g. switch from "direct file access" to SAF – but from the reports I received from other apps, I got the idea it is not too much.

[cagnulein]

Granted, I have no idea of the specific Android flavor on this particular device.But as you don't know if that permission is really needed, could you please verify? I

the problem is that I don't have a nordictrack device, but even if I had one, there are literally A TON of different android versions: one for each type of treadmill. So it's literally impossible to know if removing that line will break something for someone.

So I strongly suggest to don't change anything.

[IzzySoft]

Thanks, understood. And I guess it makes no sense to ask again later (as that report would pop up with each new release), so I somehow need to suppress it on my end then. Will do that, thanks!

[IzzySoft]

Done.

[cagnulein]

Thanks a lot!

Il giorno ven 19 gen 2024 alle 17:43 Izzy @.***> ha scritto:

Done.

— Reply to this email directly, view it on GitHub https://github.com/cagnulein/QZCompanionNordictrackTreadmill/issues/77#issuecomment-1900744221, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAALYWHL5FS6G4K4RNMMP43YPKPBRAVCNFSM6AAAAABCA3T4X2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBQG42DIMRSGE . You are receiving this because you commented.Message ID: @.*** com>