Closed IzzySoft closed 6 months ago
android.permission.ACCESS_COARSE_LOCATION android.permission.ACCESS_FINE_LOCATION
Access to BLE broadcasts is guarded behind location permissions in earlier Android versions, e.g. you could locate someone by scanning for nearby known broadcast sources.
android.permission.ACCESS_BACKGROUND_LOCATION
Depending on what scan mode is used (e.g. not "only when app is open"), then scanning happens in a background service without the app being open. Due to BLE again being grouped under "location", it's the same permission as the one for background GPS access.
I don't think I have tested how this interacts with the newer BLUETOOTH_SCAN
permission, but for backwards compatibility, we can't drop this anyways :slightly_frowning_face:.
android.permission.SYSTEM_ALERT_WINDOW
To display the pop-up window with battery infos, when the airpods case is opened.
android.permission.BLUETOOTH_SCAN
This is the new permission that replaces the location permission in newer Android versions.
CAPod needs both to support that range of Android versions.
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.
Is it necessary for Google Play though? Only exclude it in one of the build flavors?
Thanks for the details, Matthias! I was aware that location had something to do with Bluetooth on earlier Android versions but could not pin-point it out of my head. Set up all mentioned permissions with your explanations now, so no warnings for them anymore:
Is it necessary for Google Play though? Only exclude it in one of the build flavors?
I don't know if it is necessary for PlayStore – but maybe doesn't hurt having it there. You could also just disable it for APKs, so if you upload AABs to Play they'd still have it.
My scanner got a few additional checks back in January, and on today's update reports:
Could you please clarify what those permissions are needed for? Thanks in advance!
Oh, and that
DEPENDENCY_INFO_BLOCK
is easy to avoid:For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.