However, it seems that it missed the “check” and “request” operation in the following call chain starting from the AppAdapter.onBindViewHolder(AppViewHolder appViewHolder, int i) activity if permission is not granted.
This may lead to a SecurityException or related functions unavailable if the user denies the storage permission but still calls the API in this chain, resulting in bad user experience.
@javiersantos @dkanada
Could you help me review this issue? Thx
Issue description
Hi, in openapk v1.2.1, we found a dangerous API usage (https://github.com/dkanada/openapk/blob/master/app/src/main/java/com/dkanada/openapk/utils/AppPreferences.java#L27) which requires Manifest.permission.WRITE_EXTERNAL_STORAGE in accordance to the Android official documentation (https://developer.android.com/reference/android/os/Environment?hl=en#getExternalStorageDirectory()).
However, it seems that it missed the “check” and “request” operation in the following call chain starting from the AppAdapter.onBindViewHolder(AppViewHolder appViewHolder, int i) activity if permission is not granted.
This may lead to a SecurityException or related functions unavailable if the user denies the storage permission but still calls the API in this chain, resulting in bad user experience.
@javiersantos @dkanada Could you help me review this issue? Thx