Open drasticactions opened 1 year ago
We've added this issue to our backlog, and we will work to address it as time and resources allow. If you have any additional information or questions about this issue, please leave a comment. For additional info about issue management, please read our Triage Process.
Verified this issue, still repro. https://github.com/dotnet/maui/blob/main/src/Compatibility/Maps/src/GTK/MapRenderer.cs#L296-L330
Description
The GTK MapRenderer (A compatibility control that I'm not sure can be used with MAUI proper) uses an interesting way of getting a user's location.
https://github.com/dotnet/maui/blob/main/src/Compatibility/Maps/src/GTK/MapRenderer.cs#L296-L330
We're calling out to
http://checkip.dyndns.org/
to get a user's IP Address. Then, we feed that tohttp://freegeoip.net
to get the user's general location. This has multiple negative implications. I don't think a user agrees to use those services when they use that control. They can't control if they allow their position to be used. It's also using 'http' endpoints.This was most likely copied directly from Xamarin.Forms and never changed (judging by the history of the file and that the last commit was the renaming of files, I think that's right) but even if you can't actively use it, it should be either fixed or removed. Having non secure endpoints being used for geolocation and not something either based on platform code or something a user opts into isn't good, IMO.
Steps to Reproduce
Look at the code I linked to.
Version with bug
Unknown/Other (please specify)
Last version that worked well
Unknown/Other
Affected platforms
Other (Tizen, Linux, etc. not supported by Microsoft directly)
Affected platform versions
GTK (Linux?)
Did you find any workaround?
No response
Relevant log output
No response