Open IzzySoft opened 5 months ago
Scanner report for today's update reads:
! repo/com.app.openlib_2008.apk declares sensitive permission(s): android.permission.READ_MEDIA_IMAGES android.permission.READ_MEDIA_AUDIO android.permission.MANAGE_EXTERNAL_STORAGE android.permission.READ_EXTERNAL_STORAGE
I guess
READ_EXTERNAL_STORAGE
is for eading downloaded material (asWRITE_EXTERNAL_STORAGE
is to save eBooks; together withMANAGE_EXTERNAL_STORAGE
on Android 11+). Can you confirm this?What I however do not understand (at least going by the app description) is what media access (images and audio) is needed for. A clarification would be much appreciated!
As for
DEPENDENCY_INFO_BLOCK
: this can probably be avoided easily via some gradle settings:android { dependenciesInfo { // Disables dependency metadata when building APKs. includeInApk = false // Disables dependency metadata when building Android App Bundles. includeInBundle = false } }
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.
The above permissions are used because on some devices, the EPUB reader works properly with them, and the upcoming update of the app would use a separate folder to store the book.
So the next release comes without those permissions? Then I'd say no further action needed for that – which would only leave the DEPENDENCY_INFO_BLOCK
(to be handled at your convenience; trouble with that one is mostly that it's an "opaque block". Though there are POCs that such blocks can easily be abused to store payload and other "things", so it might be a good idea to address this: what's not there cannot cause issues. And apart from Google, nobody can even read it, not to speak of doing something useful with it).
No , The permissions are required for the EPUB package and will add support for direct folder for the app
Will you able to fix this DEPENDENCY_INFO_BLOCK
The permissions are required for the EPUB package and will add support for direct folder for the app
I can see that for READ_EXTERNAL_STORAGE
and MANAGE_EXTERNAL_STORAGE
(which I added to the "allow-list" for your app, so those will no longer trigger warnings here) – but READ_MEDIA_AUDIO
and READ_MEDIA_IMAGES
? There shouldn't be eBooks stored to the media directories, so I wonder why those permissions should be needed.
Will you able to fix this DEPENDENCY_INFO_BLOCK
See above, it's just adding a few lines to your build.gradle
:
android {
dependenciesInfo {
// Disables dependency metadata when building APKs.
includeInApk = false
// Disables dependency metadata when building Android App Bundles.
includeInBundle = false
}
}
Okay 👍 will sure add it
Looks like you forgot:
! repo/com.app.openlib_2009.apk declares sensitive permission(s):
android.permission.READ_MEDIA_IMAGES android.permission.READ_MEDIA_AUDIO
! repo/com.app.openlib_2009.apk contains signature block blobs: 0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)
The media permissions are still there, and so is the blob…
Will sure remove it. Thank you
Scanner report for today's update reads:
I guess
READ_EXTERNAL_STORAGE
is for eading downloaded material (asWRITE_EXTERNAL_STORAGE
is to save eBooks; together withMANAGE_EXTERNAL_STORAGE
on Android 11+). Can you confirm this?What I however do not understand (at least going by the app description) is what media access (images and audio) is needed for. A clarification would be much appreciated!
As for
DEPENDENCY_INFO_BLOCK
: this can probably be avoided easily via some gradle settings:For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.