Open IzzySoft opened 10 months ago
mrrfv
commented
10 months ago The READ_PHONE_STATE permission isn't defined in the app's AndroidManifest.xml, so it could just be automatically granted/assigned by Android for compatibility with older OS versions, or Flutter's work. I'll look deeper into this next weekend.
IzzySoft
commented
10 months ago Thanks! A good guess would be one of those wide-spread instructions to use that to "stop work" on incoming phone calls (which could be achieved by listening to the AudioFocusChanged broadcast as well – a less known, but also less intrusive variant). I could see that it would not be ideal to deal with e.g. call logs when a call is incoming/in progress.
As your app already deals with all other call data anyhow, the "privacy effect" READ_PHONE_STATE adds should be minimal, though – but as my scanner popped it up I thought it cannot hurt to make sure.
My scanner just got additional checks implemented, and promptly reported a bunch of "potential dangerous permissions" found. While I added most of them to your app's allow-list immediately (as they are covered by the purpose of your app), one questionable candidate remained: you certainly do not backup/restore the phone state :see_no_evil: So what for does your app need
READ_PHONE_STATE?Thanks in advance for clarification!