nicorac
commented
7 months ago android:usesCleartextTraffic: your app doesn't even request INTERNET, so what cleartext traffic is needed?
BCR-GUI is a webapp, running with Capacitor. That config param is added by their buildchain and is needed (at debug time) to let hot-reload feature work with the internal http (not https) dev server. Sadly they add this config to a committed source file, so it got commited in my sources.
To avoid it, I've added a forced configuration that reverts it to false for production builds.
Do you really need READ_EXTERNAL_STORAGE then, and what for?
No, I don't. And I've never used it! It was a leftover from when I was testing the best way to access recordings; I was hoping to avoid SAF... but I finally gave up and used it 😔. Removed in v1.2.0, thanks for pointing it out 👍
But what for do you need to write contacts?
You can search for an existing contact and update recording metadata with its name. But you can also create a new contact based on the selected phone number.
Contacts permission is optional: if the user denies it, a popup will appear notifying that the action is not available. I've updated the README page to better explain it.
IzzySoft
My scanner just got additional checks implemented, and immediately reported for today's update of your app:
Could you please clarify what those are needed for?
android:usesCleartextTraffic: your app doesn't even requestINTERNET, so what cleartext traffic is needed?READ_EXTERNAL_STORAGEthen, and what for?READ_CONTACTS(for showing contact details along the recordings which probably only have the phone number associated). But what for do you need to write contacts?Thanks in advance for clarification!