nilsbraden
commented
1 year ago No I think Play Services are necessary for this, it can easily be disabled for F-Droid build
Closed licaon-kter closed 1 year ago
nilsbraden
commented
1 year ago No I think Play Services are necessary for this, it can easily be disabled for F-Droid build
licaon-kter
commented
1 year ago To clarify, you mean "Play Services" libs in the app, eg. https://github.com/nilsbraden/ttrss-reader-fork/blob/master/ttrssreader/build.gradle#L94
Or Play Services on device? (which an F-Droid user could have... not sure microG has all these stuff though)
it can easily be disabled for F-Droid build
Will you do it or we should do some more sed majik? :)
nilsbraden
commented
1 year ago So... I don't think we need to do anything. The Fdroid-Flavor only implements the corresponding class as an empty stub (see https://github.com/nilsbraden/ttrss-reader-fork/blob/master/ttrssreader/src/fdroid/java/org/ttrssreader/gui/MenuFlavorActivity.java) so the security provider is never used when installed via F-Droid.
If we wanted to allow it we would have to inlcude it in the build, I'm not sure why it was removed in the first place because as far as I know there's no privacy implication in using it, it only fixes vulnerabilities in the systems security provider and when play services are installed anyway it shouldn't make a difference.
...does it make sense? Does it even work without Play Services?
ref: https://developer.android.com/training/articles/security-gms-provider.html
I can set it to disabled by default: https://github.com/nilsbraden/ttrss-reader-fork/blob/master/ttrssreader/src/main/res/xml/prefs_ssl.xml#L25 but wondering if we need to.