Question on permission

[IzzySoft]

My updater just reported on the recent version:

! repo/org.nuclearfog.apollo_34.apk declares sensitive permission(s):
  android.permission.ACCESS_MEDIA_LOCATION
! repo/org.nuclearfog.apollo_34.apk contains signature block blobs: 0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

Can you please clarify why a media player would need to obtain the location from media? AFAIK this doesn't mean where it's stored, but where it was recorded (like GPS position).

DEPENDENCY_INFO_BLOCK can be easily avoided btw:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.

Thanks in advance!

[nuclearfog]

That's my fault, I thought that this permission was needed for scoped storage. I have removed this permission 3e860eed6880bf25c8fe88a862d1ef8433a1073e

[IzzySoft]

Thanks! Then I ignore that for now, and the next release will clear it up automatically. And right, with READ_MEDIA_AUDIO (for the "music tracks") and READ_MEDIA_IMAGES (for "album art") you should be fine on scoped storage. Both are already there.

If the DEPENDENCY_INFO_BLOCK is fixed as well, the issue can be closed I guess. Thanks once more for your swift action!

[nuclearfog]

i've fixed this fab49040f33d3fb1ff336472de4a73d6cd13c014 I'll create a new release

[IzzySoft]

Confirmed, thanks! All warnings are gone :star_struck: