[Help Wanted] Export Data now asks for permission to photos on Android

[mcgd2]

Describe the issue I use "Export Data" on Android every once in a while to back up my notes locally. I always choose "save to disk" without any problems. I just tried exporting my data and now it is asking for permission to access my photos. Why is that? I don't want to grant standardnotes this permission but it doesn't let me save the export if I don't. Is this a bug?

I'm using version 3.6.16 (latest).

[antsgar]

Hi @mcgd2! Thank you for reaching out 🙂 since backups can now be imported on mobile and to ensure compatibility with newer Android versions, we're now saving the backups to the Downloads folder so that they can later be accessible by the files manager in order to be imported. The permission requested is to write to the storage, so it doesn't mean the app will have read access to your files or photos.

[mcgd2]

Thanks @antsgar for the explanation but one of the app's main principles is privacy (and this is the reason I'm using it) and this permission seems very much against it. Maybe if the user declines to grant access, then you could write in the directory that you were using beforehand (that doesn't require the extra permissions)? I understand the reasoning you provided but "granting access to photos" for a privacy-first notetaking app just rubs me the wrong way and feels unnecessary.

[JaspalSuri]

Hi @mcgd2, thanks for the suggestion; I'll pass this along to the dev team for further review. 🙂

For what it's worth, on version 11 of vanilla/stock Android, the permission is named Files and Media, so while that is more broad, it isn't specifically about one's photos. We care about your privacy, which is why the apps are open-source and users have the ability to self-host the syncing server & sign into it.

[mcgd2]

Thanks @JaspalSuri. I totally get what you and @antsgar are saying. One has to balance usability and security properly. IMHO, the advantage in usability in this case is minimal compared to granting read/write access to the filesystem. A privacy-first app (again IMHO) should be very conservative in its permissions. I know SN cares about user's privacy and this is why I found it strange when I saw the new permission dialog. The Android security fragmentation model may be too liberal but that's another issue.

I think writing to the old directory if the user declines to grant filesystem access is not too much added complexity to maintain and could provide some extra peace of mind.

[mcgd2]

It seems like the new version writes to the old directory again (no new permissions asked)! Thanks!

[JaspalSuri]

You're very welcome on behalf of @antsgar! If the user declines the permission, it should default to that directory. I guess that since you've already declined it, it is writing there automatically. 🙂

[mcgd2]

@JaspalSuri @antsgar, Just a heads up, I noticed that the "Last updated at [date]" label is not getting updated when taking a backup (when the user has declined the permission).

[JaspalSuri]

@mcgd2, thanks for letting know. Are the note contents not being updated as well, or are only the timestamps affected?

[mcgd2]

@JaspalSuri Just the timestamp in Settings, I didn't notice any problem on the backup itself (just took a quick look). Btw on some notes I saw "updated_at": "1970-01-01T00:00:00.000Z", is this a bug?

[JaspalSuri]

Thanks for verifying that info!

That appears to be a bug; thanks for bringing it to our attention; we'll investigate it and try to reproduce it on our end.

[myreli]

It seems like this issue is unlikely to receive more interaction, so I'll close it.

(This is a community effort to triage older issues in the forum. If this was a mistake please feel free to re-open the issue.)