search

stsaz / phiola

Fast audio player, recorder, converter for Windows, Linux & Android
BSD 2-Clause "Simplified" License
119 stars 7 forks source link

Question on permissions #15

Closed IzzySoft closed 9 months ago

IzzySoft commented 9 months ago

My scanner got a few more checks added recently, and on today's release of your app reported:

! repo/com.github.stsaz.phiola_20016.apk declares risky permission(s): android.permission.READ_EXTERNAL_STORAGE android.permission.MANAGE_EXTERNAL_STORAGE android.permission.RECORD_AUDIO

While RECORD_AUDIO is clear for an audio recorder (and went straight to the "allow-list") and READ_EXTERNAL_STORAGE is explained by the app supporting pre-Lollipop Android versions: why does the app need MANAGE_EXTERNAL_STORAGE?

Thanks in advance for clarification!

stsaz commented 9 months ago

why does the app need MANAGE_EXTERNAL_STORAGE?

This is because phiola provides the ability to browse the complete storage content via its Explorer tab view like a natural File Manager App. Without this, for example, I won't be able to navigate to an arbitrary directory on my sdcard and then add it to the playlist.

More info here: https://developer.android.com/training/data-storage/manage-all-files

In general, I don't see any trouble for the users here because Android explicitly asks for this permission when user first taps on Explorer tab, and after that it becomes obvious to the user that all files are seen by phiola. Also, phiola's code is open for analyzing by anyone in case someone suspects a potential threat or misbehavior...

It's also fine if someone makes a more "google-user-privacy-friendly" fork of phiola where browsing for dirs & files isn't a requirement :)

IzzySoft commented 9 months ago

browse the complete storage content via its Explorer tab view like a natural File Manager App

Thanks! So:

      android.permission.READ_EXTERNAL_STORAGE: needed for the integrated file explorer on Android 10 and before
      android.permission.MANAGE_EXTERNAL_STORAGE: needed for the integrated file explorer on Android 11+
      android.permission.RECORD_AUDIO: this is an audio recorder app

image

(in case you want some description to the remaining non-bold ones)

if someone makes a more "google-user-privacy-friendly" fork

Well… my main "target group" are those not bound to Google :wink:

That said: All gaps filled, issue solved – closing up and saying thanks once more!