search

sunilpaulmathew / De-Bloater

An application using the power of Magisk to debloat unwanted system apps!
https://sunilpaulmathew.github.io/De-Bloater/
GNU General Public License v3.0
477 stars 20 forks source link

question on permissions #41

Open IzzySoft opened 1 month ago

IzzySoft commented 1 month ago

May I ask what android.permission.READ_PHONE_STATE and android.permission.READ_EXTERNAL_STORAGE are requested for? The scanners here at IzzyOnDroid just reported them to me :wink: Thanks in advance!

sunilpaulmathew commented 1 month ago

May I ask what android.permission.READ_PHONE_STATE and android.permission.READ_EXTERNAL_STORAGE are requested for? The scanners here at IzzyOnDroid just reported them to me 😉 Thanks in advance!

Regarding android.permission.READ_PHONE_STATE: As we discussed sometimes in the past, I really do not know. It is not declared in the manifest file of this app, as well as in none of the manifest files of my own library (sCommon & RootFilePicker) that I am using. It could be declared in some external libraries that I used. Anyway, my app never ever uses that permission to monitor the call details of users (anybody can check the source code).

The second permission should be acquired because my app declared "android.permission.WRITE_EXTERNAL_STORAGE" in the manifest, which is related to exporting/restoring De-Bloater profiles.

IzzySoft commented 1 month ago

Anyway, my app never ever uses that permission to monitor the call details of users

eh, kinda over-specific dementi :stuck_out_tongue_winking_eye: "does not use it" would suffice. Mind giving Removing Unwanted Manifest Permissions With tools:node a try there?

The second permission should be acquired because my app declared "android.permission.WRITE_EXTERNAL_STORAGE"

If it would have been implied, it would have a trailing asterisk – but it does not. It's nowhere in your code (according to a Github search at least), so it must have been dragged in by some dependency. Not sure which, though. Not many candidates, either. Funny, none of the two direct deps have it declared either…

sunilpaulmathew commented 1 month ago

Anyway, my app never ever uses that permission to monitor the call details of users

eh, kinda over-specific dementi 😜 "does not use it" would suffice. Mind giving Removing Unwanted Manifest Permissions With tools:node a try there?

Just wanted to be clear :) & I would have a look on the permission things once I deal with other stuff.

The second permission should be acquired because my app declared "android.permission.WRITE_EXTERNAL_STORAGE"

If it would have been implied, it would have a trailing asterisk – but it does not. It's nowhere in your code (according to a Github search at least), so it must have been dragged in by some dependency. Not sure which, though. Not many candidates, either. Funny, none of the two direct deps have it declared either…

It is not necessary to declare "android.permission.READ_EXTERNAL_STORAGE" if "android.permission.WRITE_EXTERNAL_STORAGE" is declared (that is in our case).

IzzySoft commented 4 weeks ago

Well, as long as the two are there and cannot be added to the "green list" with a proper reason, they'll show up as warnings:

image