search

termux / termux-boot

Termux add-on app allowing programs to be run at boot.
https://f-droid.org/en/packages/com.termux.boot
931 stars 219 forks source link

Security warning from Google #156

Closed xim closed 1 year ago

xim commented 1 year ago

Problem description Screenshot_20230609-191150

Steps to reproduce Fresh pixel phone with Android 13 and latest patches (May security update)

Installed F-droid, then installed Termux and Termux:Boot from F-droid.

Expected behavior No security warning

Additional information

xim commented 1 year ago

See also https://gitlab.com/fdroid/fdroiddata/-/issues/2889

sylirre commented 1 year ago

...install unwanted software... - pretty strange warning from Play Protect. Termux:Boot doesn't request permission for installing software. In fact, the boot add-on has very few permissions. You can check its AndroidManifest file.

Termux app indeed has such permission. But it doesn't trigger Play Protect which is also strange.

I know Termux:Boot too often detected as software with functionality that can be considered by malicious. This is false positive (assuming you get the app from authentic source). Possible causes of that are: device boot event receiver, very low code size (APK size less than 12 KB), code is easy and can be potentially interesting for use in trojans.

Closing as a wontfix for now. I think the only way to mitigate the issue is to merge boot add-on with Termux app (eventually will happen).