search

vinaygopinath / launch-chat

Chat with WhatsApp, Signal and Telegram users without saving phone numbers or sharing your contacts with the app
https://f-droid.org/en/packages/org.vinaygopinath.launchchat/
GNU General Public License v3.0
132 stars 8 forks source link

Remove contacts permission? #26

Closed Glitchy-Tozier closed 7 months ago

Glitchy-Tozier commented 7 months ago

Is the currently used permission necessary? https://github.com/subhamtyagi/openinwa seems to function just fine without it.

vinaygopinath commented 7 months ago

Thanks for flagging! I'll take a look when I get to #9, which tracks the implementation of the "Select a contact" feature. In general, I'd love to limit the permissions of this app to only those that it absolutely needs.

That said, I'm not sure how the source repo is able to access contacts (I'll need to understand more about the implementation there), because the Android documentation says the READ_CONTACTS permission is required.

vinaygopinath commented 7 months ago

I was little confused by this issue and took a brief look because you'll notice that this app's AndroidManifest.xml does not declare that it uses the contact permission.

Turns out the READ_CONTACTS and WRITE_CONTACTS permissions were introduced as of 1.1.0 due to the use of the vcard4android library in the implementation of the "Register as a handler of shared contacts" feature, which is a new feature in this app compared to the source repo.

As long as this app supports receiving exported VCF (contact) files and uses this library (and possibly even with other libraries), it's not possible to remove the READ_CONTACTS and WRITE_CONTACTS permission, even though this app does not access contacts in circumstances other than reading the contact shared with it, and does not write to contacts at all.

Glitchy-Tozier commented 7 months ago

Understood, thank you for the explanation!