question on permissions

[IzzySoft]

At IzzyOnDroid, the scanner reported

! repo/com.github.warren_bank.bookmarks_2000309.apk declares sensitive permission(s):
  android.permission.READ_EXTERNAL_STORAGE android.permission.SYSTEM_ALERT_WINDOW
  android.permission.MANAGE_EXTERNAL_STORAGE

Could you please clarify what those are needed for? Especially MANAGE_EXTERNAL_STORAGE sounds a bit excessive for a bookmarks manager. The corresponding comment in your AndroidManifest.xml says "required by Android 11+ to use the file picker" – you sure about that? Hard to believe as PlayStore only permits this permission for file managers and such.

Thanks in advance!

[warren-bank]

without digging into the code too deeply.. off-hand, I'd say that:

• MANAGE_EXTERNAL_STORAGE is used not only for import/export of bookmarks,
  but also works in combination with the PublicFileProvider
  • presumably, when the data URI for a bookmarked Intent refers to a file: protocol and the Intent is being started.. it will be replaced by a URI for the file provider.. which only works if the app has permission to access the file
• SYSTEM_ALERT_WINDOW has a notation beside it that explains that it's needed when a bookmarked Intent is being started in the background as the result of a scheduled alarm going off
  • bookmarked Intents can be scheduled to start automatically at a given time, or a given interval.. etc
  • this looks like it worked fine without this permission through Android 9, but was needed to account for changes in Android 10+

[IzzySoft]

android.permission.SYSTEM_ALERT_WINDOW

Straight to the "green list" then with it, thanks!

MANAGE_EXTERNAL_STORAGE

May I ask you to make sure? If that would be the case, it would somehow contradict the Playstore rule that only file managers and such should request this permission. So maybe your description applies to android.permission.READ_EXTERNAL_STORAGE, and MANAGE_EXTERNAL_STORAGE is not needed?

[warren-bank]

READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE are legacy permissions.. modern Android silently ignores them

[IzzySoft]

You are sure about that? Any reference? And where does "modern" begin? With SAF between Android 5 and 11, there are all kind of different combinations needed. IIRC some of them involved those two as well. Only around 11/12 the move to MANAGE_EXTERNAL_STORAGE was made, unless I'm mistaken. And apps requesting that one need to strongly justify it to even have a chance to get listed at Play. So I hope you forgive me being overly skeptic concerning that permission.

[warren-bank]

wrt storage, when I refer to "modern" Android.. I'm referring to scoped storage.

here is where the Android 11 update says that the "legacy" permissions are now ignored.

here is where they mention the one exception: in Android 10, apps can opt to continue to use "legacy" permissions (rather than scoped storage) by specifying "requestLegacyExternalStorage" attribute in the manifest. This exception only exists for Android 10.

so.. any of my apps that require the file system include both "legacy" permissions (to run on older versions of Android, including A10 w/ "requestLegacyExternalStorage") and "modern" permissions.. and since scoped storage doesn't allow for 99% of the things that I use the file system for.. I pretty much always add "MANAGE_EXTERNAL_STORAGE" so the apps will continue to work.. no major rewrites necessary.

is using this permission liberally a big middle finger to Google? ..maybe, but Google doesn't own my phone.. I do. At the risk of channeling my inner Dolph Lundgren in Rocky 4.. I write my apps for me.. and if anyone else finds them useful.. bonus.

[IzzySoft]

here is where the Android 11 update says that the "legacy" permissions are now ignored.

Ah, so we're talking about the same, good. Now, what's the minimum Android version supported by Bookmarks? 2.3, right? Good old Gingerbread. So plenty of Android versions NOT ignoring the two :wink: But yeah, that's exactly your point to include them. Gotcha.

I pretty much always add "MANAGE_EXTERNAL_STORAGE" so the apps will continue to work.. no major rewrites necessary.

I get the idea, yes. But from a privacy/security standpoint, that's not ideal. Quoting from the first link:

Keep in mind that, on devices that run Android 10 (API level 29) or higher, your app can contribute to well-defined media collections such as MediaStore.Downloads without requesting any storage-related permissions. Learn more about how to request only the necessary permissions when working with media files in your app.

:man_shrugging: Just saying. I won't press you of course, it's your app. I don't care about Google (if you need additional middle fingers, let me know – I gladly provide mine in that direction). I more care about privacy & security here. Not because I wouldn't trust you – but what's not there cannot be abused, e.g. by "attackers".

Google doesn't own my phone

And they shouldn't. Which is why mine are all de-googled, so they can't keep it hostage.

I write my apps for me.. and if anyone else finds them useful.. bonus.

Fair enough. I voiced my concerns – you listened. Can't ask for more if you don't agree, full ack there. That leaves the question what we do with the "green list" then:

• add it blindly to avoid the warnings in my inbox (perm will still show as warning in the repo browser)
• addd it with an explanation – preferable, but how do we put that properly into max ~50 chars? Any suggestion?