What is READ_PHONE_STATE needed for? #101
Comments
|
The |
|
Thanks! A good guess would be one of those wide-spread instructions to use that to "stop work" on incoming phone calls (which could be achieved by listening to the AudioFocusChanged broadcast as well – a less known, but also less intrusive variant). I could see that it would not be ideal to deal with e.g. call logs when a call is incoming/in progress. As your app already deals with all other call data anyhow, the "privacy effect" |
|
May I ask what you found that weekend, @mrrfv? Because the scanners here were complaining again with the latest update: The latter is easily avoided by a little addition to your android {
dependenciesInfo {
// Disables dependency metadata when building APKs.
includeInApk = false
// Disables dependency metadata when building Android App Bundles.
includeInBundle = false
}
}For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains. More details can be found e.g. here: Ramping up security: additional APK checks are in place with the IzzyOnDroid repo. PS: If you cannot figure where the |
My scanner just got additional checks implemented, and promptly reported a bunch of "potential dangerous permissions" found. While I added most of them to your app's allow-list immediately (as they are covered by the purpose of your app), one questionable candidate remained: you certainly do not backup/restore the phone state 🙈 So what for does your app need
READ_PHONE_STATE?Thanks in advance for clarification!
The text was updated successfully, but these errors were encountered: