Remove unnecessary permissions #35
Comments
|
The app needs the Bluetooth permission for video calls, to pair with audio headsets. Regarding the network permissions, there are some settings that depends on them. See https://support.signal.org/hc/en-us/articles/360056044831-Data-Usage-Options-Wi-Fi-Cellular-jobs- But the app doesn't make any changes to the connectivity of the device, or the WiFi. So I guess some permissions are not needed at all and can be removed. I have to take a look at it. |
valldrac
added
upstream
valldrac
changed the title
As an alternate, couldn't the user pair with their headset system wide? Then all audio will be routed to the headset, and the apps needn't bother about it? (Genuine question; I don't have BT headsets, but this is how I am imagining BT headsets would work) |
Reading through the docs, it looks like |
|
The new device transfer feature via Wifi Direct, introduced in Signal v.5.5.0, requires some of the removed permissions, according to https://developer.android.com/training/connect-devices-wirelessly/wifi-direct. I had to add the following permissions again:
|
|
Please remove "change network connectivity", "change your audio settings", "download files without notification", "read sync settings", "toggle sync on and off". Only I can do these actions. I am the law on my device. Bluetooth headphones lovers have put us in a bad security state. Make a fork for these heroes. Security first. |
Similar to #23 but coming from a different requirement: Would it be possible to create a flavour with fewer permissions, especially the non-deniable permissions?
For example, these seem non-criticial because I can get the same functionality from OS settings:
The text was updated successfully, but these errors were encountered: