Make it possible to control application permissions
link2xt opened this issue · 2 comments
Currently every app that uses DecSync requires storage permission (on Android). If I use DecSyncCC and DecSync-capable RSS reader, the RSS reader is able to access my contacts. Same for every application that can access my storage for whatever reason.
Instead, there should be a "keyring" application, similar to OpenKeychain, which can allow or deny access to various parts of the key-value store to applications. All other applications should use it to request access to a particular namespace.
Only Syncthing and the "keyring" application should have access to the raw storage. Not sure how to achieve it without Syncthing modification, need input from Android developers.
It is indeed currently a problem that every application with storage access can read all data stored by DecSync. It would be nice if the files are more private. However, Syncthing (or any file sync application) still has to access the files. I don't know how to have better permissions, especially if we still want it to work for all file sync applications, not only Syncthing.
Another solution would be to encrypt the files with a passphrase. This way, it is not a big problem that other applications can read the files. And Syncthing can just sync the encrypted files, so it doesn't need to know the passphrase. If you even use different passphrases for different data, the RSS reader cannot access your contacts.
I have created an issue in Android library repository: 39aldo39/libdecsync-android#1
Another solution would be to encrypt the files with a passphrase.
This solves the problem of preventing apps with storage permissions from reading the database. It is still desirable to have this kind of "keyring" application even if you encrypt the storage, because it will allow you to use the same encryption key for the whole storage, and you only have to enter the passphrase once.
Closing this issue, since it is only related to Android.