Question on permissions
Closed this issue · 2 comments
Checklist
- I am able to reproduce the bug with the latest version.
- I made sure that there are no existing issues - open or closed - which I could contribute my information to.
- I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise.
- This issue contains only one bug.
Affected version
current
Steps to reproduce the bug
Note ahead: your discussions link gives a 404, so I have to pick another issue type here.
My scanner just reported on today's update:
! repo/com.thehcj.quacker_303000.apk declares sensitive permission(s): android.permission.CAMERA android.permission.READ_EXTERNAL_STORAGE
! repo/com.thehcj.quacker_303000.apk contains signature block blobs: 0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)
Could you please clarify the permissions? Thanks in advance! The DEPENDENCY_INFO_BLOCK
is easily healed btw:
android {
dependenciesInfo {
// Disables dependency metadata when building APKs.
includeInApk = false
// Disables dependency metadata when building Android App Bundles.
includeInBundle = false
}
}
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.
Expected behavior
n/a
Actual behavior
n/a
Screenshots/Screen recordings
n/a
Logs
n/a
Affected Android/Custom ROM version
all
Affected device model
all
Additional information
none
PS: What happened to your signing key? This release is signed with a different one than used before, so updates won't be possible. Previous sig:
Signer #1 certificate DN: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Signer #1 certificate SHA-256 digest: 45dd2d0bcc95e8e99a11fe0c8ff0d57899da4712112b83714a29e8b1bfe7c3dc
Signer #1 certificate SHA-1 digest: bdc360be6111c4edee729063565751a66b545542
Signer #1 certificate MD5 digest: 47fffb6367fc9ba91116f2b76fa6931e
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
current sig:
Signer #1 certificate DN: CN=Harley Jones, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=GB
Signer #1 certificate SHA-256 digest: 604a076cc65565bf7a6cc3df151b660963845b69685b3d8487c116dcf4ae60e0
Signer #1 certificate SHA-1 digest: 6a31f0ceaf1e83efda667c593cb03b435c4964d4
Signer #1 certificate MD5 digest: 2a7c0ae7fd53bde9eab3c09a620c23ea
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
-
These permissions were left over from the QR scanner feature and will be removed in a future update
-
The signing key was corrupt so I had to update it with a new one
Hope I cleared things up