Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privacy problem related to android.permission.MY_READ_INSTALLED_PACKAGES #153

Open
pierresh opened this issue Sep 8, 2022 · 4 comments
Open

privacy problem related to android.permission.MY_READ_INSTALLED_PACKAGES #153

pierresh opened this issue Sep 8, 2022 · 4 comments

Comments

@pierresh
Copy link

pierresh commented Sep 8, 2022

Hello,

Xiaomi app store has added new restrictions related to the privacy policy. It seems that this plugin reads the list of installed app on the device at the startup of the app, before the end-user could agree the privacy policy.

Below is the log provided by Xiaomi store, I could find reference to the file BadgeImpl.java:

违规行为:未经许可读取个人信息 | 获取应用列表
发生时间:2022-07-15 04:25:27 
违规md5:md5=623AB2A7B5102C49AA986E8302E397B1,
违规包名:pkg=com.app.mobile,
违规动作:action=android.permission.MY_READ_INSTALLED_PACKAGES,
违规详情:content=查询条件(Intent { act=android.intent.action.MAIN cat=[android.intent.category.INFO] 
违规包名:pkg=com.app.mobile }),输出包名(),callstack:android.app.ApplicationPackageManager.queryIntentActivitiesAsUser:1130;android.app.ApplicationPackageManager.queryIntentActivities:1077;android.app.ApplicationPackageManager.getLaunchIntentForPackage:228;me.leolin.shortcutbadger.ShortcutBadger.initBadger:192;me.leolin.shortcutbadger.ShortcutBadger.isBadgeCounterSupported:142;de.appplant.cordova.plugin.badge.BadgeImpl.<init>:54;de.appplant.cordova.plugin.badge.Badge.pluginInitialize:40;org.apache.cordova.CordovaPlugin.privateInitialize:58;org.apache.cordova.PluginManager.getPlugin:171;org.apache.cordova.PluginManager.exec:122;org.apache.cordova.CordovaBridge.jsExec:59;org.apache.cordova.engine.SystemExposedJsApi.exec:41;android.os.MessageQueue.nativePollOnce:-2;android.os.MessageQueue.next:326;android.os.Looper.loop:160;android.os.HandlerThread.run:65;

Is it possible to prevent this plugin reading the list of installed apps? This sounds not related to the badge function, thanks!
@5thgfka
Copy link

5thgfka commented Sep 18, 2022

solved?

@pierresh
Copy link
Author

solved?

No, it seems the problem actually comes from another library ShortcutBadger used by this plugin

@5thgfka
Copy link

5thgfka commented Sep 21, 2022

someone solved this issue, but also rejected by Xiaomi. Because the function loadUrl of Cordova also request that permission.

@pierresh
Copy link
Author

We finally removed this plugin and also cordova-plugin-local-notifications to get our app accepted by the Xiaomi store.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@5thgfka @pierresh