Remove SYSTEM_ALERT_WINDOW permission

[jermanuts]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

This permission makes it possible to draw over other apps which is security risk and I don't think Stack Wallet makes use of that permission anyways, so having it is pointless. If you want some kind of protection and prevent apps from drawing over Stack Wallet, you could use HIDE_OVERLAY_WINDOWS which will increase Stack Wallet security.

Expected Behavior

Stop using this permission and use the other recommended permission for enhanced security.

Reproduce Steps

.

Environment

.

Logs

No response

Further Information

https://code.briarproject.org/briar/briar/-/issues/956#note_20639

https://blog.nviso.eu/2021/05/11/new-malware-family-now-also-targets-belgian-financial-apps/

[julian-CStack]

We don't use that permission https://github.com/cypherstack/stack_wallet/blob/main/android/app/src/main/AndroidManifest.xml
Its possible some library uses it. Could you point to where you've found it being used?

[jermanuts]

https://reports.exodus-privacy.eu.org/en/reports/com.cypherstack.stackwallet/latest/

Play Store