Improve to 10/10 on Exodus

[kelson42]

Our assessment on Exodus is 9/10
https://reports.exodus-privacy.eu.org/fr/reports/org.kiwix.kiwixmobile/latest/

I would like to see if we can improve to 10/10

[kelson42]

@gouri-panda @MohitMaliDeveloper Do you know why we need the permissions ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION?

[gouri-panda]

ACCESS_COARSE_LOCATION for hosting the zim files and ACCESS_FINE_LOCATION for zim files transfer. d18d25d e76c05f

[kelson42]

@gouri-panda thank you for your response. If I refer to https://developer.android.com/reference/android/Manifest.permission, I have:

• ACCESS_COARSE_LOCATION "Allows an app to access approximate location". I don't understand how this could be necessary for "hosting the zim files" (which I guess you mean launching a HTTP daemon and the WIFI in Hotspot mode). Would you be able to explain please to give more details?
• ACCESS_FINE_LOCATION "Allows an app to access precise location." I don't understand how this should be necessary for anythin... and Kiwix has not feature to transfer ZIM files (to whom? how?)

[gouri-panda]

@kelson42 We use WI-FI for hosting zim files and sharing(not transfer) zim files to nearby devices. A successful WI-Fi discovery peer needs these permissions to scan available WI-Fi peers for the purpose of establishing a connection¹.

But starting from android 13 we can make this go away by adding this permission to our manifest. NEARBY_WIFI_DEVICES allows apps to manage device's connections to nearby access points over WIFI. By adding the neverForLocation value we ensure that we'll never derive location information from WIFi APIs.

 <uses-permission android:name="android.permission.NEARBY_WIFI_DEVICES"
                     android:usesPermissionFlags="neverForLocation" />

But below android 13 we need these permissions.

Footnotes

1. https://developer.android.com/guide/topics/connectivity/wifi-scan#wifi-scan-restrictions ↩

[kelson42]

A successful WI-Fi discovery peer needs these permissions to scan available WI-Fi peers for the purpose of establishing a connection

Why we need to "scan" for devices? The feature is only about creating a WiFi hotspot and other users access it normally via any Web browsers. I still don't understand why we need this.

[kelson42]

@MohitMaliFtechiz Maybe you have an explanation to my last question?

[MohitMaliFtechiz]

hi @kelson42 ,

We can only get rid of these permission once we target android 13 and above below we do requires this permission https://developer.android.com/about/versions/13/features/nearby-wifi-devices-permission. We require this permission for Peer to Peer connection https://developer.android.com/guide/topics/connectivity/wifip2p .

[kelson42]

@MohitMaliFtechiz Ok so we should change for android13+. There is no way to require only this permission when this specific feature is used? To avoid a bad note?

[MohitMaliFtechiz]

@MohitMaliFtechiz Ok so we should change for android13+. There is no way to require only this permission when this specific feature is used? To avoid a bad note?

yes currently i have checked we are requesting this permission on runtime when specific feature is used.

[kelson42]

@MohitMaliFtechiz OK. Can you adapt for 13+?

[MohitMaliFtechiz]

ok @kelson42

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions.

[kelson42]

@MohitMaliFtechiz Anything stopping us to move forward here?

[kelson42]

Will recheck the not once 3.8 is published on playstore.