#24796: Review all requested and required Android permissions --------------------------------------+----------------------------------- Reporter: sysrqb | Owner: tbb-team Type: task | Status: needs_information Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-mobile | Actual Points: Parent ID: #5709 | Points: Reviewer: | Sponsor: --------------------------------------+----------------------------------- Changes (by sysrqb):
* status: new => needs_information Comment: Fennec currently requests/requires a large set of permissions. We should be able to reduce this. If we include the permissions requested by Fennec (base) and GeckoView, they are: {{{ android.hardware.camera android.hardware.camera.autofocus android.hardware.location android.hardware.location.gps android.hardware.touchscreen android.permission.ACCESS_COARSE_LOCATION android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_NETWORK_STATE android.permission.ACCESS_WIFI_STATE android.permission.AUTHENTICATE_ACCOUNTS android.permission.CAMERA android.permission.CHANGE_WIFI_STATE android.permission.GET_ACCOUNTS android.permission.INTERNET android.permission.MANAGE_ACCOUNTS android.permission.READ_EXTERNAL_STORAGE android.permission.READ_SYNC_SETTINGS android.permission.READ_SYNC_STATS android.permission.RECEIVE_BOOT_COMPLETED android.permission.SYSTEM_ALERT_WINDOW android.permission.USE_CREDENTIALS android.permission.VIBRATE android.permission.WAKE_LOCK android.permission.WRITE_EXTERNAL_STORAGE android.permission.WRITE_SETTINGS android.permission.WRITE_SYNC_SETTINGS com.android.browser.permission.READ_HISTORY_BOOKMARKS com.android.launcher.permission.INSTALL_SHORTCUT com.android.launcher.permission.UNINSTALL_SHORTCUT }}} This includes permissions and features. Orfox already excludes some of the above (via compile-time pre-processor guards): {{{ android.permission.CHANGE_WIFI_STATE android.permission.ACCESS_WIFI_STATE android.permission.ACCESS_FINE_LOCATION android.hardware.location android.hardware.location.gps android.permission.CAMERA android.hardware.camera android.hardware.camera.autofocus android.permission.GET_ACCOUNTS android.permission.ACCESS_NETWORK_STATE android.permission.MANAGE_ACCOUNTS }}} I think we can inherit this during the #25741 rebase, and audit the remaining perms after (or in parallel). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24796#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs