Question on permissions

[IzzySoft]

From our scanner report:

! repo/io.treehouses.remote_6286.apk declares flag(s): usesCleartextTraffic
! repo/io.treehouses.remote_6286.apk declares sensitive permission(s): android.permission.BLUETOOTH_SCAN android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_COARSE_LOCATION

Could you please clarify what those are needed for? The app description does not explain. Thanks in advance!

[IzzySoft]

! repo/io.treehouses.remote_6302.apk declares flag(s): usesCleartextTraffic
! repo/io.treehouses.remote_6302.apk declares sensitive permission(s): android.permission.BLUETOOTH_SCAN
  android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_COARSE_LOCATION

@dogi any word?

[Okuro3499]

@IzzySoft

Regarding the sensitive permissions:
- BLUETOOTH_SCAN: required to enable scanning and management of nearby devices within the app’s functionality, specifically for Raspberry Pi connections.
- ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION: (optional for users) allow the app to collect approximate (non-precise) location data to update our global usage map, which anonymously visualizes where the app is being used worldwide. This proximity-based data enhances internal usage reporting while maintaining user privacy.

usesCleartextTraffic is currently enabled because the app communicates with our backend, which uses HTTP (not HTTPS) for Parse server communication. We are actively working on migrating to HTTPS to ensure secure data transmission and expect to update this soon.

[IzzySoft]

usesCleartextTraffic is currently enabled because the app communicates with our backend

On-device? from your rewrite announcement, it rather sounds like "over the internet". Then I leave this open for now, and hope you'll have success with the rewrite soon. The permissions have been added to the app's green list meanwhile, thanks!

If you wish to close more gaps there, just let me know 😉