profile
viewpoint
Steve White StevanWhite Potsdam, Germany

issue openedTheTorProject/gettorbrowser

android storage use

Hi,

I hope this is the right place to report problems with the Tor Browser for Android.

I've used Tor a couple of times, found it useful.

Lately I found my main storage running low... and found Tor to be the worst single offender, 140MB. I saw no way to move it to the SD card.

So it's gone.

If at all possible, make sure you make good use of the external storage on Android. I'm pretty sure it's very easy to do...

created time in 12 days

issue openedAndreMiras/QrScan

fails to start on Nokia 1

This is a Nokia 1 running Android 9 with the latest security updates.

After installing, I get the logo/splash screen for a few seconds, then the screen goes black for a few seconds, and then the app ... goes into the background, evidently.

When I bring it to the foreground, the same thing happens. It never shows camera video.

created time in a month

issue openedteejee2008/timeshift

timeshift gummed up a small netbook

Linux Mint 19.3 on an HP Stream HP11-Y020W -- a netbook with a 32 GB SSD soldered in.

The root partition became completely filled. Primary cause was timeshift.

The distro had been installed freshly only a couple of months. Very little had been changed on a system level, except distro updates. Neither I nor the user was aware of timeshift until the problem occurred.

One day, graphical login stopped working. Using a text conslole, we found a /timeshift directory with 17GB, by far the largest single directory on the box. The problem was solved by first removing some some smaller files to provide some wiggle-room, then removing timeshift and its big directory. (The user has no need for long-term storage on this device -- it is used primarily as a netbook.)

There had been signs that storage space was running low before the login problem arose. Also, a kernel update had been perfomed recently -- the usual remains were in the /boot directory. These were much smaller than the /timeshift directory, but the update might have been what pushed it over the edge.

But this should not have happened: timeshift should adapt itself for arbitrarily small storage space -- it should abandon attempts to function and minimize itself before using up all the space on the device. We should have remained blissfully unaware of timeshift's existence.

I recommend that you revise your testing of timeshare to insure that it doesn't intefere with the functioning of small devices!

Cheers!

P.S. as an older guy -- a part of me regards 32 GB as being titanic.

created time in a month

issue openedSimpleMobileTools/Simple-Calculator

correct characters on buttons

To display the butttons, you use ASCII hyphen "-" for minus and ASCII asterisk "*" for times.

Much better would be the Unicode minus operator "−" and times "×", respectively.

I think this would amount to a change in two characters to the file activity_main.xml.

created time in 2 months

issue openedandroidsoft-org/androidsoft-permission

calculation of danger level

Hi,

First -- it would be nice to state openly somewhere how the danger levels are calculated.

I see that "dangerous" system permissions each get 100 points.

I don't understand the transition from "normal permissions" icon to "dangerous" icon. On my system, several apps which use no dangerous permissions, and which score much lower than 100 points, are marked with a "dangerous" icon. E.g.:

  • CPU Info
  • ZEIT Online

I checked -- none of the permissions these apps use is officially "dangerous".

created time in 2 months

issue openedMajeurAndroid/Android-Applications-Info

copy fails for very large manifests

This is a Nokia 1 running Android 9.

  • Open the entry for the system "Settings" app -- which is very large, of course.
  • "View manifest file" -- takes a few seconds to render.
  • Long-click in the text.
  • Select all
  • Copy

"Failed to copy to the clipboard"

I presume this has to do with the very large size of that manifest. Other, smaller manifest files are copied just fine.

Look... the manifest viewer is pretty limited. It has no search capabilities, etc. And it has this copy problem. SUGGESTION: Chunk this manifest viewer functionality, and replace it with a manifest "share" functionality so the user can send the manifest to any other app that can handle XML or text. That would be the Androidesque solution.

created time in 2 months

issue commentEtar-Group/Etar-Calendar

excessive permissions

I had overlooked the README (I had looked at other posted documents. Thanks!

However: this time, the README does not mention the necessity of WAKE_LOCK. That sometimes results in excessive use of system resources. And it does not explain why your app needs the other permission.

Regarding the storage permissions, the suggestion is that you consider a more Android-esque approach to ICS files, that does not involve the privilege to read and write any file on the device. The README doesn't explain what rules that out. That is: why must your app be the one that finds and opens the ICS file from disk? Why must yours be the one that reads the file from disk? It seems to me, your app only needs to use the contents of the file, or generate the contents of the file.

Likewise with GET_CONTACTS. Could you not employ another app to acquire the info that is required?

There is a best practices rule of thumb about minimizing required permissions. It is to only demand permissions that provide something central to the primary operation of your app, and are of frequent use by your users.

For example, in the "App permissions best practices" (link provided previously): " if your requirement for access to user data is infrequent — in other words, it's not unacceptably disruptive for the user to be presented with a runtime dialogue each time you need to access data — you can use an intent based request. ?"

You could argue that for some of your users, reading an ICS file from storage, rather than sharing it or copy-pasting it from another app, is a daily necessity, then that would satisfy a rule of thumb about permissions. Is that the case? (I wouldn't know -- I've used your app for a couple of years, and never once imported an ICS file.) This is the explanation that belongs in your README file.

As to what your app could do, sure, a programmer could read the code, and determine whether it does anything sneaky or incorrect. But non-programmers would be a lot more confident that you aren't doing something sneaky with my contacts list if your app didn't require permissions to use it.

Unfortunately, there are a lot of apps that require such permissions and proceed to do bad things. The best approach is -- use them when they are crucial, and avoid them otherwise. The goal is to get more developers to employ the least set of permissions possible to achieve the purpose of their product -- and when a permission really is unavoidable, the reason should be explained.

Fewer permissions also make your app more attractive to some people!

Cheers!

StevanWhite

comment created time in 3 months

issue openedmaxim-saplin/CrossPlatformDiskTest

phone grinds to a halt after use

Hi,

I'm just following up my review on Google Play, because this is a better forum for bug reports.

Again, this was on a Nokia 1 running Amazon 9. The latest security updates are installed. Also a lot of other apps are installed on the phone.

All I did was to run the storage tests (only, not the database tests). I did not adjust any other settings.

After the tests finished, the phone ground almost to a halt. App wouldn't respond, couldn't switch out of the app. Finally the power button responded, said "System UI isn't responding". From there I was able to kill it.

I can say however, it seemed the info didn't fit in the 4.5" screen of this device, and I scrolled the screen just before I noticed that everything had gotten very very slow. Maybe scrolling triggered the issue.

created time in 3 months

issue openedEtar-Group/Etar-Calendar

excessive permissions

I use etar on a daily basis -- I prefer it to the system-installed calendar partly because I trust it more, partly because it requires much fewer permissions.

At the same time, it uses several "dangerous" permissions that I do not see as being essential to its basic function. Sure, the "CALENDAR" permissions are essential to the app's function.

You might consider posting a short document, explaining the necessity of each of the permissions required, and how they relate to functionalities meaningful to the user.

Please review the necessity of the following:

READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE: I see the import/export of 'ics' files... but I think both these can be accomplished by sharing... or perhaps cut/copy paste. Unless files are directly accessible to the user or other apps, there are better options that require no permissions, especially databases. See https://developer.android.com/guide/topics/permissions/overview

READ_CONTACTS: I find this very questionable; without going through the code, I don't see how it pertains to any function I have used. Do you have the option of using Android intents?. Please review best practices about this. https://developer.android.com/topic/security/best-practices

GET_ACCOUNTS: I understand the necessity of this... at least for older Android APIs. Please consider however, that in Androd 6.+, there may be other options. See: https://developer.android.com/reference/android/Manifest.permission#GET_ACCOUNTS

WAKE_LOCK: I don't know... please review: https://developer.android.com/training/scheduling/wakelock

Thanks!

created time in 3 months

issue openedxamurai007/NasaApodMD

Excessive Android permissions

Nothing this app does couldn't be accomplished better with a database or even keyed data, without using dangerous SD card permissions. Please reduce the access footprint!

created time in 3 months

issue openedxamurai007/NasaApodMD

Images in random order

It shows APOD images all right... But in seemingly random order. This makes it pretty useless for most users. Please fix to show images in reverse chronological order!

created time in 3 months

issue commentfedefernandez/MyAppList

Fdroid, not Google play

In Android 9: just fails to find F-Droid apps.

Also, the text and html lists always show Google Play addresses, even for apps which did not come from there.

Note: apps installed from F-Droid can be recognized as such from their signature. Thus, this issue can be resolved at least for that repository.

sbaconnais

comment created time in 3 months

issue openedFr4gorSoftware/SecScanQR

permissions

I don't think your app needs the "dangerous" permissions WRITE_EXTERNAL_STORAGE or READ_EXTERNAL_STORAGE at all. I encourage you to minimize such permissions.

The "history" function could be handled easily with a key-lookup database (maybe more easily than with files).

Instead of "saving" a generated code, let the user "copy" or "share" it -- in more Android-esque fashion.

created time in 3 months

issue commentFr4gorSoftware/SecScanQR

[feature request] add camera Zoom

I agree. Here's the reason: many cheaper phones do not have "auto focus". To make the image big enough to fit the scannar, the phone has to be brought too close to the code to focus.

With a simple zoom, smaller codes could be recognized by such phones.

primarto

comment created time in 3 months

issue openedsmarek/Simple-Dilbert

permissions

Love your app!

I am concerned about excessive Android permissions, though, particularly READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE. I want to encourage you to minimize permissions, especially "dangerous" ones.

In the case of this app, I see no need for file access. For caching, a simple database should suffice. Instead of the "save" function, provide the Android-esque "share" and/or "copy".

Thanks!

created time in 3 months

more