Re: Making default permissions on Android more restrictive

[Po Lu]

Stefan Kangas <stefankangas@gmail.com> writes:

> 2.
>
> The justification for asking for the above permissions in (info "(emacs)
> Android Environment") is:
>
>     While most of these permissions are left unused by Emacs itself,
>     they are declared by Emacs as they could be useful for other
>     programs; for example, the permission to access contacts may be
>     useful for EUDC.
>
> I think this criteria should be changed.  Instead of saying "one can
> imagine something like EUDC to be using this", we should decide which
> permissions to ask for based on criteria like "package <foo> supports
> feature <bar> on Android, and it is highly useful".

I think that is too high a bar, given that Emacs must be recompiled
before it is capable of requesting permissions outside the set of
permissions enumerated within its manifest.  Which is to say, unless we
declare these permissions from the outset, such packages will _never_
have a fighting chance of supporting Android.

Most of our users will run Android 6.0 or later, where most of the
permissions Emacs requests by default are in fact disabled until
explicit action is taken to enable them.  Removing these permission
declarations is tantamount to impeding the development of user Lisp code
just to assauge minor security concerns on decade-old installations of
Android.  These versions collectively amount to less than 2.17% of all
Android installations.

> 3.
>
> I don't understand why we ask for the following permissions, AFAIU on
> all versions of Android:
>
>     NFC
>     TRANSMIT_IR
>
> Are there any technical reasons to ask for them?  If not, could they be
> removed as well?

NFC and IR transmission are tasks that someone might conceivably use
Emacs to perform (for example, the other day I observed a package
purporting to save ``smart cards'' into Emacs.)  They're innocuous to
such an extent that Android grants them to all requesting programs by
default.

Thanks.