Looking at the permissions of @signalapp always gives me the creeps. With that permission they can re-route every outgoing call to some different number. And the user won't even know about that. That is a giant super-bug and not secure.https://github.com/signalapp/Signal-Android/blob/master/AndroidManifest.xml#L48 …
-
-
"… the Phone permissions are not required" why are they declared if they are not required? You simply declare all perms which are "Protection level: dangerous"? And how can I (as a user) ensure that the APK on my phone really only contains the code from your GitHub repository?
-
And there should be no harm in merging in the PR which would remove at least this single permission:https://github.com/signalapp/Signal-Android/pull/7511 …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.