You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, it seems that it missed the “check” and “request” operation in the following call chain starting from the BaseAlertDialogFragment.onCreateDialog(android.os.Bundle) activity if permission is not granted.
This may lead to a SecurityException or related functions unavailable if the user denies the access permission but still calls the API in this chain, resulting in bad user experience.
@philliphsu
Could you help me review this issue? Thx
The text was updated successfully, but these errors were encountered:
Issue description
Hi, in ClockPlus v1.1.3, we found a dangerous API usage (https://github.com/philliphsu/ClockPlus/blob/master/app/src/main/java/com/philliphsu/clock2/dialogs/RingtonePickerDialog.java#L85) which requires Manifest.permission.READ_EXTERNAL_STORAGE in accordance to the Android official documentation (https://developer.android.google.cn/reference/android/media/RingtoneManager?hl=en#getCursor()).
However, it seems that it missed the “check” and “request” operation in the following call chain starting from the BaseAlertDialogFragment.onCreateDialog(android.os.Bundle) activity if permission is not granted.
This may lead to a SecurityException or related functions unavailable if the user denies the access permission but still calls the API in this chain, resulting in bad user experience.
@philliphsu
Could you help me review this issue? Thx
The text was updated successfully, but these errors were encountered: