add docs/security.md

docs/security.md

@@ -0,0 +1,71 @@
++++
+  weight = 30
++++
+
+# Security Considerations
+
+In order to launch apps, μLauncher obtains a list of all apps installed on the device.
+This includes apps from other profiles such as the [private space](/docs/profiles/#private-space)
+and the [work profile](/docs/profiles/#work-profile).
+
+μLauncher aims to be minimal software. Functionality that can be provided
+by other apps is not integrated into μLauncher itself,
+thus allowing user to install only what they need.
+
+{{% hint info %}}
+μLauncher does **not connect to the internet**.
+Certain functions, such as the buttons in the meta section may prompt the browser
+to open a website, but μLauncher itself does not open internet connections.
+Functionality that would require an internet connection will not be implemented.
+{{% /hint %}}
+
+## Requested Permissions
+
+μLauncher requests several permissions:
+
+ *  (`android.permission.REQUEST_DELETE_PACKAGES`)[https://developer.android.com/reference/android/Manifest.permission#REQUEST_DELETE_PACKAGES]
+ *  (`android.permission.QUERY_ALL_PACKAGES`)[https://developer.android.com/reference/android/Manifest.permission#QUERY_ALL_PACKAGES]
+ *  (`android.permission.ACCESS_HIDDEN_PROFILES`)[https://developer.android.com/reference/android/Manifest.permission#ACCESS_HIDDEN_PROFILES]
+ *  (`android.permission.EXPAND_STATUS_BAR`)[https://developer.android.com/reference/android/Manifest.permission#EXPAND_STATUS_BAR]
+ *  (`android.permission.POST_NOTIFICATIONS`)[https://developer.android.com/reference/android/Manifest.permission#POST_NOTIFICATIONS]
+ *  (`android.permission.BIND_ACCESSIBILITY_SERVICE`)[https://developer.android.com/reference/android/Manifest.permission#BIND_ACCESSIBILITY_SERVICE]
+ *  (`android.permission.BIND_DEVICE_ADMIN`)[https://developer.android.com/reference/android/Manifest.permission#BIND_DEVICE_ADMIN]
+
+
+### Accessibility Service
+
+μLauncher's accessibility service can be used to lock the screen and
+to open the list of recent apps.
+
+{{% hint danger %}}
+Enabling μLauncher's accessibility service grants excessive permissions to the app.
+Do not enable the accessibility service if you don't need it.
+Before enabling, make sure that you obtained your copy of μLauncher from a source you trust.
+The official sources can be found [here](https://launcher.jrpie.de/).
+{{% /hint %}}
+
+Due to [Accrescent's policy](https://accrescent.app/docs/guide/publish/requirements.html#androidaccessibilityserviceaccessibilityservice) on accessibility services,
+the version of μLauncher published on Accrescent does not contain an accessibility service.
+
+
+### Device Administrator Permissions
+
+Device Administrator permissions can be used for locking the device as an alternative to using the accessibility service.
+This is the preferable option, as the required permissions are far less intrusive.
+However, this method is (ab)using an API intended for emergency situations,
+hence unlocking using weak authentication methods (fingerprint, face detection)
+is not possible.
+
+## Crash Reports
+
+For privacy reasons, μLauncher does not collect crash reports automatically.
+
+## Reporting Security Issues
+
+For security related issues, please use the contact information
+from the [security.txt](https://jrpie.de/.well-known/security.txt) on my website
+or [report a vulnerability](https://github.com/jrpie/Launcher/security/advisories/new) on github.
+
+{{% hint danger %}}
+Please do not report security issues using github's issue feature!
+{{% /hint %}}