jrpie/launcher
1
0
Fork 0
mirror of https://github.com/jrpie/Launcher.git synced 2025-06-28 03:45:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

add docs/security.md

Browse source
This commit is contained in:
Josia Pietsch 2025-06-09 15:38:41 +02:00
parent ce34e9cfdd
commit 2cf8870c5d
Signed by: jrpie
GPG key ID: E70B571D66986A2D
1 changed files with 71 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

71
docs/security.md Normal file
View file

@ -0,0 +1,71 @@
+++
weight = 30
+++
# Security Considerations
In order to launch apps, μLauncher obtains a list of all apps installed on the device.
This includes apps from other profiles such as the [private space](/docs/profiles/#private-space)
and the [work profile](/docs/profiles/#work-profile).
μLauncher aims to be minimal software. Functionality that can be provided
by other apps is not integrated into μLauncher itself,
thus allowing user to install only what they need.
{{% hint info %}}
μLauncher does **not connect to the internet**.
Certain functions, such as the buttons in the meta section may prompt the browser
to open a website, but μLauncher itself does not open internet connections.
Functionality that would require an internet connection will not be implemented.
{{% /hint %}}
## Requested Permissions
μLauncher requests several permissions:
* (`android.permission.REQUEST_DELETE_PACKAGES`)[https://developer.android.com/reference/android/Manifest.permission#REQUEST_DELETE_PACKAGES]
* (`android.permission.QUERY_ALL_PACKAGES`)[https://developer.android.com/reference/android/Manifest.permission#QUERY_ALL_PACKAGES]
* (`android.permission.ACCESS_HIDDEN_PROFILES`)[https://developer.android.com/reference/android/Manifest.permission#ACCESS_HIDDEN_PROFILES]
* (`android.permission.EXPAND_STATUS_BAR`)[https://developer.android.com/reference/android/Manifest.permission#EXPAND_STATUS_BAR]
* (`android.permission.POST_NOTIFICATIONS`)[https://developer.android.com/reference/android/Manifest.permission#POST_NOTIFICATIONS]
* (`android.permission.BIND_ACCESSIBILITY_SERVICE`)[https://developer.android.com/reference/android/Manifest.permission#BIND_ACCESSIBILITY_SERVICE]
* (`android.permission.BIND_DEVICE_ADMIN`)[https://developer.android.com/reference/android/Manifest.permission#BIND_DEVICE_ADMIN]
### Accessibility Service
μLauncher's accessibility service can be used to lock the screen and
to open the list of recent apps.
{{% hint danger %}}
Enabling μLauncher's accessibility service grants excessive permissions to the app.
Do not enable the accessibility service if you don't need it.
Before enabling, make sure that you obtained your copy of μLauncher from a source you trust.
The official sources can be found [here](https://launcher.jrpie.de/).
{{% /hint %}}
Due to [Accrescent's policy](https://accrescent.app/docs/guide/publish/requirements.html#androidaccessibilityserviceaccessibilityservice) on accessibility services,
the version of μLauncher published on Accrescent does not contain an accessibility service.
### Device Administrator Permissions
Device Administrator permissions can be used for locking the device as an alternative to using the accessibility service.
This is the preferable option, as the required permissions are far less intrusive.
However, this method is (ab)using an API intended for emergency situations,
hence unlocking using weak authentication methods (fingerprint, face detection)
is not possible.
## Crash Reports
For privacy reasons, μLauncher does not collect crash reports automatically.
## Reporting Security Issues
For security related issues, please use the contact information
from the [security.txt](https://jrpie.de/.well-known/security.txt) on my website
or [report a vulnerability](https://github.com/jrpie/Launcher/security/advisories/new) on github.
{{% hint danger %}}
Please do not report security issues using github's issue feature!
{{% /hint %}}