Hi Icdcode
I am an F-Droid user interested in your ‘Mood Cairns’ app. I’ve been reviewing the application’s manifest and noticed that it requests permissions for Biometric/Fingerprint, WAKE_LOCK, and RECEIVE_BOOT_COMPLETED.
From a privacy and ‘minimalist’ standpoint, these permissions are quite intrusive for an app that seems to function as a local mood tracker. Could you clarify:
-
Biometric: Is this strictly for local vault locking, or does it trigger any third-party APIs?
-
WAKE_LOCK: Why does the app need to prevent the device from sleeping?
-
BOOT_COMPLETED: Is there a background service running on startup? If so, what does this service do?
I’m concerned about ‘Dependency Tree Poisoning’ and potential transitive dependencies pulling in unnecessary telemetry. Could you please confirm if these permissions are tied to your core functionality or if they are inherited from third-party libraries?
Thanks for your transparency.