Question regarding permission set for Mood Cairns: Why Biometric & WakeLock?

Hi Icdcode

I am an F-Droid user interested in your ‘Mood Cairns’ app. I’ve been reviewing the application’s manifest and noticed that it requests permissions for Biometric/Fingerprint, WAKE_LOCK, and RECEIVE_BOOT_COMPLETED.

From a privacy and ‘minimalist’ standpoint, these permissions are quite intrusive for an app that seems to function as a local mood tracker. Could you clarify:

  1. Biometric: Is this strictly for local vault locking, or does it trigger any third-party APIs?

  2. WAKE_LOCK: Why does the app need to prevent the device from sleeping?

  3. BOOT_COMPLETED: Is there a background service running on startup? If so, what does this service do?

I’m concerned about ‘Dependency Tree Poisoning’ and potential transitive dependencies pulling in unnecessary telemetry. Could you please confirm if these permissions are tied to your core functionality or if they are inherited from third-party libraries?

Thanks for your transparency.

See Make pin or biometric unlock optional · Issue #8 · lcdcode/mood-cairns · GitHub
It is why this feature was added.
Also, please ask there. The developer is not present here afaics.