Include internet access permission defaultly
Current LL app has no internet access permission.
If we need to use internet access in script, then we should install extra APK from LL site.
How about this?
I guess you know supersu app for rooted Android.
This app checks an app requiring root permission and can allow or not by user. This mechanism is safer than allowing root permission globally at once like current LL’s extra permission.
For example, after we install that permission APK, we might forget the fact that we installed.
So from that, any scripts could access internet. We have no way to know unless looking thoroughly its contents one by one.
So I guess most of normal users might hesitate to install that APK, which is of all or nothing mechanism.
I heard from Marshmallow, user can toggle app’s permission. So please give LL internet access permission defaultly.
And then, when new script is installed/saved, LL checks whether that script has internet access functions. If so, LL alerts that facts. If possible, like supersu, LL could provide the way to toggle that permission to the script. (If toggling is too complex, at least just alerting is enough)
]]>
< ![CDATA[
There is an Xposed module from Lukas Morawietz Check Lightning permission on Playstore
You need to install Xposed
There is another apk for internet permission if you don’t want Xposed
]]>
< ![CDATA[
Bruno-Isa LAMOUR-ARNOULD I’ve just know from you LL related xposed module exists. Thanks.
Anyway, my request is a little different from using that module/apk personally.
As a personal script user, that tools are very useful. I can make and use any scripts nearly without any restriction by help of that tool.
However, if we(script/template developer) are to distribute our scripts, then it becomes a different story.
I will soon update my Windows7-mocking LL template in play store.
This template uses 30 scripts
,. During installing my template, it need to fetch images from internet. So as a developer/distributer, I have to choose one method between 2.1. Explain extra internet-access-permission requirement, and tell play
store(mainly template)users to go, download and install extra APK from LL site. And then re run my template.2. Just tell them to open url in a browser, and download images by themselves, and move them to predefined folder.
I had considered two ways, and chose 2.
I know if a developer and user understand that requirement and the method, no1. is more more easier.
But I chose no2. bc,
1. My internet connection is needed only one-time in installing template. Just one time. Just for that, requesting all my template users(they are not scripters) to install APK which might cause “unlimited internet access possibility” of all upcoming scripts, seemed to be too dangerous or irresponsible.
2. http://www.lightninglauncher.com/permissions/
As a scripter and non-novice user, I don’t have any resistance to install APK from above page.
But what about normal/novice (just template) user?
They just want to install and try new template. But it requires to go, downlaod and install some APK, which alerts something security holes blar blar. Moreever that APK is not from playstore, although site looks from LL. They might give up trying new template which uses some scripts.
So I chose no.2 which requires no extra APK, but anyway user have to do more cumbersome things.
I know most LL scripter’s main interest is enjoying infinete power of script in his device. In that case, xposed module is the best.
But if we want to distribute our script/template to various understainding- level users, then the method even novice user can rely on is required.
I think that is for end users and also we/developers.
]]>
< ![CDATA[
I am afraid that the internet permission is the kind of thing you need to set either right at the beginning during firsts versions, or never. The reason is that existing users don’t want “important” permissions to be added, whatever the reason is. Most people don’t read the explanation anyway.
Interestingly, on Marshmallow it seems the Internet permission is “ON” by default as soon as requested in the manifest, and you can’t toggle it to OFF.
]]>
< ![CDATA[
Pierre Hébert Aside from the default permission, once we install/add internet permission, all scripts could use internet from that moment.
Generally speaking, if we allow some permission to an app, that means we believe that app/developer. However LL’s situation is different. We add internet capability to LL app by installing extra APK. But in reality, the object which uses internet is not LL(Pierre Hébert ) but various other scripts/developers, I think you know what I mean.
I think it looks like the situation where we root Android system, and then allow all apps can access system freely without any notification.
So my requests are.
1. LL has internet access permission by default.
2. Regardless of no.1(by default or extra APK), LL (script editor/engine?) checks whether a script uses network-related functions or not, when saving/importing or running anyway, and then alerts the user.
I understand all are not easy to change or add. It’s just my thoughts.
]]>
< ![CDATA[
You are right about the permission which is not used by the app itself, but by other components. However this is true for everything else, as soon as scripting is enabled. Right now there are a couple of interesting permissions granted to LL that can already be used by scripts for other things. I am not really at ease with this, and this is why additional permissions APK plugins are not available on the Play Store. However intercepting functions related to a given permission is not something doable, because of the possibly direct Android framework API calls. By not publishing permissions on the Play Store, this is a way of saying: “Beware, by installing these plugins you acknowledge that you are using advanced features, and by this fact you understand the implications”
]]>
< ![CDATA[
If someone has security concerns with scripts, he should not load any script without understanding what the code does before.
Here are some things scripts could theoretically do:
1. Delete everything on your sdcard
2. Use all money on your simcard, possibly transferring it to someone else by calling special numbers
3. Prevent you from deleting it
4. Draw something over all other apps, so you can’t use them anymore
So it could corrupt your device to a point where you have to do a factory reset.
My point is: there is no safety in scripts.
That’s also one of the reasons why all my Lightning plugins are open source: Everybody can check that these don’t exploit data.
]]>