| ▲ | dmitrygr 4 hours ago | |||||||
> The article does not claim the app requests the location. It claims it can do it with a single JS call. so can ... any other code anywhere on a mobile device? That is how API work... | ||||||||
| ▲ | david_allison 4 hours ago | parent [-] | |||||||
You need to state the permissions you *may* request/use in AndroidManifest.xml. This data can then be displayed to users pre-installation. From the (limited) article, it doesn't seem they do this: https://thereallo.dev/blog/decompiling-the-white-house-app#p... ---- EDIT: I'm mistaken. From the Play Store[0] it has access to * approximate location (network-based) * precise location (GPS and network-based) [0] https://play.google.com/store/apps/details?id=gov.whitehouse... This seems to disagree with: > The location permissions aren't declared in the AndroidManifest but requested at runtime *shrug*, someone should dig deeper. It looks like the article may not match reality. | ||||||||
| ||||||||