Karl/BobStore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

enable lint HardwareIds as error

Browse Source 
Keep PRNGFixes as it is since it is security sensitive, standardized
code from Google.  While F-Droid never wants to do anything with
hardware IDs at all, this code uses the Build.SERIAL as a seed for the
random number generator, so it is safe privacy-wise.
This commit is contained in:
Hans-Christoph Steiner 2018-12-31 22:14:10 +01:00
parent 09abc0734e
commit 079cf2e903
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/lint.xml
View File

@ -29,6 +29,7 @@
<issue id="UnsafeProtectedBroadcastReceiver" severity="error"/> <issue id="UnsafeProtectedBroadcastReceiver" severity="error"/>
<issue id="GetInstance" severity="error"/> <issue id="GetInstance" severity="error"/>
<issue id="PackageManagerGetSignatures" severity="error"/> <issue id="PackageManagerGetSignatures" severity="error"/>
<issue id="HardwareIds" severity="error"/>
<issue id="TrustAllX509TrustManager" severity="error"> <issue id="TrustAllX509TrustManager" severity="error">
<!-- these come from included libraries --> <!-- these come from included libraries -->
<ignore path="org/apache/commons/net/ftp/FTPSTrustManager.class"/> <ignore path="org/apache/commons/net/ftp/FTPSTrustManager.class"/>

1
app/src/main/java/org/fdroid/fdroid/compat/PRNGFixes.java
View File

@ -306,6 +306,7 @@ public final class PRNGFixes {
} }
} }
@SuppressLint("HardwareIds")
private static byte[] getBuildFingerprintAndDeviceSerial() { private static byte[] getBuildFingerprintAndDeviceSerial() {
StringBuilder result = new StringBuilder(); StringBuilder result = new StringBuilder();
String fingerprint = Build.FINGERPRINT; String fingerprint = Build.FINGERPRINT;