Re: Android keyboard: your choice.

Andy,

Is it possible those are BIND_INPUT_METHOD and BIND_TEXT_SERVICE ?

>
Yes those are not listed by f-droid
>

those are not under "uses-permission", but under "service" ->
"permission"

>
Thanks, wasn't aware of the distinction, but it's still "a permission"

I wasn't aware either.  This subthread ("they differ") brought them to my
attention.  So thank you.

run at startup (why not use the proper name android.permission
RECEIVE_BOOT_COMPLETED?

Most smartphone users have little-to-no technical background.   They would
be stumped to translate the latter to the former - which they have a better
chance to understand.

Is it possible those are BIND_INPUT_METHOD and BIND_TEXT_SERVICE ?

>
Yes those are not listed by f-droid
>

those are not under "uses-permission", but under "service" ->
"permission"

>
Thanks, wasn't aware of the distinction, but it's still "a permission"

Yep, it is.  I can imagine quite a bit of funky stuff you could do when you
can inject keystokes into the phone.

Also there's no mention of android.permission.READ_CONTACTS

Although the apk in question doesn't seem to have any way to send the data
anywhere, forgetting to mention such a privacy related permission is not
good.   Luckily the phone itself will still ask for it.

Regarding the DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION, I found this

[snip]

I also did search for an explanation to that permission, and remember having
found the same webpage.   But alas, even after reading it I have no idea how
an app protecting itself from malfunctioning (not to say malicious) other
apps needs a permission.   I'm rather likely missing something there, but I
don't know what. :-(

Regards,
Rudy Wieser