问题描述
我已经为Android和iOS开发了Flutter应用程序。这是一个在线订购应用程序,但是您无法付款。它已由客户发送到安全审核。他们在审计中说android.permission.INTERNET已启用,并且存在安全风险。但这对我来说是胡说八道,因为此应用需要与互联网配合使用
他们提供了以下技术背景
为了维护系统和用户的安全,Android需要使用应用程序 在应用可以使用某些系统数据之前请求权限,并且 特征。根据区域的敏感程度,系统可能会授予 权限,或者它可能会要求用户批准 请求。如上表所述,某些参数可能是 用于收集可能导致隐私问题的数据。
然后推荐以下内容
建议考虑各自提供的每个功能 参数并评估启用该需求的业务需求。
好吧,我不知道该怎么办。没有互联网,意味着您无法在此在线订购应用程序中订购任何东西。
下面是我的Android清单
@H_404_20@<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.myapp.appname">
<!-- io.Flutter.app.FlutterApplication is an android.app.Application that
calls FlutterMain.startinitialization(this); in its onCreate method.
In most cases you can leave this as-is,but you if you want to provide
additional functionality it is fine to subclass or reimplement
FlutterApplication and put your custom class here. -->
<uses-permission android:name="android.permission.INTERNET"/>
<application
android:name="io.Flutter.app.FlutterApplication"
android:label="MY APP"
android:icon="@mipmap/launcher_icon">
<activity
android:name=".MainActivity"
android:launchMode="singletop"
android:theme="@style/LaunchTheme"
android:configChanges="orientation|keyboardHidden|keyboard|screenSize|smallestScreenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode"
android:hardwareAccelerated="true"
android:windowSoftInputMode="adjustResize">
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
<intent-filter>
<action android:name="FlutteR_NOTIFICATION_CLICK" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
<!-- Don't delete the Meta-data below.
This is used by the Flutter tool to generate GeneratedpluginRegistrant.java -->
<Meta-data
android:name="FlutterEmbedding"
android:value="2" />
</application>
</manifest>
@H_404_20@name: MyApp
description: A new Flutter project.
# The following defines the version and build number for your application.
# A version number is three numbers separated by dots,like 1.2.43
# followed by an optional build number separated by a +.
# Both the version and the builder number may be overridden in Flutter
# build by specifying --build-name and --build-number,respectively.
# In Android,build-name is used as versionName while build-number used as versionCode.
# Read more about Android versioning at https://developer.android.com/studio/publish/versioning
# In iOS,build-name is used as CFBundleShortVersionString while build-number used as CFBundLeversion.
# Read more about iOS versioning at
# https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html
version: 1.0.2+3
environment:
sdk: ">=2.1.0 <3.0.0"
dependencies:
Flutter:
sdk: Flutter
# The following adds the Cupertino Icons font to your application.
# Use with the CupertinoIcons class for iOS style icons.
cupertino_icons: ^0.1.2
google_fonts: ^0.2.0
firebase_auth: ^0.14.0+5
json_annotation: ^3.0.1
provider: ^4.0.4
badges: ^1.1.1
firebase_messaging: ^6.0.13
shared_preferences: ^0.5.6+3
intl: ^0.16.1
dev_dependencies:
Flutter_test:
sdk: Flutter
build_runner: ^1.7.4
json_serializable: ^3.2.5
Flutter_launcher_icons: "^0.7.3"
Flutter_icons:
android: "launcher_icon"
ios: true
image_path: "assets/images/icon.jpg"
# For @R_853_4045@ion on the generic Dart part of this file,see the
# following page: https://dart.dev/tools/pub/pubspec
# The following section is specific to Flutter.
Flutter:
# The following line ensures that the Material Icons font is
# included with your application,so that you can use the icons in
# the material Icons class.
uses-material-design: true
# To add assets to your application,add an assets section,like this:
assets:
- assets/images/logo.png
- assets/images/lock_24px.png
- assets/images/email_24px.png
- assets/images/shopping_cart_48px.png
- assets/images/logo_2.jpg
- assets/images/fish1.png
- assets/images/fish2.png
- assets/icons/account-filled.png
- assets/icons/account-not_filled.png
- assets/icons/history-filled.png
- assets/icons/history-not_filled.png
- assets/icons/home-filled.png
- assets/icons/home-not_filled.png
- assets/icons/notifications-not_filled.png
- assets/icons/notifications-filled.png
- assets/images/loading_image2.gif
# An image asset can refer to one or more resolution-specific "variants",see
# https://Flutter.dev/assets-and-images/#resolution-aware.
# For details regarding adding assets from package dependencies,see
# https://Flutter.dev/assets-and-images/#from-packages
# To add custom fonts to your application,add a fonts section here,# in this "Flutter" section. Each entry in this list should have a
# "family" key with the font family name,and a "fonts" key with a
# list giving the asset and other descriptors for the font. For
# example:
fonts:
- family: Roboto
fonts:
- asset: fonts/Roboto-Regular.ttf
- asset: fonts/Roboto-Medium.ttf
- asset: fonts/Roboto-Bold.ttf
- family: Ma Shan Zheng
fonts:
- asset: fonts/MaShanZheng-Regular.ttf
# - family: Trajan Pro
# fonts:
# - asset: fonts/TrajanPro.ttf
# - asset: fonts/TrajanPro_Bold.ttf
# weight: 700
#
# For details regarding fonts from package dependencies,# see https://Flutter.dev/custom-fonts/#from-packages
这是怎么回事?我应该采取什么步骤?
解决方法
Internet权限具有正常的保护级别,并且不能在运行时授予。
来源:https://developer.android.com/reference/android/Manifest.permission#INTERNET
普通权限
普通权限涵盖了您的应用需要访问其沙盒外部的数据或资源的区域,但这些区域对用户的隐私或其他应用的操作造成的风险很小。例如,设置时区的权限是普通权限。
如果某个应用在其清单中声明需要正常权限,则系统会在安装时自动向该应用授予该权限。系统不会提示用户授予普通权限,并且用户无法撤消这些权限。
来源:https://developer.android.com/guide/topics/permissions/overview#normal_permissions
安全审核中的言论对我来说似乎不合适。