Publish privacy policy page and strip merged INTERNET permission#22
Merged
Conversation
Add the /privacy-policy route to the web showcase so the Play Console listing has its required public privacy policy URL. The page renders the full policy from the local drafting source with the developer location, contact email, and effective date filled in, and is linked from the site footer. Stripping INTERNET and ACCESS_NETWORK_STATE with tools:node remove fixes a merged manifest gap: the Play Services base libraries riding on the bundled ML Kit face detection dependency merged both permissions into the release APK, which would have surfaced on the Play listing and contradicted the policy. The bundled model needs no network, so the strip is behaviorally inert. Verified with aapt dump permissions against the rebuilt release APK: CAMERA and RECORD_AUDIO remain the only runtime permissions. Unit suite unchanged at 458 passing, 4 skipped.
The policy stated files/voice-audio/ but both ADR 0006 and the code use files/audio_traces/. Code review caught the mismatch against the ratified ADR path; the published page must name the directory the app actually uses.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds the /privacy-policy route to the web showcase, rendering the full BaselineMS privacy policy at a public URL for the Play Console listing (Step 7 of the setup runbook). The page mirrors the methodology page pattern (static export, prose-doc styling) and is linked from the site footer. Developer location, contact email, and the effective date are filled in.
Why the manifest change rides along
The policy's strongest claim is that the Play listing shows no INTERNET permission. Inspecting the release merged manifest showed that the Play Services base libraries (transitive via the bundled ML Kit face detection dependency from the vision test) merge android.permission.INTERNET and android.permission.ACCESS_NETWORK_STATE into the final APK, which the Play listing would display. The source manifest was always clean; the gap was at the manifest merge level.
Two tools:node="remove" entries strip both permissions from the merge. The bundled ML Kit model performs inference locally and needs no network, so the strip is behaviorally inert. This restores the no network egress guarantee at the OS layer and makes the published policy accurate.
Verification