Skip to content

Latest commit

 

History

History
23 lines (16 loc) · 2.64 KB

mitigations.md

File metadata and controls

23 lines (16 loc) · 2.64 KB

Mitigation Strategies Analysis for google/accompanist

Mitigation Strategy: Contextual Permission Requests using PermissionsAccompanist

  • Description:

    1. Identify Feature-Permission Mapping: Clearly map each feature in your application to the specific permissions it requires.
    2. Use rememberPermissionState or rememberMultiplePermissionsState: In your Compose code, utilize PermissionsAccompanist composables like rememberPermissionState for single permissions or rememberMultiplePermissionsState for multiple permissions. These composables manage the permission state lifecycle within Compose.
    3. Request Permission on Feature Interaction: Trigger the permission request (using launchPermissionRequest() or launchMultiplePermissionRequest()) only when the user interacts with a UI element or navigates to a screen that necessitates the permission. This makes the request contextual.
    4. Provide Rationale Before Request: Before launching the permission request, display a clear and user-friendly rationale explaining why the permission is needed for the specific feature they are trying to use. This can be done using a dialog or inline UI elements.
    5. Handle Permission Result in Compose: Use the permissionState.status or multiplePermissionsState.permissions to react to the permission grant or denial within your Compose UI. Update UI elements or feature availability based on the permission status.

    • Threats Mitigated:

      • User Distrust (Low to Medium Severity): Upfront or unexplained permission requests can lead to user distrust and app abandonment. Contextual requests, facilitated by Accompanist, improve transparency and user understanding.
      • Permission Fatigue (Low Severity): Requesting permissions only when needed reduces user annoyance and the likelihood of users blindly granting permissions to dismiss prompts.

    • Impact:

      • User Distrust: Low to Medium Risk Reduction
      • Permission Fatigue: Low Risk Reduction

    • Currently Implemented: Unknown. Needs review of permission request implementation in the application, specifically looking for usage of PermissionsAccompanist composables for contextual requests.

    • Missing Implementation: Potentially missing if permissions are requested upfront at app launch or screen load, instead of being triggered by user interaction with features requiring those permissions, and if PermissionsAccompanist composables are not used to manage this contextual flow within Compose.