I am fully aware of what vpn services to use and not. I am not using Express VPN, I am simply doing research for a master thesis, when I came across these results from Express VPN. If you have any ideas or corrections, please let me know why a VPN provider would need to have access to these permissions.
Screenshot is from Exodus service, which let’s you view what exactly perimissions and trackers each app uses. You can check out the results and the tool for yourself here: https://reports.exodus-privacy.eu.org/en/reports/com.expressvpn.vpn/latest/
Camera could be taking pictures of QR codes to make it easier to set up a VPN.
Bluetooth could be integration with things like Yubikeys for authentication.
Dunno if that’s what they’re actually for, though.
Best practices would not require camera permissions to scan qr codes.
Scan barcodes
Android includes support for the Google Code Scanner API, powered by Google Play services, which allows you to decode barcodes without declaring any camera permissions. This API helps preserve user privacy and makes it less likely that you need to create a custom UI for your barcode-scanning use case.
The API scans the barcode and only returns the scan results to your app. Images are processed on-device, and Google doesn’t store any data or scan results.
https://developer.android.com/privacy-and-security/minimize-permission-requests
This should not need GMS. This is the flaw with it.
I think you can use some of microG’s APIs without connecting it to google.
It’s just not implemented yet: https://github.com/microg/GmsCore/issues/2018
That’s good, but this post is encouraging wrong conclusion. Camera permission is not the problem, instead the problem is VPN having nothing to do with camera. Using VPN configuration files should be the way, or logging into an account securely (ExpressVPN in this case).
