From c70bfdc5a4774f1d159a6f98524daed1076c73df Mon Sep 17 00:00:00 2001
From: agnostic-apollo <31106828+agnostic-apollo@users.noreply.github.com>
Date: Thu, 8 Apr 2021 17:47:56 +0500
Subject: [PATCH] Add RUN_COMMAND Intent page privacy info

---
 RUN_COMMAND-Intent.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/RUN_COMMAND-Intent.md b/RUN_COMMAND-Intent.md
index 4cb2c18..b375075 100644
--- a/RUN_COMMAND-Intent.md
+++ b/RUN_COMMAND-Intent.md
@@ -246,6 +246,13 @@ If your third-party app is targeting sdk `30` (android `11`), then it needs to a
 Check [package-visibility](https://developer.android.com/training/basics/intents/package-visibility#package-name), `QUERY_ALL_PACKAGES` [googleplay policy](https://support.google.com/googleplay/android-developer/answer/10158779) and this [article](https://medium.com/androiddevelopers/working-with-package-visibility-dc252829de2d) for more info.
 ##
 
+
+
+### Privacy
+
+If a third party app ran a termux command for a user, then it can get the session transcript back for the terminal session, and `stdout`/`stderr` for background commands using `PendingIntent`. Even with the dual `RUN_COMMAND` permission and `allow-external-app` requirement, this may not be something that the user wants, since it could give the 3rd party app access to private user data. So use this wisely. In future, a whitelist/blacklist may be implemented to give further control to the user for which app's can get the result back or show prompts before running commands. Although, the 3rd party app can still use physical files or intents inside the commands run to get the result back, but this can likely be solved by approving a script before its run each time or permanently by storing the script hash in an internal termux database.
+##
+
 [`TermuxConstants`]: https://github.com/termux/termux-app/tree/master/termux-shared/src/main/java/com/termux/shared/termux/TermuxConstants.java
 [`termux-shared`]: https://github.com/termux/termux-app/tree/master/termux-shared