SelfUpdater added?

[IzzySoft]

With the latest release, our scanners yield

! repo/org.listenbrainz.android_65.apk declares sensitive permission(s):
  android.permission.QUERY_ALL_PACKAGES android.permission.REQUEST_INSTALL_PACKAGES

And looking at the release notes, I see

Feat: App Updates

Are those entirely opt-in, and explaining the implications before being turned on? Because otherwise, this would conflict with the IzzyOnDroid App Inclusion Policy (and with F-Droid's as well):

[an app] must not download additional executable binary files (e.g. addons, auto-updates, etc.) without explicit user consent. Consent means it needs to be opt-in (it must not be harder to decline than to accept or presented in a way users are likely to press accept without reading) and structured in a way that clearly explains to users that they’re choosing to bypass the checks performed in this repo if they activate it.

Further, what is QUERY_ALL_PACKAGES used for?

[07jasjeet]

1. App updates are entirely opt-in. If the user wants to install the app, they may or may not. We show them a dialog before proceeding. You can see the dialog in the video linked in this PR: Feat: App Updates #576
2. QUERY_ALL_PACKAGES permission is used for Listen Submission where we require user to declare apps for listen submission ahead of time rather than after discovering an app. This avoids accidental submissions. Addition of this permission has got us into problems with GPlay, so could be removed in future if we find a workaround.

[IzzySoft]

1. The video only shows that updating itself is opt-in, not the update check itself. It's well explains what happens, though – but what is missing are the implications, namely that this update bypasses the security checks performed in our repo, and where the update is coming from. Could that please be added to the explanation, and the update check itself be made opt-in (it's fine to ask at first launch whether to enable it)?
2. Thanks! Explanation added. Should you find a work around, it will be removed when you remove the permission of course. And I wonder that the updater doesn't give you trouble with Play as well; might be an idea to provide a flavor without the updater, which then can used by repositories like ours, and app stores – and even Obtainium, as why have multiple checks running simultaneously for the same thing 😉