Our Android App’s Permissions Explained

Permissions

Starting on Android 6 (Marshmallow), Android has been improving and shaping permissions, adding more control to users and a better overview of what apps do with those permissions. Apps permissions are going in a direction of more transparency and security.

Still, it’s not always easy to understand why some permissions are needed some times. We at ottonova would like to clarify why we request some permissions and for what do we use them.

Permissions overview

The purpose of a permission is to protect the privacy of an Android user. Android apps must request permission to access sensitive user data (such as contacts and SMS), as well as certain system features (such as camera and internet). Depending on the feature, the system might grant the permission automatically or might prompt the user to approve the request.

Permissions are used to request system functionalities. Some permissions require user approval and some don’t. It depends on the protection level of the permission.
There are 4 levels of permissions: Normal, SignatureDangerous and special.
Additionally there are custom permissions that can be created to request app services access. Basically an app can declare these custom permissions so it can access another app or its own service.

Protection levels

Level Needs user approval? Description Example
Normal No Provides access to data or resources outside the app sandbox. Does not incur any risk to private data or other apps operations. WiFi state, Internet, Bluetooth, etc
Signature No These permissions are granted at install time. Apps that require these permissions need to be signed by the same certificate of the app that defines the permission. Battery stats, carrier services, etc
Dangerous Yes These permissions can provide access to sensitive data or resources or could potentially affect the user’s stored data or operations by other apps. The user must explicitly authorize the usage of these permissions. The app can only use a functionality that depends on these permissions after the user authorizes it. Read contacts, camera, capture audio, etc
Special / Privileged Yes Similar to dangerous permissions, but the authorization of these permissions is managed by Android Operating system. Apps should try to avoid using these permissions Write settings, system alert windows, etc

 

What permissions do we use?

Camera

Permission name: android.permission.CAMERA
Protection level: dangerous

One of the core features of the ottonova app, is that you can quickly scan an invoice or other document and quickly upload it to us. We could use the native camera and not request this permission, but then users would lose the features that we provide by using our in-app camera feature, that gives users automatic boundary/edge detection of documents and editing functions like cropping, rotating, etc.

Permission name: android.permission.FLASHLIGHT
Protection level: Normal

Used to turn the phone’s flashlight on or off for when users scan a document.

Storage

Permissions name: android.permission.READ_EXTERNAL_STORAGE, android.permission.WRITE_EXTERNAL_STORAGE
Protection level: dangerous

Besides scanning a document on the spot, users may also want to upload a document from their phone storage. This includes images or PDFs. That’s why we require this permission, so we can read an imported file from the external storage. This permission is not strictly necessary for users to upload invoices, it’s only necessary if you would like to import a file. We don’t scan the external storage, the implementation of this feature calls the default file picker on the phone, and most file picker apps that come with Android don’t actually require the caller app (ottonova in this case) to request this external storage permission, but unfortunately some do. That’s why we request this permission, so your experience as a user is as smooth as possible. Android 10 is introducing some changes to these permissions, an app won’t have to request access to all external storage anymore and will be able to only request access to media folders in the external storage.

Other app capabilities

Permissions name: android.permission.ACCESS_NETWORK_STATE, android.permission.ACCESS_WIFI_STATE, android.permission.INTERNET
Protection level: Normal

All of these permissions are related to the internet access. The INTERNET one is so we can perform operations that require internet and the other are just so we can know if we’re connected to a network or if we have internet at all.

Permission name: android.permission.WAKE_LOCK
Protection level: Normal

This permission allows an app to keep the phone awake for a certain amount of time. In ottonova’s app case, this is used by our tracking library (Firebase by Google) to keep the phone awake while Firebase communicates with google service to provide helpful app usage data to the server. Users can disable at any time app usage tracking, simply go to App settings > Notifications. If you disable tracking this permission won’t be used at all.

Permission name: android.permission.USE_FINGERPRINT
Protection level: Normal

With ottonova’s app, we have a pin screen to keep your data safe. You can either input a defined pin or use your fingerprint to unlock the app.

Permissions name: com.google.android.c2dm.permission.RECEIVE, com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
Protection level: Normal (Custom permission)

Both of these permissions are defined by Google. The RECEIVE is used to receive push notifications and the BIND_GET_INSTALL_REFERRER_SERVICE is used by Firebase to recognize where the app was installed from.

Permission name: android.permission.FOREGROUND_SERVICE
Protection level: Normal

When a document is being uploaded we use this permission so users can put the app to background while we finish the upload operation. Whenever this permission is used a notification is always shown.

Conclusion

Permissions are getting more transparent and users are getting more control over what apps can do. These are vital improvements to help keeping user data safe.
Still, we feel that there are some improvements to be made in this field. For instance, external storage is still not a very safe place to store sensitive data because other apps can access that data without system privileges just by requesting the external storage permission (it’s starting to change with Android 10), that’s one of the reasons we don’t store any sensitive user related data locally, all sensitive data is stored remotely in our servers. At ottonova we use only the bare minimum permissions that we can to make our app and services work, always keeping in mind potential vulnerabilities that could compromise our customers data.

We value transparency, that’s why we made this post.

We welcome changes made to improve app permissions and overall security regarding users data privacy. For example, Android 10 is introducing new permission scopes for external storage access, meaning that apps will be able to simply request access to media folders (i.e.: Images or Download folder). Also, although not used by ottonova, asking for location while on background will require user permission. There are more changes, to see further privacy changes on Android 10 see this link.

References