Total for Android app permissions

The table below describes the full list of Android permissions used by F‑Secure Total for Android. The actually used permissions depend on the software variant and the available features.

Android system permissions in general:

An Android app may have many permissions listed by Google Play, but that does not accurately reflect which permissions the app actually utilizes.
The permissions are bundled on high-level as Groups. A single group contains various permissions as sub-items.
When an app wants to use a single permission from a group, the app may obtain also permissions not actually used by the app.

Android permissions group	Permissions obtained from Group by app and usage per app feature(s)
Notifications	POST_NOTIFICATIONS Used for permissions that are associated with posting notifications Displaying information Keeping application alive for continuous protection
Camera	CAMERA Accessing camera and capturing images/video from the device Password Vault reads QR codes with device camera Will be removed from the final manifest by CBP script if “Key” is not included in the build
Location	ACCESS_COARSE_LOCATION Approximate location (network-based) Trusted Wi‑Fi capabilities Safe Wi‑Fi feature requires location permission for detecting open Wi‑Fi connections ACCESS_FINE_LOCATION Precise location (GPS and network-based) Trusted Wi‑Fi capabilities Safe Wi‑Fi feature requires location permission for detecting open Wi‑Fi connections
Storage	MANAGE_EXTERNAL_STORAGE All file access Required for Antivirus functionality READ_EXTERNAL_STORAGE Accessing external storage This is added automatically during manifest merge if WRITE_EXTERNAL_STORAGE permission is requested maxSdkVersion = 32 WRITE_EXTERNAL_STORAGE Erase USB storage, access USB storage filesystem, read the contents of your USB storage, modify or delete the contents of your USB storage Antivirus, while scanning for malicious apps, is accessing also mass storage devices attached to device Antivirus, when detecting a malicious app, can remove the malicious app from a mass storage device per user consent maxSdkVersion = 29
Biometrics	USE_BIOMETRIC Use device supported biometric modalities Required for fingerprint authentication USE_FINGERPRINT Use fingerprint authentication Password Vault supports login with fingerprint
Device ID & call information	READ_PHONE_STATE Read phone status and identity App and service subscription including as metadata; Android ID on all devices
Wi‑Fi connection information	ACCESS_WIFI_STATE View Wi‑Fi connections Observing the Wi‑Fi networks visited by the device and displays a notification when a previously unvisited Wi‑Fi is visited for the first time VPN trusted networks feature CHANGE_WIFI_STATE Connect and disconnect from Wi‑Fi Wi‑Fi capabilities VPN requires this for detecting P2P Wi‑Fi connections (does not actually change Wi‑Fi state)
Other	ACCESS_DOWNLOAD_MANAGER, ACCESS_ALL_DOWNLOADS, ACCESS_DOWNLOAD_MANAGER_ADVANCED Access download manager and notifications Antivirus observes notifications for new app downloads, and access Downloads folder to access the downloaded apps for scanning ACCESS_NETWORK_STATE View network connections Optimizing network carrier (Wi‑Fi, mobile, roaming) for client-backend communication ACTION_POWER_CONNECTED, ACTION_POWER_DISCONNECTED Allows app to listen to whether external power has been connected or removed App will be woken for these events BILLING Google Play billing service The app may offer purchasable product upgrades as in-app purchases BIND_ACCESSIBILITY_SERVICE Accessibility service Used for Chrome Protection feature, to protect user against malicious website BIND_AUTOFILL_SERVICE Ensures that only system can bind into autofill service Required for Password Vault capabilities BIND_DEVICE_ADMIN Android Device Administrator Preventing children from removing the application without parental guidance, and for Browsing Protection BIND_GET_INSTALL_REFERRER_SERVICE Analytics Required for continuous protection BIND_JOB_SERVICE Protects the applications scheduled job services Required for continuous protection BIND_QUICK_SETTINGS_TILE Makes VPN on/off tile available in Android quick settings panel when VPN included in the app Required for VPN quick settings tile BIND_VPN_SERVICE Ensures that only system can bind into VPN service Required for VPN capabilities Content filtering capabilities CHECK_LICENSE Google Play license check Google Play license check used with in-app purchase functionality DUMP Allows an application to retrieve state dump information from system services Required for diagnostics DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION The app does not export dynamic receivers Required for safer runtime receivers FOREGROUND_SERVICE From Android P, this is needed to allow the app to use foreground service Foreground service is needed to keep the app running and protect the device FOREGROUND_SERVICE_LOCATION Allows use for foreground service with location type Required for VPN and Safe Wi‑Fi capabilities FOREGROUND_SERVICE_SPECIAL_USE Allows special use for foreground service Required for Antivirus, Chrome Protection and VPN FOREGROUND_SERVICE_SYSTEM_EXEMPTED Allows use for foreground service regardless of system settings Required for VPN INTERNET Receive data from Internet Network access is required for retrieving app / service subscription status Antivirus functionality Content filtering functionality KILL_BACKGROUND_PROCESSES Close other apps Parental Control to close blocked applications NFC Control Near Field Communication Safe Browser allows sharing the URL of the current viewed browser page over NFC QUERY_ALL_PACKAGES Allows query of any normal app on the device, regardless of manifest declarations Required for Antivirus Required for Password Vault READ Access all files Required for Antivirus functionality READ_CONTACTS Allow application to read the contacts data Required for SMS protection functionality so feature will only check messages received from unknown sender RECEIVE Receive cloud messaging Required for continuous protection RECEIVE_BOOT_COMPLETED Run at start-up Antivirus engine start-up at device start-up Antivirus performs device boot-time scan, when enabled by user in app settings Antivirus feature, to be able to execute scan for external drives when device is booted Safe Browsing feature must be running always to be able to monitor changes in web history database For starting VPN RECEIVE_SMS Receive incoming messages Required for SMS Protection functionality so feature can detect spam messages and notify user REQUEST_DELETE_PACKAGES Allows the application to request deleting packages To uninstall apps in the device REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Allows application to stay alive by ignoring battery optimizations Required for continuous protection REVOCATION_NOTIFICATION Google Play permissions Required for in-app purchase functionality SCHEDULE_EXACT_ALARM Schedule exact alarms Optional for VPN, requested only if needed SEND Send cloud messaging Required for continuous protection SEND_DOWNLOAD_COMPLETED_INTENTS Notify app when a download has been completed Required for Antivirus functionality Safe browser functionality SYSTEM_ALERT_WINDOW Draw overlays on top of other applications Used for Chrome Protection: Allowing the app to display site’s reputation on top of Chrome UNINSTALL Internal uninstall Required for uninstalling Total internally USE_EXT_API External API communication Required for continuous protection USE_OVER_IPC Internal app communication Required for communication across process boundary VIBRATE Control vibration Vibration used as a fallback method for playing a sound for app notifications when device is set to vibrating mode