Total for Android app permissions

The table below describes the full list of Android permissions used by F‑Secure Total for Android. The actually used permissions depend on the software variant and the available features.

Android system permissions in general:

  • An Android app may have many permissions listed by Google Play, but that does not accurately reflect which permissions the app actually utilizes.

  • The permissions are bundled on high-level as Groups. A single group contains various permissions as sub-items.

  • When an app wants to use a single permission from a group, the app may obtain also permissions not actually used by the app.

Android permissions group

Permissions obtained from Group by app and usage per app feature(s)

Notifications

POST_NOTIFICATIONS
Used for permissions that are associated with posting notifications

  • Displaying information

  • Keeping application alive for continuous protection

Camera

CAMERA
Accessing camera and capturing images/video from the device

  • Pass­word Vault reads QR codes with device camera

Device & app history

PRELOAD
Preload websites

  • Safe browser capabilities

READ_HISTORY_BOOKMARKS
Read your Web bookmarks and history

  • Safe Browsing is observing changes in web history database for safeguarding the user from malicious web addresses

WRITE_HISTORY_BOOKMARKS
Write web bookmarks and history

  • Modifying history (web site titles) to be able detect users navigation (current web page) in web browser application

Location

ACCESS_COARSE_LOCATION
Approximate location (network-based)

  • Trusted Wi‑Fi capabilities

  • Allowing Safe Browser to provide location to sites if the user allows it

  • Safe Wi‑Fi feature requires location permission for detecting open Wi‑Fi connections

ACCESS_FINE_LOCATION
Precise location (GPS and network-based)

  • Trusted Wi‑Fi capabilities

  • Allowing Safe Browser to provide location to sites if the user allows it

  • Safe Wi‑Fi feature requires location permission for detecting open Wi‑Fi connections

Storage

MANAGE_EXTERNAL_STORAGE
All file access

  • Required for Antivirus functionality

READ_EXTERNAL_STORAGE
Accessing external storage

  • This is added automatically during manifest merge if WRITE_EXTERNAL_STORAGE permission is requested

WRITE_EXTERNAL_STORAGE
Erase USB storage, access USB storage filesystem, read the contents of your USB storage, modify or delete the contents of your USB storage

  • Antivirus, while scanning for malicious apps, is accessing also mass storage devices attached to device

  • Antivirus, when detecting a malicious app, can remove the malicious app from a mass storage device per user consent

Biometrics

USE_BIOMETRIC
Use device supported biometric modalities

  • Required for fingerprint authentication

USE_FINGERPRINT
Use fingerprint authentication

  • Pass­word Vault supports login with fingerprint

Device ID & call information

READ_PHONE_STATE
Read phone status and identity

  • App and service subscription including as metadata; Android ID on all devices

Wi‑Fi connection information

ACCESS_WIFI_STATE
View Wi‑Fi connections

  • Observing the Wi‑Fi networks visited by the device and displays a notification when a previously unvisited Wi‑Fi is visited for the first time

  • VPN trusted networks feature

CHANGE_WIFI_STATE
Connect and disconnect from Wi‑Fi
Wi‑Fi capabilities

  • VPN requires this for detecting P2P Wi‑Fi connections (does not actually change Wi‑Fi state)

Other

ACCESS_DOWN­LOAD_MANAGER, ACCESS_ALL_DOWN­LOADS, ACCESS_DOWN­LOAD_MANAGER_ADVANCED
Access download manager and notifications

  • Antivirus observes notifications for new app downloads, and access Downloads folder to access the downloaded apps for scanning

  • Safe Browser needs to be able to store files to Download folder when user chooses to download a file

ACCESS_NETWORK_STATE
View network connections

  • Optimizing network carrier (Wi‑Fi, mobile, roaming) for client-backend communication

ACTION_POWER_CONNECTED, ACTION_POWER_DISCONNECTED
Allows app to listen to whether external power has been connected or removed

  • App will be woken for these events

BIND_ACCESSIBILITY_SERVICE
Accessibility service

  • Used for Family Rules feature: Allowing a parent to protect child from unsuitable web content, and allowing a parent to apply device and apps usage restrictions for a child

  • Used for Chrome Protection feature: To protect user against malicious website

BIND_DEVICE_ADMIN
Android Device Administrator

  • Preventing children from removing the application without parental guidance, and for Browsing Protection

BIND_GET_INSTALL_REFERRER_SERVICE
Analytics

  • Required for continuous protection

BLUETOOTH
Connect to paired bluetooth devices

  • Bluetooth API is used for retrieving the user defined device name, as in Android the name is coupled to the Bluetooth service; Is not actually used for connecting to other devices

BIND_AUTOFILL_SERVICE
Ensures that only system can bind into autofill service

  • Required for Pass­word Vault capabilities

BIND_JOB_SERVICE
Protects the applications scheduled job services

  • Required for continuous protection

BIND_REMOTEVIEWS
Binding different remote views, such as lists or grids

  • Required for Safe Browser capabilities

BIND_VPN_SERVICE
Ensures that only system can bind into vpn service

  • Required for VPN capabilities

BILLING
Google Play billing service

  • The app may offer purchasable product upgrades as In-app purchases

CHECK_LICENSE
Google Play license check

  • Google Play license check used with In-app purchase functionality

DUMP
Allows an application to retrieve state dump information from system services

  • Required for diagnostics

DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
The app does not export dynamic receivers

  • Required for safer runtime receivers

FOREGROUND_SERVICE
From Android P, this is needed to allow the app to use foreground service

  • Foreground service is needed to keep the app running and protect the device

FOREGROUND_SERVICE_LOCATION
Allows use for foreground service with location type

  • Required for Family Rules, VPN and Safe Wi‑Fi capabilities

FOREGROUND_SERVICE_SPECIAL_USE
Allows special use for foreground service

  • Required for Family Rules

FOREGROUND_SERVICE_SYSTEM_EXEMPTED
Allows use for foreground service regardless of system settings

  • Required for Family Rules and for VPN

INSTALL_SHORTCUT
Install shortcuts

  • For installing Total and Safe browser shortcuts in Launcher

INTERNET
Receive data from Internet

  • Network access is required for retrieving app / service subscription status

  • Antivirus functionality

  • Safe Browsing

KILL_BACK­GROUND_PROCESSES
Close other apps

  • Parental Control to close blocked applications

NFC
Control Near Field Communication

  • Safe Browser allows sharing the URL of the current viewed browser page over NFC

QUERY_ALL_PACKAGES
Allows query of any normal app on the device, regardless of manifest declarations
Required for:

  • Antivirus

  • Family Rules (App control)

READ
Access all files

  • Required for Antivirus functionality

READ_CONTACTS
Allow application to read the contacts data

  • Required for SMS protection functionality so feature will only check messages received from unknown sender.

READ_SYNC_SETTINGS
Check status of sync settings

  • Safe Browser capabilities

RECEIVE
Receive cloud messaging

  • Required for continuous protection

RECEIVE_BOOT_COMPLETED
Run at start-up

  • Antivirus engine start-up at device start-up Antivirus performs device boot-time scan, when enabled by user in app settings

  • Antivirus feature, to be able to execute scan for external drives when device is booted

  • Safe Browsing feature must be running always to be able to monitor changes in web history database

  • Parental Control must be running always to be able to block unwanted applications

  • For starting VPN

RECEIVE_SMS
Receive incoming messages

  • Required for SMS Protection functionality so feature can detect spam messages and notify user.

REORDER_TASKS
Allows the application to change order of tasks

  • Required to automatically bring application to foreground

REQUEST_DELETE_PACKAGES
Allows the application to request deleting packages

  • To uninstall apps in the device

REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
Allows application to stay alive by ignoring battery optimizations

  • Required for continuous protection

REVOCATION_NOTIFICATION
Google Play permissions

  • Required for In-app purchase functionality

SCHEDULE_EXACT_ALARM
schedule exact alarms

  • Optional for VPN, requested only if needed

SEND
Send cloud messaging

  • Required for continuous protection

SEND_DOWNLOAD_COMPLETED_INTENTS
Notify app when a download has been completed

  • Required for Antivirus functionality

  • Safe browser functionality

SET_WALLPAPER
Set wallpaper

  • Safe Browser needs to be able to set wallpaper if user wishes to use an image opened in browser as a wallpaper

SYSTEM_ALERT_WINDOW
Draw overlays on top of other applications

  • Used for Chrome Protection: Allowing the app to display site's reputation on top of Chrome

UNINSTALL
Internal uninstall

  • Required for uninstalling Total internally

USE_EXT_API
External API communication

  • Required for continuous protection

USE_OVER_IPC
Internal app communication

  • Required for communication across process boundary

VIBRATE
Control vibration

  • Vibration used as a fall-back method for playing a sound for app notifications when device is set to vibrating mode

WAKE_LOCK
Prevent device from sleeping

  • Safe browser functionality

WRITE_SETTINGS
Modify system settings

  • System settings are modified for Parental Control (Accessibility, Device Administrator) per user consent

WRITE_SYNC_SETTINGS
Toggle sync on and off

  • Safe Browser Sync Adapter for URL autocomplete and suggestions