Total for Android app permissions

The table below describes the full list of Android permissions used by F‑Secure Total for Android. The actually used permissions depend on the software variant and the available features.

Android system permissions in general:

  • An Android app may have many permissions listed by Google Play, but that does not accurately reflect which permissions the app actually utilizes.

  • The permissions are bundled on high-level as Groups. A single group contains various permissions as sub-items.

  • When an app wants to use a single permission from a group, the app may obtain also permissions not actually used by the app.

Android permissions groupPermissions obtained from Group by app and usage per app feature(s)
NotificationsPOST_NOTIFICATIONS
Used for permissions that are associated with posting notifications
  • Displaying information
  • Keeping application alive for continuous protection
CameraCAMERA
Accessing camera and capturing images/video from the device
  • Pass­word Vault reads QR codes with device camera
Device & app historyPRELOAD
Preload websites
  • Safe browser capabilities
READ_HISTORY_BOOKMARKS
Read your Web bookmarks and history
  • Safe Browsing is observing changes in web history database for safeguarding the user from malicious web addresses
WRITE_HISTORY_BOOKMARKS
Write web bookmarks and history
  • Modifying history (web site titles) to be able detect users navigation (current web page) in web browser application
LocationACCESS_COARSE_LOCATION
Approximate location (network-based)
  • Trusted Wi‑Fi capabilities
ACCESS_FINE_LOCATION
Precise location (GPS and network-based)
  • Trusted Wi‑Fi capabilities
StorageMANAGE_EXTERNAL_STORAGE
All file access
  • Required for Antivirus functionality
READ_EXTERNAL_STORAGE
Accessing external storage
  • This is added automatically during manifest merge if WRITE_EXTERNAL_STORAGE permission is requested
WRITE_EXTERNAL_STORAGE
Erase USB storage, access USB storage filesystem, read the contents of your USB storage, modify or delete the contents of your USB storage
  • Antivirus, while scanning for malicious apps, is accessing also mass storage devices attached to device
  • Antivirus, when detecting a malicious app, can remove the malicious app from a mass storage device per user consent
BiometricsUSE_BIOMETRIC
Use device supported biometric modalities
  • Required for fingerprint authentication
USE_FINGERPRINT
Use fingerprint authentication
  • Pass­word Vault supports login with fingerprint
Device ID & call informationREAD_PHONE_STATE
Read phone status and identity
  • App and service subscription including as metadata; Android ID on all devices
Wi‑Fi connection informationACCESS_WIFI_STATE
View Wi‑Fi connections
  • Observing the Wi‑Fi networks visited by the device and displays a notification when a previously unvisited Wi‑Fi is visited for the first time
  • VPN trusted networks feature
CHANGE_WIFI_STATE
Connect and disconnect from Wi‑Fi
Wi‑Fi capabilities
  • VPN requires this for detecting P2P Wi‑Fi connections (does not actually change Wi‑Fi state)
OtherACCESS_DOWN­LOAD_MANAGER, ACCESS_ALL_DOWN­LOADS, ACCESS_DOWN­LOAD_MANAGER_ADVANCED
Access download manager and notifications
  • Antivirus observes notifications for new app downloads, and access Downloads folder to access the downloaded apps for scanning
  • Safe Browser needs to be able to store files to Download folder when user chooses to download a file
ACCESS_NETWORK_STATE
View network connections
  • Optimizing network carrier (Wi‑Fi, mobile, roaming) for client-backend communication
ACTION_POWER_CONNECTED, ACTION_POWER_DISCONNECTED
Allows app to listen to whether external power has been connected or removed
  • App will be woken for these events
BIND_ACCESSIBILITY_SERVICE
Accessibility service
  • Used for Family Rules feature: Allowing a parent to protect child from unsuitable web content, and allowing a parent to apply device and apps usage restrictions for a child
  • Used for Chrome Protection feature: To protect user against malicious website
BIND_DEVICE_ADMIN
Android Device Administrator
  • Preventing children from removing the application without parental guidance, and for Browsing Protection
BIND_GET_INSTALL_REFERRER_SERVICE
Analytics
  • Required for continuous protection
BLUETOOTH
Connect to paired bluetooth devices
  • Bluetooth API is used for retrieving the user defined device name, as in Android the name is coupled to the Bluetooth service; Is not actually used for connecting to other devices
BIND_AUTOFILL_SERVICE
Ensures that only system can bind into autofill service
  • Required for Pass­word Vault capabilities
BIND_JOB_SERVICE
Protects the applications scheduled job services
  • Required for continuous protection
BIND_REMOTEVIEWS
Binding different remote views, such as lists or grids
  • Required for Safe Browser capabilities
BIND_VPN_SERVICE
Ensures that only system can bind into vpn service
  • Required for VPN capabilities
BILLING
Google Play billing service
  • The app may offer purchasable product upgrades as In-app purchases
CHECK_LICENSE
Google Play license check
  • Google Play license check used with In-app purchase functionality
DUMP
Allows an application to retrieve state dump information from system services
  • Required for diagnostics
DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
The app does not export dynamic receivers
  • Required for safer runtime receivers
FOREGROUND_SERVICE
From Android P, this is needed to allow the app to use foreground service
  • Foreground service is needed to keep the app running and protect the device
FOREGROUND_SERVICE_LOCATION
Allows use for foreground service with location type
  • Required for Family Rules and for VPN
FOREGROUND_SERVICE_SPECIAL_USE
Allows special use for foreground service
  • Required for Family Rules
FOREGROUND_SERVICE_SYSTEM_EXEMPTED
Allows use for foreground service regardless of system settings
  • Required for Family Rules and for VPN
INSTALL_SHORTCUT
Install shortcuts
  • For installing Total and Safe browser shortcuts in Launcher
INTERNET
Receive data from Internet
  • Network access is required for retrieving app / service subscription status
  • Antivirus functionality
  • Safe Browsing
KILL_BACK­GROUND_PROCESSES
Close other apps
  • Parental Control to close blocked applications
NFC
Control Near Field Communication
  • Safe Browser allows sharing the URL of the current viewed browser page over NFC
QUERY_ALL_PACKAGES
Allows query of any normal app on the device, regardless of manifest declarations
Required for:
  • Antivirus
  • Family Rules (App control)
READ
Access all files
  • Required for Antivirus functionality
READ_SYNC_SETTINGS
Check status of sync settings
  • Safe Browser capabilities
RECEIVE
Receive cloud messaging
  • Required for continuous protection
RECEIVE_BOOT_COMPLETED
Run at start-up
  • Antivirus engine start-up at device start-up Antivirus performs device boot-time scan, when enabled by user in app settings
  • Antivirus feature, to be able to execute scan for external drives when device is booted
  • Safe Browsing feature must be running always to be able to monitor changes in web history database
  • Parental Control must be running always to be able to block unwanted applications
  • For starting VPN
REORDER_TASKS
Allows the application to change order of tasks
  • Required to automatically bring application to foreground
REQUEST_DELETE_PACKAGES
Allows the application to request deleting packages
  • To uninstall apps in the device
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
Allows application to stay alive by ignoring battery optimizations
  • Required for continuous protection
REVOCATION_NOTIFICATION
Google Play permissions
  • Required for In-app purchase functionality
SEND
Send cloud messaging
  • Required for continuous protection
SEND_DOWNLOAD_COMPLETED_INTENTS
Notify app when a download has been completed
  • Required for Antivirus functionality
  • Safe browser functionality
SET_WALLPAPER
Set wallpaper
  • Safe Browser needs to be able to set wallpaper if user wishes to use an image opened in browser as a wallpaper
UNINSTALL
Internal uninstall
  • Required for uninstalling Total internally
USE_EXT_API
External API communication
  • Required for continuous protection
USE_OVER_IPC
Internal app communication
  • Required for communication across process boundary
VIBRATE
Control vibration
  • Vibration used as a fall-back method for playing a sound for app notifications when device is set to vibrating mode
WAKE_LOCK
Prevent device from sleeping
  • Safe browser functionality
WRITE_SETTINGS
Modify system settings
  • System settings are modified for Parental Control (Accessibility, Device Administrator) per user consent
WRITE_SYNC_SETTINGS
Toggle sync on and off
  • Safe Browser Sync Adapter for URL autocomplete and suggestions