App Permissions
The following is the list of important permissions asked by the Retail-secure(formerly MobiLock) Android
app in order to function properly,
some other miscellaneous permissions are excluded from this list for brevity:
- App Usage Statistics *: From Android 5.1 onwards this permission is asked to know
which application is
currently running, this allows us to determine whether the currently running app is Whitelisted or
not. Also this same
permission is also used to calculate Mobile Data consumption of each allowed app.
- Device Admin: Device Admin permission is asked for better security and the ability
to apply security
policies in the future. We recommend customers to make Retail-secure(formerly MobiLock) as
Device Admin so that in future new security
policies can be applied seamlessly. For EMM devices Device Owner permission is
mandatory.
- Draw Over Other Apps *: This permission enables Retail-secure(formerly MobiLock) to
show a custom “status bar” to prevent users
from using Notification dropdown and deactivate location and other features without admin
intervention. Note that this
permission is not asked or required from Android 8.0 onwards.
- Accessibility and Notification Service *: Notification permission is used by
Retail-secure(formerly MobiLock) to show a “special” badge
over icons in Kiosk mode if there are pending notifications for the app. Retail-secure(formerly
MobiLock) does NOT read the content of the
notification and nor it is sent to server. It can be globally turned off from “Global Settings” in
dashboard. The
accessibility permission is used to show a “transparent” status bar if that is enabled as part of
the branding, also
this same setting is used to disable unauthorized “Safe Mode” exit if user attempts one and
Retail-secure(formerly MobiLock) detects it.
- Samsung KNOX *: Samsung KNOX integration allows Retail-secure(formerly MobiLock) to
provide more secure Kiosk environment in samsung
devices. This permission is only asked in Samsung Devices. The list of security restrictions
applicable for Samsung
KNOX enabled devices can be found in Enterprise → Secure Settings in Retail-secure(formerly
MobiLock) dashboard.
- LG Guard *: A special application that makes use of LG Guard SDK features, only
applicable for LG manufactured and
supported devices, this integration is the result of our partnership with LG which lets us provide
more secure Kiosk
environment in LG Devices.
- Read phone State and Identity *: This permission is used to access SIM card
information like IMEI, IMSI etc
which is later shown on the dashboard or provided as part of CSV export to account Admins.
- Camera *: Camera permission is required for “Security Incidents”, this is an
optional permission and not used
until the “Security Incident logging” is enabled in Dashboard. This feature primarily used to take
user picture if
they are attempting a brute force exit of the Kiosk mode by repeatedly trying different exit
passcodes.
- Wifi and Cell Info *: Retail-secure(formerly MobiLock) provides an ability to add /
configure Wifi networks remotely from the dashboard.
The app also uses this permission to determine whether the device is connected to a network and if
the network is a
high-speed connection.
- Contacts and Identity *: Retail-secure(formerly MobiLock) creates its own Account
which can be found under System Settings → Accounts
to sync data with the Server. Retail-secure(formerly MobiLock) does NOT read, write or modify device
Contacts in any way and it is never synced
with the Server.
All permissions marked * are mandatory.