Device Permissions in ShopManager™

Owing to a very good question from Sven Brunk on Google+, about why ShopManager™ for OXID seeks the device-permissions it does during installation, we decided to be open about it, and document the reasons for seeking each one of those permissions in this blog-post.

This is one aspect we haven’t paid much attention to as we developed the app, casually helping ourselves all the device-access we needed. But we know better to appreciate users’ concerns about smartphone-apps gaining inappropriate access to user-data on the phone. So here we make a commitment that we will not take any access to the device that we do not absolutely need to enable a particular feature of ShopManager™.

These are the permissions that ShopManager™ requires in the current release 4.6 as of 01.01.16.

ShopManager OXID Permissions in Ver. 4.6


Location – Standort

There is a feature on the product-roadmap to help owners of the shops using ShopManager™ to determine how far they are separated from customers buying products from their online-shops. This helps them organize better logistics, and if applicable, offer pick-up services at physical-shops or warehouses (pickup-points).

Location information on Android is obtained using two methods:

  • WLAN/Network (GeoIP, coarse_location)
  • GPS localization (fine_location)

Phone – Telefon

Managers of online-shops can phone customers directly from the app, for example while reviewing an order, to offer support. This feature will stay.

Photos/Media/Files – Fotos/Medien/Dateien

ShopManager™ allows to access pictures from the device and apply them to article-data on the shop. This way shop-owners benefit from the ability to instantly upload pics from the the smartphone to the webshop.

Camera – Kamera

ShopManager™ allows to snap a picture of the product using the smartphone camera and allows for images to be uploaded to webshop instantly.

Device ID and Call Information – Geräte-ID & Anrufinformationen

This feature is required by Google Play to manage the app across multiple devices as also triggering ACRA (Application Crash Report for Android). These permissions will stay.

Contacts – Kontakte

Grants us access to address-book of the smartphone, which could help us reach new users virally.  This was an original feature-decision, which we will review in the next releases. Also this feature will be reviewed in next releases.

  • Access to Contacts / Kontakte has been removed in version 4.6.3

Identity – Identität

Grants us identity-information of users via our Google Play developer-account.  This was an original feature-decision, which we will review in the next releases.

Stay tuned to weekly releases on Google Play, and let us know what you think on the OXID eSales G+ Community.


Official System Permissions information for Android Developers