Owing to a very good question from Sven Brunk on Google+, about why ShopManager™ for OXID seeks the device-permissions it does during installation, we decided to be open about it, and document the reasons for seeking each one of those permissions in this blog-post.
This is one aspect we haven’t paid much attention to as we developed the app, casually helping ourselves all the device-access we needed. But we know better to appreciate users’ concerns about smartphone-apps gaining inappropriate access to user-data on the phone. So here we make a commitment that we will not take any access to the device that we do not absolutely need to enable a particular feature of ShopManager™.
These are the permissions that ShopManager™ requires in the current release 4.6 as of 01.01.16.
Location – Standort
There is a feature on the product-roadmap to help owners of the shops using ShopManager™ to determine how far they are separated from customers buying products from their online-shops. This helps them organize better logistics, and if applicable, offer pick-up services at physical-shops or warehouses (pickup-points).
Location information on Android is obtained using two methods:
- WLAN/Network (GeoIP, coarse_location)
GPS localization (fine_location)
- GPS-based fine_location was deprecated in version 4.6.6
Phone – Telefon
Managers of online-shops can phone customers directly from the app, for example while reviewing an order, to offer support. This feature will stay.
Photos/Media/Files – Fotos/Medien/Dateien
ShopManager™ allows to access pictures from the device and apply them to article-data on the shop. This way shop-owners benefit from the ability to instantly upload pics from the the smartphone to the webshop.
Camera – Kamera
ShopManager™ allows to snap a picture of the product using the smartphone camera and allows for images to be uploaded to webshop instantly.
Device ID and Call Information – Geräte-ID & Anrufinformationen
This feature is required by Google Play to manage the app across multiple devices as also triggering ACRA (Application Crash Report for Android). These permissions will stay.
Contacts – Kontakte
Grants us access to address-book of the smartphone, which could help us reach new users virally. This was an original feature-decision, which we will review in the next releases. Also this feature will be reviewed in next releases.
- Access to Contacts / Kontakte has been removed in version 4.6.3
Identity – Identität
Grants us identity-information of users via our Google Play developer-account. This was an original feature-decision, which we will review in the next releases.
- Access to the smartphone owner’s Identity / Identität has been removed effective version 4.6.6.
References
Official System Permissions information for Android Developers