From time to time we receive an email asking about the security settings in android. What do they mean? Why does Key Ring need this type of access etc? Honestly, the security warnings are confusing to say the least and are often misunderstood. If wasn’t so involved with mobile apps I’d be confused as well. So, I figured I’d write a quick post outlining what each warning means and why Key Ring needs access.
- Network Communication ~ Key Ring uses an internet connection to download the most current retailer data when you add or edit a card. Internet access is also required so users can sync updates made between my.keyringapp.com and the Key Ring Reward Cards mobile app.
- Your Location ~ This is likely the most concerning warning to users. Key Ring needs location information for a couple of reasons. First, we use it for statistical data that we aggregate together so we know where our highest concentration of users reside. Second, we use location information to trigger location based offers such as coupons. We do not associate a location with your personal information.
- Phone Calls ~ First of all, the name of the security warning is completely irrelevant and it makes it appear Key Ring is tracking your phone calls! We’re not, we would never want to, or need to. What this warning means is that we identify each user by their IMEI (serial number of the phone). We track IMEI for a couple reasons. First, we use it for security reasons to make sure each user making a request to our server is legitimate. Second, we use it to identify phones for remote backup of your accounts. This helps avoid additional security issues so people can’t hack your account.
- System Tools ~ This setting is required so you can adjust the screen brightness and to prevent the screen from dimming when you view a card.
- Storage ~ We use the SD card to store barcode images and logos.
- Hardware Controls ~ Our barcode scanner uses the phones camera to scan barcodes.
- Boot ~ In this case the permission does not start the app, nor does it start a service. What happens is when the phone restarts it notifies our app so that we can re-register our notification system with the Android alarm service.Notifications are sent out periodically by stores, but you can disable them under the app settings and it won’t run at all. We still need the permission though b/c rebooting the phone will unregister Key Ring from the Android alarm service.
On an administrative note, I used to specialize in information security in a previous career. Having an information security background helps ensure we follow industry best security practices. Hopefully this will help give you peace of mind.