{"id":6096,"date":"2026-04-16T14:57:44","date_gmt":"2026-04-16T14:57:44","guid":{"rendered":"https:\/\/stfcapital.org\/?page_id=6096"},"modified":"2026-04-16T14:57:44","modified_gmt":"2026-04-16T14:57:44","slug":"app-permissions","status":"publish","type":"page","link":"https:\/\/stfcapital.org\/index.php\/legal\/app-permissions\/","title":{"rendered":"App Permissions"},"content":{"rendered":"

<\/p>\n

\n
\n Document 02 of 04 \u00b7 Permissions<\/span><\/p>\n

Every permission the STF Capital app asks for, and why<\/em>.<\/h1>\n

\n Android gives applications a powerful but explicit permission model: if the app
\n wants to use your camera, read files from shared storage, deliver notifications
\n or wake up after your phone reboots, it must declare that intention in its
\n manifest and — for sensitive permissions — obtain your affirmative
\n consent at runtime. This document is the authoritative, plain-English explanation
\n of every permission STF Capital declares, why it is necessary, what the user
\n experience looks like, and what happens if you choose not to grant it.\n <\/p>\n

\n
Version<\/strong> 1.0<\/div>\n
Effective date<\/strong> 16 April 2026<\/div>\n
Manifest scope<\/strong> com.stfcapital.app<\/code><\/div>\n
Target API level<\/strong> 36 (Android 14+)<\/div>\n
Minimum API level<\/strong> 24 (Android 7.0)<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
\n
On this page<\/div>\n
    \n
  1. Principles we apply<\/a><\/li>\n
  2. At a glance<\/a><\/li>\n
  3. Network & connectivity<\/a><\/li>\n
  4. Camera<\/a><\/li>\n
  5. Media & files<\/a><\/li>\n
  6. Biometric authentication<\/a><\/li>\n
  7. Notifications<\/a><\/li>\n
  8. Boot & scheduling<\/a><\/li>\n
  9. Vibration<\/a><\/li>\n
  10. What we do not request<\/a><\/li>\n
  11. Runtime prompt experience<\/a><\/li>\n
  12. Revoking a permission<\/a><\/li>\n
  13. How it differs by Android version<\/a><\/li>\n
  14. Google Play Permissions Review alignment<\/a><\/li>\n
  15. What happens if you decline<\/a><\/li>\n
  16. A note on iOS<\/a><\/li>\n
  17. Questions<\/a><\/li>\n<\/ol><\/div>\n

    1. Principles we apply<\/h2>\n

    Three principles govern every permission declaration in the STF Capital mobile application. Each was formally adopted at the architectural design stage and is reviewed before every new feature is shipped.<\/p>\n

      \n
    1. Necessity.<\/strong> We request a permission only when there is a concrete feature in the shipping app that cannot function without it. Speculative permissions (“we might need it later”) are never declared.<\/li>\n
    2. Least privilege.<\/strong> Where Android offers a less sensitive alternative for the same feature we prefer it. For example, we use the modern READ_MEDIA_IMAGES<\/code> and READ_MEDIA_VIDEO<\/code> permissions on Android 13+ instead of the blanket READ_EXTERNAL_STORAGE<\/code>.<\/li>\n
    3. Graceful degradation.<\/strong> If you deny a permission we request, the feature that needed it tells you so in a calm, non-nagging message and continues to offer whatever else the app can still do. You will not be locked out of the application because you declined a permission.<\/li>\n<\/ol>\n

      2. At a glance<\/h2>\n

      The table below lists every permission declared in the application’s AndroidManifest.xml<\/code>. Dangerous<\/span> permissions require a runtime prompt; Normal<\/span> permissions are granted at install time; Optional<\/span> entries are feature declarations rather than permissions.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
      Permission<\/th>\nType<\/th>\nFeature that uses it<\/th>\n<\/tr>\n<\/thead>\n
      INTERNET<\/code><\/td>\nNormal<\/span><\/td>\nTalking to the Supabase backend; delivering push notifications<\/td>\n<\/tr>\n
      ACCESS_NETWORK_STATE<\/code><\/td>\nNormal<\/span><\/td>\nDetecting online\/offline state to queue work gracefully<\/td>\n<\/tr>\n
      CAMERA<\/code><\/td>\nDangerous<\/span><\/td>\nPhotographing supporting documents and optional profile photo<\/td>\n<\/tr>\n
      READ_MEDIA_IMAGES<\/code><\/td>\nDangerous<\/span><\/td>\nSelecting document images from your photo library (Android 13+)<\/td>\n<\/tr>\n
      READ_MEDIA_VIDEO<\/code><\/td>\nDangerous<\/span><\/td>\nSelecting supporting video files (Android 13+)<\/td>\n<\/tr>\n
      READ_EXTERNAL_STORAGE<\/code><\/td>\nDangerous<\/span><\/td>\nDocument selection on Android 12 and below only<\/td>\n<\/tr>\n
      WRITE_EXTERNAL_STORAGE<\/code><\/td>\nDangerous<\/span><\/td>\nCached exports on Android 12 and below only<\/td>\n<\/tr>\n
      USE_BIOMETRIC<\/code><\/td>\nDangerous<\/span><\/td>\nFingerprint\/face unlock after opt-in<\/td>\n<\/tr>\n
      POST_NOTIFICATIONS<\/code><\/td>\nDangerous<\/span><\/td>\nPush and local notifications (Android 13+)<\/td>\n<\/tr>\n
      VIBRATE<\/code><\/td>\nNormal<\/span><\/td>\nHaptic feedback on notifications<\/td>\n<\/tr>\n
      RECEIVE_BOOT_COMPLETED<\/code><\/td>\nNormal<\/span><\/td>\nRestoring scheduled notifications after reboot<\/td>\n<\/tr>\n
      SCHEDULE_EXACT_ALARM<\/code><\/td>\nNormal<\/span><\/td>\nPrecise timing of local notifications<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

      3. Network & connectivity<\/h2>\n

      3.1  INTERNET<\/code><\/h3>\n

      Why.<\/strong> Every meaningful action — signing in, reading your application list, uploading a document, receiving a clarification from your advisor — requires a network call to Supabase or to Google’s Firebase Cloud Messaging servers.<\/p>\n

      How we scope it.<\/strong> Traffic is forced over TLS 1.3. Cleartext HTTP is disabled at OS level through network_security_config.xml<\/code> and android:usesCleartextTraffic="false"<\/code>.<\/p>\n

      3.2  ACCESS_NETWORK_STATE<\/code><\/h3>\n

      Why.<\/strong> The connectivity_plus<\/code> plugin uses this to tell the app whether you are on Wi-Fi, mobile data or offline, so we can queue uploads, show an offline banner and retry automatically.<\/p>\n

      What we do not do.<\/strong> This permission does not give the app visibility into SSID, MAC address or IP address of your network.<\/p>\n

      4. Camera — CAMERA<\/code><\/h2>\n

      Why.<\/strong> Two places in the app capture a camera image: the Documents upload flow (photographing a KYC document) and the Profile Photo flow. Both are triggered only by an explicit “Use camera” tap; no background capture occurs.<\/p>\n

      How.<\/strong> The system camera intent is launched via the image_picker<\/code> Flutter plugin — STF Capital does not read the raw camera sensor stream.<\/p>\n

      If you decline.<\/strong> The “Use camera” option is hidden; library uploads continue to work.<\/p>\n

      5. Media & files<\/h2>\n

      5.1  READ_MEDIA_IMAGES<\/code> and READ_MEDIA_VIDEO<\/code> (Android 13+)<\/h3>\n

      Modern per-type permissions for the photo picker. Only requested for the upload feature; audio and arbitrary MIME types are not requested.<\/p>\n

      5.2  READ_EXTERNAL_STORAGE<\/code> and WRITE_EXTERNAL_STORAGE<\/code> (Android 12 and below)<\/h3>\n

      Both carry android:maxSdkVersion="32"<\/code>, so Android does not grant them on API 33+. Legacy permissions active only on devices that need them.<\/p>\n

      5.3  File validation and size limits<\/h3>\n