You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/Android-Manifest-Permissions.md
+12-7Lines changed: 12 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,13 +17,18 @@ reload.
17
17
18
18
| Permission | Status | Justification |
19
19
| --- | --- | --- |
20
-
|`android.permission.POST_NOTIFICATIONS`| Keep | Required on Android 13+ for OnTime reminder, preparation-step, and alarm notifications. Native alarm fallback also checks this permission before posting the full-screen alarm notification. |
20
+
|`android.permission.POST_NOTIFICATIONS`| Keep | Required on Android 13+ for OnTime reminder, preparation-step, and alarm notifications. Native alarm handling also checks this permission before posting alarm notifications. |
21
21
|`android.permission.SCHEDULE_EXACT_ALARM`| Keep | Required on Android 12+ for user-scheduled schedule alarms that must fire at the selected time. Native alarm scheduling checks `AlarmManager.canScheduleExactAlarms()` before using `setAlarmClock`. |
22
-
|`android.permission.USE_FULL_SCREEN_INTENT`| Keep | Required for the user-scheduled alarm ringing notification to present `AlarmRingingActivity` as a full-screen alarm experience. Usage is tied to alarm-category notifications, not generic or promotional notifications. |
23
22
|`android.permission.RECEIVE_BOOT_COMPLETED`| Keep | Required for `NativeAlarmBootReceiver` to restore persisted future native alarms after device restart. The receiver is not exported. |
24
23
|`android.permission.VIBRATE`| Keep | Required so alarm and notification channels can use vibration behavior for time-sensitive reminders and alarms. |
25
24
26
-
No unused app-owned release permission was found during the audit.
25
+
No unused app-owned release permission remains in the manifest.
26
+
27
+
## Removed Permission
28
+
29
+
| Permission | Status | Reason |
30
+
| --- | --- | --- |
31
+
|`android.permission.USE_FULL_SCREEN_INTENT`| Removed | Google Play rejected OnTime's declaration for version code 52 and instructed the team to remove this permission from all submitted version codes. OnTime must not declare this permission or call `setFullScreenIntent(...)` in Play-bound builds. |
27
32
28
33
## Manifest Merge Notes
29
34
@@ -63,9 +68,9 @@ Debug and profile merged manifests may additionally contain their variant-owned
63
68
64
69
-`MainActivity` checks exact alarm and notification permission state before
65
70
scheduling native alarms.
66
-
-`NativeAlarmReceiver` posts alarm-category full-screen notifications and
67
-
skips posting when notification permission is denied.
71
+
-`NativeAlarmReceiver` posts alarm-category notifications and skips posting
72
+
when notification permission is denied.
68
73
-`NativeAlarmBootReceiver` handles boot completion and exact-alarm permission
69
74
state changes to restore persisted native alarms.
70
-
-`AlarmRingingActivity` is the full-screen alarm UI launched only from the
71
-
alarm notification path.
75
+
-`AlarmRingingActivity` is the tap-through alarm UI launched from the alarm
Copy file name to clipboardExpand all lines: docs/Google-Play-Data-Safety.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,7 +72,7 @@ deletion support must be approved by the release owner.
72
72
| Alarm device registration | Current device registration sends app-generated device id, platform, app version, OS version, native alarm support, and alarm providers. | Device or other identifiers, app info and performance | Source-backed, backend retention pending |
73
73
| Alarm status reporting | Alarm status reports send device id, reconciliation timestamps, schedule window, coverage window, alarm provider, status, permission issue, armed schedule ids, skipped count, and failures. | App info and performance, diagnostics, device or other identifiers | Source-backed, backend retention pending |
74
74
| Local alarm registry | Scheduled alarm records are stored locally with schedule id, alarm time, preparation start time, fingerprint, notification ids, provider, schedule title, and payload. | On-device storage; disclose only if transmitted or shared elsewhere | Source-backed |
75
-
| Android permissions | Release manifest includes notification, exact alarm, full-screen intent, boot restore, vibration, and dependency-owned network/Firebase/sign-in permissions. It does not include location, contacts, camera, microphone, phone, SMS, storage, calendar, nearby-device, or Bluetooth permissions. | Permission/API evidence for form consistency | Source-backed by #442|
75
+
| Android permissions | Release manifest includes notification, exact alarm, boot restore, vibration, and dependency-owned network/Firebase/sign-in permissions. It does not include full-screen intent, location, contacts, camera, microphone, phone, SMS, storage, calendar, nearby-device, or Bluetooth permissions. | Permission/API evidence for form consistency | Source-backed by #442|
76
76
| Firebase Cloud Messaging SDK | The app uses `firebase_core` and `firebase_messaging`. Firebase documentation says Cloud Messaging collects app version automatically and depends on Firebase Installations; FID and Firebase user agent handling must be considered. | SDK-collected data, device or other identifiers, app info and performance | Source-backed dependency, final SDK review pending |
77
77
| Firebase Analytics Product Usage Events | Planned analytics release uses Firebase Analytics for workflow milestone events only, with Help Improve OnTime opt-out, pseudonymous analytics identifiers, schema-versioned event names, app version, platform, workflow result, stable error categories, and coarse counts or durations. The event catalog forbids raw schedule names, notes, place names, preparation step names, email, OAuth identifiers, FCM token, raw exceptions, request bodies, response bodies, and free text. | App activity, app info and performance, device or other identifiers; purposes include Analytics, app functionality, debugging and operations, and non-personalized experiments | Planned; not present in current `pubspec.yaml` until `firebase_analytics` is added |
78
78
| Google Play services core SDKs | Google Play services base/basement/tasks may be present through dependencies. Google's disclosure page says the listed core SDKs do not collect end-user data, but app owners remain responsible for the overall disclosure. | SDK review | Dependency review pending |
0 commit comments