Android controls access to its features by means of “permissions”. Apps can’t perform certain task without being granted permission to do so by the user.
Most apps request permission only once, when they’re installed. A user have no choice, either grant all permissions required by the app, or don’t install it.
Automate uses an alternative solution. The app itself require very few (basic) permissions, but gives the user a way to selectively grant and revoke
groups of permissions by installing or uninstalling add-ons. It’s the same system permissions as enforced by Android.
Since Android 6 apps can request permissions at “run-time”, making the above solution obsolete.
Automate will eventually migrate to it, however it would currently not be able to fully replace all add-ons due to Android bugs.
Automate has following permission groups:
- Camera & sound — grants access to the camera and to record sound.
- Connectivity — grants access to the internet and networks like Wi-Fi, Bluetooth and NFC.
- Other apps — grants access to inspect and draw over other apps.
- Personal — grants access to personal information such as contacts and calendar.
- Potentially costly — grants access to send MMS, SMS and make calls without user interaction.
- Storage — grants access to primary external storage.
- Superuser — grants access to use superuser (root) features, on a rooted device.
- System settings — grants access to modify system settings.
- Telephony — grants access to phone related operations like awaiting calls.
- Your location — grants access to know your current location and other location based services.
The permissions are installed (granted) by tapping the install buttons in the flow details, or in the Manage permission settings.
When authorization is required, Automate will never force a user to write a username or password within a flow.
Instead the credentials are stored in accounts handled by the Android operating system.
Accounts are then only referenced by their public names, making flows safe to share among users.
A username and password are often required when accessing FTP/SMTP servers or personal web content.
Automate has its own type of account for those cases, the “generic credentials” account.
Add or remove “generic credentials” in system Account settings.
Automate can never access the password of a Google account.
Instead, Automate requests an authentication token when accessing online services
like Gmail and Google Drive. This token isn’t accessible by, nor stored in a flow.
All communication with online services requiring authorization are done though secure (HTTPS) connections,
this includes the following features:
- Automate cloud messaging
- Automate community
- Google Drive