Android control access to its features in multiple ways, in Automate they’re all generalized as the term “privileges”.
The most common access control in Android is a “permission”. On Android 6+ permission are granted by the user at run-time, usually prior to use. On lower Android versions, all permissions requested by an app are undeniably granted at installation of an app.
Prior to version 1.33.5 Automate used extension (add-on) apps to give the user a choice to only grant a subset of permissions on Android 5.1 or lower, those are no longer being used due to Google Play store policy changes, see extensions.
Other kinds of access controls are spread throughout system settings, there’s options to enable the Accessibility service, Device Administrator, and other “Special app access” like Usage access, Modify system settings, etc..
Automate can be granted or denied privilege by clicking the check mark buttons in the Privileges section on flow details screen, in Privileges settings, or where appropriate in system settings.
Even irrevocable privileges (grayed out check mark) are listed so users are able to see them being used by a flow.
When authorization is required, Automate will never force a user to write a username or password within a flow. Instead the credentials are stored in accounts handled by the Android operating system. Accounts are then only referenced by their public names, making flows safe to share among users.
A username and password are often required when accessing FTP, IMAP, POP3 and SMTP servers, and sometimes for personal web content. Automate has its own type of account for those cases, the “generic credentials” account. Add or remove “generic credentials” in system Account settings.
Automate can never access the password of a Google account. Instead, Automate requests an authentication token when accessing online services like Gmail and Google Drive. This token isn’t accessible by, nor stored in, a flow.
On Android 4.2.2 and lower Automate may use an account to store the master password, in secure location inaccessible to flows, to its internal “key store” used as a backport of the AndroidKeyStore, e.g. to store ADB keys. The account is removed when the app is uninstalled.
All communication with online services requiring authorization are done though secure (HTTPS) connections, this include the following features: