University
Webinars
Community
Help Center
Technical Docs
Contentsquare Platform

Security

View as Markdown ↗ View this page as plain text Open in ChatGPT ↗ Ask questions about this page

App permissions

Section titled App permissions

The SDK includes the following permissions, which are mandatory for the SDK to operate properly:

AndroidManifest.xml
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_BASIC_PHONE_STATE" />
<uses-permission-sdk-23 android:name="android.permission.SYSTEM_ALERT_WINDOW" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
PermissionRequired toAssociated with read/write operations under e-privacy directive
android.permission.INTERNETSend collected data to Contentsquare serversYes. The end-user’s data is collected for analytics purposes.
android.permission.READ_BASIC_PHONE_STATERetrieve non-sensitive device information such as carrier name for analytics purposesYes. The end-user’s data is collected for analytics purposes.
android.permission.SYSTEM_ALERT_WINDOWUse Contentsquare in-app featuresNo. This permission is solely used to display Contentsquare UI elements in our customers’ apps.
android.permission.ACCESS_NETWORK_STATECheck network availability before sending dataNo. This permission is solely used to check the network status check.
Section titled Deep links usage in Contentsquare SDK

As outlined in the Android Security Guidelines, there are security risks associated with using deep links.

To address these concerns, the Contentsquare SDK implements robust data validation for deep links and safeguards to prevent deep link hijacking, following these guidelines.

If you have specific security concerns and prefer to remove the Contentsquare SDK deep link declaration from your application, add the following code snippet to your AndroidManifest.xml file inside the <application> tag:

<application>


  <activity
      android:name="com.contentsquare.android.analytics.internal.features.deeplink.DeepLinkActivity"
      tools:node="remove" />


</application>

Note that removing the deep link will disable the In-app feature within your application.

Transmission and hosting

Section titled Transmission and hosting

Our server uses HTTPS to make sure that data is encrypted in transport.