Security
App permissions
Section titled App permissionsThe SDK requires the following permissions to operate properly:
<uses-permission android:name="android.permission.INTERNET" /><uses-permission android:name="android.permission.READ_BASIC_PHONE_STATE" /><uses-permission-sdk-23 android:name="android.permission.SYSTEM_ALERT_WINDOW" /><uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />| Permission | Required to |
|---|---|
android.permission.INTERNET | Send collected data to Contentsquare servers |
android.permission.READ_BASIC_PHONE_STATE | Retrieve non-sensitive device information such as carrier name for analytics purposes |
android.permission.SYSTEM_ALERT_WINDOW | Use Contentsquare in-app features |
android.permission.ACCESS_NETWORK_STATE | Check network availability before sending data |
Deep links usage in Contentsquare SDK
Section titled Deep links usage in Contentsquare SDKAs outlined in the Android Security Guidelines ↗, there are security risks associated with using deep links.
To address these concerns, the Contentsquare SDK implements robust data validation for deep links and safeguards to prevent deep link hijacking, following these guidelines.
If you have specific security concerns and prefer to remove the Contentsquare SDK deep link declaration from your application, add the following code snippet to your AndroidManifest.xml file inside the <application> tag:
<application>
<activity android:name="com.contentsquare.android.analytics.internal.features.deeplink.DeepLinkActivity" tools:node="remove" />
</application>Note that removing the deep link will disable the In-app feature within your application.
Transmission and hosting
Section titled Transmission and hostingOur server uses HTTPS to make sure that data is encrypted in transport.