---
title: Security - Android
description: Data transfer and security information
lastUpdated: 11 March 2026
source_url:
  html: https://docs.contentsquare.com/fr/csq-sdk-android/experience-analytics/security/
  md: https://docs.contentsquare.com/fr/csq-sdk-android/experience-analytics/security/index.md
---

> Documentation index: https://docs.contentsquare.com/llms.txt
> Use this file to discover all available pages before exploring further.

Note

Cette page est affichée en anglais car elle n'est pas disponible dans votre langue.

## App permissions

The SDK includes the following permissions, which are mandatory for the SDK to operate properly:

**AndroidManifest.xml**

```xml
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_BASIC_PHONE_STATE" />
<uses-permission-sdk-23 android:name="android.permission.SYSTEM_ALERT_WINDOW" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
```

| Permission | Required to | Associated with read/write operations under e-privacy directive |
| - | - | - |
| `android.permission.INTERNET` | Send collected data to Contentsquare servers | Yes. The end-user's data is collected for analytics purposes. |
| `android.permission.READ_BASIC_PHONE_STATE` | Retrieve non-sensitive device information such as carrier name for analytics purposes | Yes. The end-user's data is collected for analytics purposes. |
| `android.permission.SYSTEM_ALERT_WINDOW` | Use Contentsquare in-app features | No. This permission is solely used to display Contentsquare UI elements in our customers' apps. |
| `android.permission.ACCESS_NETWORK_STATE` | Check network availability before sending data | No. This permission is solely used to check the network status check. |

Note

Some of these permissions involve read and write operations within the meaning of the e-privacy directive and article 82 of the French Data Protection Act, which may require the end-user's specific consent as specified above. This requirement applies in particular to customers based in the EU or targeting end-users in the EU.

For more information on how to combine technical permission and legal consent, refer to the [CNIL (French data protection authority) recommendations ↗](https://www.cnil.fr/fr/permissions-applications-mobiles-recommandations-de-la-cnil-pour-respecter-la-vie-privee).

## Deep links usage in Contentsquare SDK

As outlined in the [Android Security Guidelines ↗](https://developer.android.com/privacy-and-security/risks/unsafe-use-of-deeplinks), there are security risks associated with using deep links.

To address these concerns, the Contentsquare SDK implements robust data validation for deep links and safeguards to prevent deep link hijacking, following these guidelines.

If you have specific security concerns and prefer to remove the Contentsquare SDK deep link declaration from your application, add the following code snippet to your `AndroidManifest.xml` file inside the `<application>` tag:

```xml
<application>


  <activity
      android:name="com.contentsquare.android.analytics.internal.features.deeplink.DeepLinkActivity"
      tools:node="remove" />


</application>
```

Removing the deep link will disable the In-app feature within your application.

## Transmission and hosting

Our server uses HTTPS to make sure that data is encrypted in transport.