Skip to content
Call +1.424.284.2574

Required App Permissions

SureMDM

Android

Following is the list of important permissions SureMDM Nix needs in order to function properly:

  • Device Admin: SureMDM Nix asks for Device Admin permission to tighten security and apply security policies in the future. It is recommended to make Nix the Device Admin so that in future new security policies can be applied seamlessly. For EMM devices, Device Owner permission is mandatory.
  • Usage Access: This is mainly used to calculate Mobile Data consumption. It keeps a track of data consumption and helps ensure that data connectivity is not misused at any point of time. In case of App Usage, this permission helps to know which application is currently running. This allows IT admins to determine whether the app that is in use is whitelisted or not.
  • Ignore Battery Optimization: The main purpose of this is to keep SureMDM Nix running in the foreground so that it does not go offline even when an app is idle for a certain length of time (if SureMDM Nix goes offline, it will make the device go offline and the IT admin will not be able to perform any action).
  • Allow Screen Capture: The main purpose of this is to enable  remote management of devices so that IT admins can keep a track of the activities being performed by users on their devices.
  • Configure System Permissions: This is required to provide end users with an option to modify settings like system brightness, time zone, font size, etc. based on their requirements.
  • Configure Unknown Sources: Once this is enabled, SureMDM Nix allows third-party apps to be installed on the device. This permission seeks to capture user consent for the same.
  • Display Over Other Apps: This permission is mandatory for Android 10 devices. It is required to ensure that the notifications for messages or jobs pushed by the IT admin display on top of the app that’s already running on the device.
  • Query All Apps: SureMDM requires this permission to read the list of apps installed on the device and provide the administrator the ability to show options to launch, modify and even uninstall the apps available on the device.
  • Configure Runtime Permissions: 
    • Telephone: SureMDM Agent requires this permission to collect device identifiers, such as IMEI number as a part of system inventory. These identifiers can be used by your SureMDM Administrators to identify the device.
    • Contacts: SureMDM Agent will collect your Contacts List including contact name, phone number, and upload it to the secure SureMDM Server, even when the app is running in the background or is not actively being used.
    • Microphone: SureMDM Agent requires this permission to grant access to the Microphone.
    • Call Log: SureMDM Agent will be able to read your call logs including the contact name, phone number, duration of the call and upload it to the secure SureMDM Server, even when the app is running in the background or is not actively being used.
    • SMS: SureMDM Agent will be able to read your SMS logs including the name of the contact, date, time, and content of the SMS and upload it to the secure SureMDM Server, even when the app is running in the background or is not actively being used.
    • Camera: SureMDM Agent requires this permission to enroll the devices into the MDM account by scanning the enrollment QR Code.
    • Location: SureMDM Agent will be able to read your location data and upload it to the secure SureMDM Server, even when the app is running in the background or is not actively being used.
    • Nearby Devices: SureMDM Agent requires this permission for the Bluetooth Manager plugin to scan the Bluetooth devices, make the device visible to other devices, and communicate with paired devices.
    • Notifications: SureMDM Agent requires this permission for the notification related to Alert Message, Install Application Job, File Transfer Job, Compliance Policy Job, Enterprise File Store and Enterprise App Store.
  • Samsung KNOX: SureMDM Agent requires this permission for advanced management, allowing actions such as disabling the camera, locking the screen, encrypting the device, configuring password settings, resetting the device password, setting device proxy, and performing a device wipe on Samsung devices.
  • Enable All File Access: SureMDM Agent requires this permission to read and write access to all files within shared storage for the file transfers to/from the device, log files creation on device. This permission is applicable from Android 11 and above devices.
  • Enable Accessibility Settings: SureMDM Agent requires this permission to allow complete remote control of the device, control gestures, hardware buttons and navigation. This permission is applicable from Android 7 and above devices.
  • Enable Notifications Access: SureMDM Agent requires this permission to hide or show the notifications of the applications.
  • Enable Background Location: SureMDM requires this permission to access your location all the time so that the advanced device management feature like Geo Fence, Location Tracking etc supported by SureMDM shall be enabled for the device. This permission is applicable from Android 11 and above devices.
  • Configure Unknown Sources: SureMDM Agent requires this permission to install third party internal/business apps directly from outside the Google Play.
  • Disable Remove Permissions and Free Up Space: SureMDM Agent requires this permission to be disabled in order to avoid app hibernation which can cause the jobs and push notifications failures in the background, and revocation of the app permissions.

iOS

  • Notifications- To receive push notifications and inform the user that jobs/profiles have been successfully applied.
  • Camera- To scan the QR code in order to enroll in a device on the SureMDM console.
  • Location Access- For geo fencing.

macOS

  • Location Access- For location tracking.
  • Accessibility- To allow touch events during remote support sessions.
  • Files and Folders- To access files during remote support.
  • Screen recording- For remote support.
  • Notifications: To receive push notifications and to inform the user about Remote support and pushed applications via profiles.

 

SureLock

Android

Following is the list of the important permissions SureLock needs in order to function properly:

  • Set SureLock as Default Launcher: The main purpose of this is to set SureLock as a default launcher.
  • Activate Device Admin: This is needed for improve security and to apply security policies in the future. It is recommended to make SureLock the Device Admin so that in future new security policies can be applied seamlessly.
  • Enable Samsung KNOX: This permission is specially for Samsung devices. It is required to enable advanced lockdown features like disable power off button, volume button, etc.
  • Enable Usage Access: This permission is required to enable the Kiosk mode.
  • Configure System Permissions: The main purpose of this is to provide end users with an option to modify settings like system brightness, etc. based on their requirements.
  • Enable Notification Access: This permission is required to block notifications and to display badges on apps.
  • Enable Display Over Other Apps: This permission is required to enable the power saving settings.
  • Enable SureKeyboard Service: The main purpose of this is to provide flexibility to the end users to use SureKeyboard instead of the system keyboard.
  • Disable USB Debugging: This permission is intended to disable developer options.
  • Disable Automatic Update From Play Store: This setting can be used to disable updates automatically from the Play Store.
  • Query All Apps: SureLock requires this permission to read the list of apps installed on the device and provide the administrator the ability to allowlist the applications on the kiosk mode.
  • Configure Runtime Permissions- Following are the different permissions needed:
    • Allow All Files Access: SureLock will be able to read your files on the device storage, which might not be owned by this and upload it to the secure SureMDM Server even when the app is running in the background or is not actively being used. This permission is applicable from Android 11 and above devices.
    • Storage: SureLock will be able to read your files on the device storage, which might not be owned by this and upload it to the secure SureMDM Server even when the app is running in the background or is not actively being used. This permission is applicable from Android 10 and below devices.
    • Telephone: SureLock will be able to read your Call logs, including the contact name, phone number, duration of the call and upload it to the secure SureMDM Server, even when the app is running in the background or is not actively being used.
    • Contacts: SureLock will be able to read your contacts data including the name and phone number, even when the app is running in the background or is not actively being used.
    • Call Log: SureLock will be able to read your Call Logs including the contact name, phone number, duration of the call and upload it to the secure SureMDM Server, even when the app is running in the background or is not actively being used.
    • Location: SureLock will be able to read your location data and upload it to the secure SureMDM Server, even when the app is running in the background or is not actively being used. This permission is applicable on Android 11 and above devices.
    • Nearby Devices: This permission is required for the Bluetooth Manager plugin to scan Bluetooth devices, make this device visible to other devices, and communicate with paired devices.
    • Notifications: This permission is required to show the App Notifications.
    • Microphone: This permission is required for allowing Microphone access.
  • Enable All Files Access: SureLock requires this permission to read and write access to all files within shared storage for files transfers to/from the device, log files creation on device. This permission is applicable from Android 11 and above devices.
  • Enable Accessibility Settings: SureLock requires this permission to Suppress Notification Panel and Suppress Power Button/Keyboard. This permission is applicable from Android 12 and above devices.
  • Schedule Exact Alarm: SureLock requires this permission to schedule a reboot at the defined interval. This permission is applicable from Android 12 and above devices.
  • Enable Background Location: SureLock requires this permission to access your location all the time so that the advanced device management feature such as Driver Safety, WiFi Center, Bluetooth Manager etc supported by SureLock shall be enabled for the device. This permission is applicable from Android 11 and above devices.

 

SureFox/SureFox Lite

Android

Following is the list of important permissions SureFox needs in order to function properly:

  • Configure Runtime Permissions: Following are the different permissions needed:
    • Storage: This is required to Write or Read Settings from external storage.
    • Telephone: This is required to read the IMEI number for activation.
    • Microphone: SureFox requires this permission only to allow audio for the video/audio conferencing services which are allowed to run inside SureFox.
    • Camera: This is required to import settings from the QR code.
    • Location: This is required for allowing location access for allowed websites.
    • Notifications: This permission is required to show the App Notifications.
  • Activate Device Admin: This is required to improve security and to apply security policies in the future. It is recommended to make SureFox the Device Admin so that in future new security policies can be applied seamlessly. This permission is mandatory for those using Samsung KNOX features.
  • Enable Samsung KNOX: This permission is specially required for Samsung devices for enabling advanced lockdown features like disable power off button, volume button, etc.
  • Enable Usage Access: This permission is required to enable the Kiosk mode.
  • Enable Display Over Other Apps: This permission is required to enable the power saving settings.
  • Configure System Permissions: The main purpose of this is to provide end users with an option to modify settings, like screensaver, based on their requirements.

iOS

  • Photo Library: This permission is required to access pictures from Photos.
  • Photo Library Additions: This permission is required to save pictures in Photos.
  • Camera: This permission is required to scan QR codes.
  • Location Access: This permission is required to show location-wise web search data to users in the browser.
  • Motion: This permission is required to know the device orientation (landscape/portrait) and measure the speed of the device movement.
  • Microphone: This permission is required to use the microphone access.
  • Media Library: This permission is required to access media files.

 

SureVideo

Android

Following is the list of important permissions SureVideo needs in order to function properly:

  • Configure Runtime Permissions: Following are the different permissions needed:
    • Telephone: This is required to read the IMEI number for activation.
    • Camera: This is required to import settings from the QR code.
    • Location: SureVideo will be able to read your location data. This will allow your SureVideo administrator to search and connect to the desired network via the Wi-Fi center plugin.
    • Files and Media: This permission is required to access photos, media and files on your device. This permission is applicable from Android 11 and above devices.
    • Storage: This permission is required to access photos, media and files on your device. This permission is applicable from Android 10 and below devices.
  • Enable Usage Access: This permission is required to enable the Kiosk mode.
  • Configure System Permissions: The main purpose of permission is to provide end users with an option to modify settings, like screensaver settings, based on their requirements.
  • Schedule Exact Alarm: SureVideo requires this permission to schedule app restart at the defined interval. This permission is applicable from Android 12 and above devices.
  • Enable Display Over Other Apps: This permission is required to enable Overlay Media Controls in SureVideo.

 

AstroContacts

Following is the list of important permissions AstroContacts needs in order to function properly:

  • Contacts: AstroContacts requires these permissions to access the contacts to sync contacts detail from AstroContacts to the local phone book. It's only one way from AstroContacts to the phone book, the AstroContacts application installed on the device never reports any contacts to the server.
  • Camera: AstroContacts needs this permission to allow the user to change the profile picture and scan a QR code to enroll.
  • Photos: AstroContacts requires this permission to add the photo to the photo library and later use it as a profile picture.

 

AstroFarm

Following is the list of important permissions AstroFarm needs in order to function properly:

  • Normal Level Permissions:
    • DISABLE_KEYGUARD: It is used for locking and unlocking the devices.
    • WAKE_LOCK: It is used to open the lock.
    • INTERNET: It is used for internet connectivity.
    • ACCESS_NETWORK_STATE: This is used to get connection status such as connected, disconnected or roaming.
    • CHANGE_WIFI_STATE: This allows applications to change Wi-Fi connectivity state.
    • ACCESS_WIFI_STATE: This allows applications to access information about Wi-Fi networks.
    • DUMP: It allows an application to retrieve state dump information from system services.
    • BLUETOOTH: It is used to get bluetooth state.
    • BLUETOOTH_ADMIN: It is used to get bluetooth details and state change.
    • FOREGROUND_SERVICE From android API 28: It is used to show notification of applications as running in background.
  • Dangerous Level Permissions-Runtime Permissions:
    • READ_PHONE_STATE: It allows read only access to phone state, including the current cellular network information, the status of any ongoing calls and a list of any Phone Accounts registered on the device.
    • GET_ACCOUNTS: It allows access to the list of accounts in the Accounts Service (In device ex: Google, Dropbox etc.).

 

CamLock

Following is the list of important permissions CamLock needs in order to function properly:

Android

  • Configure Runtime Permissions: CamLock requires some runtime permissions like Storage permission to write log files to external storage, Location permission to access the location and restrict the use of the camera application on a configured Geo-Fence area and Camera permission to scan QR codes.
  • Enable Background Location: CamLock requires this permission to access the location and restrict the use of camera application in a configured Geo-Fence area, even when the app is running in the background or when the app is not actively being used.
  • Enable Accessibility Settings: CamLock requires this permission to prevent users from uninstalling the CamLock agent configured on their device.
  • Enable Display Over Other Apps: CamLock requires this permission to display a lock screen over the camera when a user tries to access the application blocked by the admin.
  • Enable Notification Access: CamLock requires this permission to read the notifications and prevent the usage of video calling services on the applications blocked by the admin.
  • Disable Multi-Users: CamLock requires this permission to block the users from creating multiple users on the device.
  • Schedule Exact Alarm: CamLock requires this permission in Time Fence to trigger the properties at the specific time.
  • Enable Location Service: CamLock requires this permission to access the location of the device for the Geo-Fence feature.

Device/OEM Specific Permissions (Xiaomi devices)

  • Enable Display Pop-up Window: CamLock requires this permission to launch warning pop-ups required to block the video calling application.
  • Disable Second Space: CamLock requires this permission to ensure that the users do not install camera applications in the secondary space on the device.
  • Enable Lock Apps: CamLock requires this permission to prevent the app from getting stopped while clearing the recent apps.