App Capabilities and their Severity
| Capability | Severity | Description |
|---|---|---|
| Accesses camera | Critical | Accesses the device's camera(s). |
| Accesses the clipboard | Critical | Reads the data stored in the clipboard. |
| Authorized to access camera | Critical | Authorized to access the device's camera(s). |
| Monitors location changes | Critical | Monitors changes in the device location. |
| Reads SMS | Critical | Reads SMS messages stored on the device. |
| Receives SMS | Critical | Receives incoming SMS messages. |
| Records audio | Critical | Records audio using microphone / other audio input. |
| Records media | Critical | Records audio or video. |
| Registers as device admin | Critical | Uses device administrator for expanded privileges, if allowed by the user. |
| Uses DNS proxy | Critical | Creates an interface to view and control DNS queries and responses. |
| Uses VPN interface | Critical | Creates a virtual private network (VPN) interface, which can read device network traffic. |
| Accepts incoming connections | Elevated | Accepts incoming TCP connections or UDP datagrams from the Internet. |
| Accesses Private API | Elevated | Makes use of libraries and/or frameworks that are marked as private by the OS. |
| Enumerates installed packages | Elevated | Enumerates packages installed on the device. |
| Handles incoming calls | Elevated | Can answer, reject, and end incoming calls. |
| Reads calendar | Elevated | Reads calendar data accessible by this device. |
| Reads contacts | Elevated | Reads the contacts stored on the device. |
| Reads device sensor data | Elevated | Reads data from device sensors (motion, environmental, etc.). |
| Reads ICCID | Elevated | Reads the Integrated Circuit Card ID (ICCID), a unique SIM-card identifier. |
| Reads IMEI | Elevated | Reads the International Mobile Equipment Identifier (IMEI), a unique device identifier. |
| Reads IMSI | Elevated | Reads the International Mobile Subscriber Identity (IMSI). |
| Reads location | Elevated | Reads the geolocation of the device. |
| Reads reminders | Elevated | Reads reminder data accessible by this device. |
| Sends calendar data | Elevated | Sends calendar data to a remote system. |
| Sends camera photos/videos | Elevated | Sends photos or videos captured by camera to a remote system. |
| Sends clipboard data | Elevated | Sends data present in the clipboard to a remote system. |
| Sends contacts | Elevated | Sends contacts to a remote system. |
| Sends GPS location | Elevated | Sends precise Global Positioning System (GPS) coordinates to a remote system. |
| Sends ICCID | Elevated | Sends the Integrated Circuit Card ID (ICCID), a unique SIM-card identifier, to a remote system. |
| Sends IMEI | Elevated | Sends the International Mobile Equipment Identifier (IMEI), a unique device identifier, to a remote system. |
| Sends IMSI | Elevated | Sends the International Mobile Subscriber Identity (IMSI) to a remote system. |
| Sends last identified location | Elevated | Sends the last identified location to a remote system. |
| Sends location | Elevated | Sends geolocation to a remote system. |
| Sends microphone data | Elevated | Sends audio from the microphone to a remote system. |
| Sends network-based location | Elevated | Sends network-based coordinates to a third party. |
| Sends phone number | Elevated | Sends the phone number to a remote system. |
| Sends photo/audio/video files | Elevated | Sends photo, audio or video files stored on the device to a remote system. |
| Sends reminder data | Elevated | Sends reminder data to a remote system. |
| Sends serial number | Elevated | Sends the device serial number, a unique device identifier, to a remote system. |
| Communicates with private IP addresses | Normal | Communicates with one or more IP addresses in a private addressing range. |
| Executes in background | Normal | Executes in the background when the app may not be seen in the foreground. |
| Registers URI handler | Normal | Can intercept and handle the processing of specific URIs. |
| Registers/advertises a service | Normal | Registers and advertises a service that can be accessed by other apps. |
| Uses Bluetooth | Normal | Uses Bluetooth to exchange data or accesses the Bluetooth module of the device. |
| Uses custom RNG seed | Normal | Initiates or updates a random number generator (RNG) with a custom seed. |
| Uses local storage | Normal | Accesses data on a local storage. |
| Uses NFC | Normal | Uses Near-Field Communication (NFC) protocol or accesses the NFC module of the device. |
| Allows in-app purchases | None | Allows in-app purchases via an official app store. |
| Authorized to perform in-app purchases | None | Authorized to perform in-app purchases via an official app store. |
| Executes commands in a separate process | None | Executes commands in a separate process. |
| Initiates email composition | None | Initiates an email creation by opening the default email app with pre-populated content. |
| Loads and executes native code | None | Dynamically loads native libraries and executes their code. |
| Makes system calls | None | Makes system calls to perform low-level system functionality. |
| Uses contact tracing | None | Exchanges anonymized data with nearby devices to track potential exposure to infectious diseases like COVID-19. |
| Uses facial recognition | None | Detects faces or facial features in images and live or prerecorded video. |
| Uses speech recognition | None | Converts speech within live or prerecorded audio content into text. |
