Disclosure
Every permission LockLoom requests • Last updated: January 2026 (Build 347+)
"Network" classes (e.g., NetworkSosAlertDispatcher, NetworkSimSwapNotifier) are implemented as no-ops or pass-through to local droppers. Distress alerts go directly to user-configured emergency contacts — never through any LockLoom backend. Media capture pipelines delete temporary files after use. All logs use Logcat only and do not leave the device.
The following are normal app runtime permissions that may be requested by the OS. They are not DevicePolicyManager controls (see Device Owner Policies for those), but are listed here for audit completeness. All uses below are local-only and consistent with the zero-exfil posture.
| Permission | Purpose & Data Handling |
|---|---|
| CAMERA | Used for on-device photo/video capture triggered by local codeword actions or integrity workflows. Media is encrypted locally and deleted after processing; there is no upload path. A brief green dot appears per Android camera/mic policy. |
| RECORD_AUDIO | Used for on-device audio capture via MediaRecorder. Files are handled identically (local encryption, ephemeral storage, no network). A brief green dot appears per Android camera/mic policy. |
| READ_PHONE_STATE | Required for SIM-swap detection (reading SIM/telephony state). The app stores only a hash of identifiers inside app storage and performs comparisons locally. Also DO-granted at setup to ensure continuity. |
| BLUETOOTH_CONNECT (Android 12+) or legacy BLUETOOTH / BLUETOOTH_ADMIN | Allows reading connection state of the user-paired "kill-switch" Bluetooth device. The app listens to connection broadcasts and queries connected profiles; no device data is uploaded. |
| ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION | Used by the optional local SOS beacon to obtain a location fix. Location data is included in distress alerts sent directly to user-configured emergency contacts via SMS/email. No location data is sent to LockLoom servers. Requires Phone Data Consent before use. |
| SEND_SMS | Used to send SOS/distress alerts directly to emergency contacts via SMS. Messages are sent using Android's SmsManager API directly to phone numbers configured by the user. No data is sent to any backend or third-party service. Requires Phone Data Consent before phone numbers can be saved. |
| INTERNET | Required for OAuth authentication with Gmail API and SMTP email dispatch. Used only to send distress alerts directly to user-configured emergency contacts. No telemetry, analytics, or data is sent to LockLoom servers. |
| POST_NOTIFICATIONS (Android 13+) | Required to present the persistent notification for the foreground service. If not granted, the service defers start until the user permits it. |
| Permission | Effect of Denial |
|---|---|
| CAMERA | Evidence capture disabled. Distress alerts will still be sent but without photo/video attachments. |
| RECORD_AUDIO | Audio capture disabled. Other evidence capture continues to function. |
| READ_PHONE_STATE | SIM-swap detection disabled. Other security features unaffected. |
| BLUETOOTH_CONNECT | Kill-switch defaults to "disconnected" state without crashing. Feature effectively disabled. |
| LOCATION | GPS coordinates excluded from distress alerts. Other alert content (message, evidence) still sent. |
| SEND_SMS | SMS distress alerts disabled. Email alerts (if configured) continue to work. |
| INTERNET | Gmail OAuth and SMTP email dispatch disabled. SMS alerts (if configured) continue to work. |
| POST_NOTIFICATIONS | Foreground service cannot start. Background monitoring deferred until permission granted. |
All data flows follow the same pattern:
Your Device → Your Emergency Contacts
LockLoom LLC is not in this path. We do not relay, store, or have access to any data transmitted during distress events. All processing occurs exclusively on your device.
© 2025-2026 LockLoom LLC. All rights reserved.