Part of the Android security model includes the requirement that applications declare the set of permissions that they require to run on a device. These permissions are displayed to the user at the time that the application is installed from the Android market.
Having the set of permissions displayed to the user allows the user to make an informed choice about whether or not they wish to proceed with installation.
Citrix Receiver for Android version 2.0 saw a change in the set of permissions required to run Receiver on Android devices. A recent comment on the Android market regarding these permissions indicates that users want information about why Receiver requires the permissions that it does. This article explains the set of permissions that the user must consent to before installing Citrix Receiver for Android, as well as why those permissions are required.
I’ll start by addressing the permissions shown in orange, which Android uses to denote what are known as “high risk” permissions.
Storage – modify and delete SD card contents
The storage permission is required to enable the SD card access feature of Citrix Receiver for Android.
This feature allows the host to treat the SD card as a mapped drive in the user’s session. This allows host side applications to read from, and write to the SD card. For example you can save a file onto the SD card from a host side application which then makes that file available to other applications both on the device and on the host. You can also view and manipulate the contents of the SD card from within Windows explorer running on the host.
Citrix Receiver for Android will modify the contents of the SD card based on how the user interacts with applications on the host. For example by saving a file to the SD card from a host side application the contents of the SD card will be modified.
Network communications – full Internet access
This permission is required so that Citrix Receiver can access XenApp and XenDesktop hosts and make connections to Citrix Access Gateway. It is a fundamental permission required by any application that wishes to make use of network communications.
Phone calls – read phone state and identity
This permission allows for Receiver to receive notifications about when a phone call is made or received from the device. This permission is required to support the new audio streaming feature in Receiver, whereby we mute the audio when a phone call is made or received.
As part of the version 2.0 release of Receiver we now support audio playback from the host. It is important that when the device receives or places a call the audio playback from Receiver is muted. The way that this is done is Receiver asks for a notification about when a call is made or received. When this notification is received Receiver will mute the audio playback from the server when the call is done.
Receiver is also not able to make or answer phone calls. Receiver also cannot access your contact information or call history or any other personal information. The notification related to phone state is used purely for the purposes of muting audio playback when a call is in progress.
The remaining permissions required by Receiver are not considered by the system to be “high risk”. These permissions are explained below.
Hardware controls – control vibrator
Receiver requires permission to activate the device vibrator when the user taps on the row of extended keys that is displayed above the system keyboard.
System tools – Install shortcuts
A feature of Receiver is the ability to create a shortcut to a published application or desktop directly on the home screen of the device. Tapping on that shortcut will automatically start that application without the user having to bring up the list of accounts and their application list.
The home screen shortcut can be created by long pressing on an application in the application list and selecting “Copy to home screen”.
The specific permission that is requested here is the permission to create the home screen shortcut.
I hope that this goes some way to explaining the permissions that are required for Citrix Receiver for Android and why they are required. Please contact firstname.lastname@example.org if you have any further questions regarding Citrix Receiver for Android. Frequently asked or important questions will form the subject matter for future blog postings.