Skip to main content

OS Permissions Audit

CommitT operates on a zero-trust, fail-closed enforcement model. To prevent bypasses, self-sabotage, and background sleep cycles, the application requires and continuously audits eight system-level permissions. If any required permission is revoked by the user while a commitment is active, the local SQLite engine immediately triggers a fail-closed lock state, restricting device usage until the audit passes.

The 8-Point Audit Matrix

CommitT’s custom React Native module—Enforcement—exposes the checkAllPermissions() method to perform a concurrent system-level check on the device.

Strict Background Location Protocol

API 29+ (Androidd 10+) Requirement: Granting "Allow only while using the app" is insufficient for CommitT.
For location-based tracking (such as Stay Throughout geofencing), the Android operating system enforces background location limits.
  • The Issue: If ACCESS_FINE_LOCATION is granted but ACCESS_BACKGROUND_LOCATION is not, the accessibility service’s background GPS thread is killed by the OS after several minutes of screen-off time.
  • The Enforcement Solution: The Enforcement module checks both fine and background permissions:
  • User Action: The user must explicitly select “Allow all the time” in the system settings screen.

Native API Integration

The native bridge uses double intent flags (FLAG_ACTIVITY_NEW_TASK and FLAG_ACTIVITY_CLEAR_TOP) to ensure that when a user completes settings configuration and presses the system back button, they are immediately returned to the CommitT application.