The applications purpose
The application is a mobile client application for a larger ERP system. All users are employees of companies using this system. Users has already agreed to any behaviour of this application as part of their terms of employment. The application is mostly installed on devices owned by the employing company, but users are not denied explicitly from adding it to any device of their choice. They are required to sign in with usernames and passwords supplied by the employing company.
The application makes use of the following sensitive data / functions
In office users can track locations of their employees (serviceworkers) by gps coordinates periodically sent from the devices if this has been approved by user.
Unique identification of device and user
System uses a unique identification tag for tracking each indidivual device connected to system. User is also identified to the system by use of username and password.
Access to camera
On users specific request the application can initiate the camera application of the device for uploading files to common ERP system as part of documentation of their work. It can not in any way take images on its own.
Access to stored images and files
On users specific request through GUI action the application can initiate a browse for files feature for uploading files to common ERP system as part of documentation of their work. It can not in any way access local data on its own.
All data is sent to central storage through https traffic. This central storage is currently hosted at Microsoft Azure datacenters and only internal employees of owning company is granted access.