# Privacy Policy for WiFi Password Manager
**Effective Date:** April 11, 2026
**Last Updated:** April 11, 2026
**App Name:** WiFi Password Manager
**Package:** `com.ilyas.ilyasapps.wifipasswordmanager`
**Contact:** muhammadilyas15@gmail.com
---
## Your Passwords Never Leave Your Device
WiFi Password Manager is built around a single, uncompromising promise: **your saved WiFi passwords stay on your phone, and only on your phone.**
We do **not** upload your WiFi networks, passwords, notes, or any related data to any server, cloud, or backup service. There is no sign-in, no user account, no cloud sync, and no way for us, Google, or any third party to see what you save inside the app. If you uninstall the app, every network you stored is permanently deleted from your device and there is no copy anywhere else.
This policy explains exactly what the app does and does not do with your information, so you can trust it with one of the most sensitive pieces of data on your phone.
---
## 1. Data You Save Inside the App (Local-Only)
When you add a WiFi network to the app, the following fields are stored **only in a private Room (SQLite) database inside the app's sandboxed storage on your device**:
- **SSID** — the WiFi network name
- **Password** — the WiFi password
- **Security Type** — WPA, WPA2, WPA3, WEP, or None
- **Category** — e.g. Home, Work, Cafe, Travel (user-selected)
- **Location Label** — a free-text label you type in yourself (e.g. "Grandma's house"). The app does **not** use GPS or any location permission to fill this field.
- **Notes** — any free-text notes you choose to add
- **Favorite flag** — whether you marked the entry as a favorite
- **Created / Updated timestamps** — used only for sorting and display inside the app
**Where this data lives:** Inside your app's private data directory (`/data/data/com.ilyas.ilyasapps.wifipasswordmanager/`), which Android isolates from every other app on your device. On modern Android versions this directory is protected by full-disk file-system encryption tied to your device lock screen, so the stored data is encrypted at rest by the operating system.
**Where this data does NOT go:** It is never sent over the internet. It is never uploaded to Firebase, Google Drive, iCloud, our servers, or anywhere else. No employee, contractor, or third party at Mobilia Apps can read it.
---
## 2. What We Do NOT Collect
To be explicit, WiFi Password Manager does **not** collect, transmit, or store any of the following:
- **No email address, name, phone number, or profile information** — the app has no sign-in screen.
- **No cloud copy of your passwords** — there is no Firebase Auth, no Firestore, no Firebase Storage, no Google Drive integration, no WebDAV, no export-to-cloud.
- **No device-to-device transfer of passwords** — we explicitly opt out of Android's auto-backup and cloud-transfer systems (see Security Measures below).
- **No location data** — the app requests no location permissions. The "Location Label" field is simply text you type in.
- **No camera or photo access** — the app requests no camera or gallery permissions.
- **No contacts, calendar, call logs, SMS, or microphone access.**
- **No analytics of your password content** — we never log, track, or analyze your SSIDs, passwords, notes, or categories. Analytics (see Section 4) measure only anonymous screen visits and crash events, never the content of your saved networks.
---
## 3. Permissions Requested
The app declares only these Android permissions, each for a narrowly-defined purpose:
| Permission | Why it is needed |
|---|---|
| `INTERNET` | Loads banner ads and sends anonymous crash reports. Never used to transmit your saved WiFi data. |
| `ACCESS_NETWORK_STATE` | Required by the Google AdMob SDK to detect whether a connection is available before requesting an ad. |
| `VIBRATE` | Provides haptic feedback when you tap buttons and copy passwords. |
| `com.android.vending.BILLING` | Lets the app communicate with Google Play to process Premium and Lifetime purchases. |
The app does **not** request: location, camera, microphone, contacts, storage, phone state, notifications, or any runtime-dangerous permission.
---
## 4. Third-Party SDKs
The app includes a small, carefully chosen set of SDKs. None of them receive your WiFi passwords or any data you entered inside the app.
### 4.1 Google AdMob (Banner ads for free users)
Free users see banner ads. AdMob may collect standard advertising identifiers (Advertising ID, device model, coarse IP-derived region, app version) to serve contextual or personalized ads. Users in the EEA, UK, and Switzerland are shown a Google-certified consent form (see Section 5) before any personalized ad is requested. Premium users see no ads.
Google's policy: https://policies.google.com/technologies/ads
### 4.2 Google User Messaging Platform (UMP)
Shows the GDPR / ePrivacy consent dialog in regions that require it. UMP stores your consent choice locally on your device and reports it to AdMob.
### 4.3 Google Play Billing
Processes one-time and subscription purchases (monthly, yearly, lifetime). Google Play handles your payment details directly — the app never sees or stores your card number, billing address, or Google account. The app only receives a purchase token confirming your entitlement.
### 4.4 Firebase Crashlytics (Anonymous crash reports)
If the app crashes, Crashlytics sends Google an anonymous crash report containing: stack trace, Android version, device model, app version, and a randomly generated installation ID. Crash reports do **not** include your SSIDs, passwords, notes, or any data from the Room database. We use these reports solely to fix bugs.
### 4.5 Firebase Analytics (Anonymous usage metrics)
Analytics reports anonymous events such as "user opened Settings" or "user viewed Premium screen" so we can understand which features are used. Analytics never logs WiFi network content. No personally identifying information is attached to these events.
### 4.6 Room 2.8.4 (Local database)
Room is an on-device SQLite wrapper. It does not connect to the internet. This is where your saved networks live.
### 4.7 ZXing (Local QR code generation)
When you tap "Show QR," ZXing renders a standard WiFi QR code (`WIFI:S:<ssid>;T:<type>;P:<password>;;`) as a bitmap **entirely on your device**. The QR code is displayed on screen and can be shared as an image you choose to send — it is never uploaded anywhere by the app.
### 4.8 Glide (Image loading)
Used only to load bundled app icons and drawables from inside the APK. The app does not fetch images from the internet.
### SDKs we explicitly do **not** use
- **Firebase Auth** — not present. No sign-in.
- **Firebase Firestore** — not present. No cloud database.
- **Firebase Storage** — not present. No cloud file storage.
- **Google Drive / Cloud Backup APIs** — not present.
- **No third-party analytics** (no Mixpanel, Amplitude, Facebook SDK, etc.).
---
## 5. Security Measures
We take several concrete, verifiable steps to protect your stored WiFi passwords:
1. **`android:allowBackup="false"`** — set in the app manifest. This disables Android's automatic cloud backup, so your Room database is never copied to your Google account or uploaded to Google Drive.
2. **`data_extraction_rules.xml`** — explicitly excludes the app's database and shared preferences from both cloud backup and device-to-device transfer. Even if you switch to a new phone using Google's transfer tool, your saved WiFi entries are deliberately left behind.
3. **App-sandboxed storage** — the Room database file resides in the app's private directory, which Android prevents other apps from reading.
4. **File-system encryption at rest** — modern Android devices encrypt internal storage by default using a key tied to your screen lock. Locking your phone protects the database file.
5. **No network transmission of database contents** — there is simply no code path in the app that uploads, exports over HTTP, or syncs the WifiNetwork table.
6. **Release builds are minified and shrunk** (`minifyEnabled true`, `shrinkResources true`) to reduce the attack surface.
### Recommended user precautions
- Keep a secure device lock (PIN, password, or biometric).
- Keep your device software up to date.
- Only install the app from the official Google Play Store.
No security system is perfect. While we do everything above to protect your data, no mobile application can guarantee absolute security, and you use the app at your own risk.
---
## 6. Subscriptions & Premium
WiFi Password Manager offers optional Premium access:
- **Monthly subscription** (`wifi_password_manager_monthly`)
- **Yearly subscription** (`wifi_password_manager_yearly`)
- **Lifetime one-time purchase** (`wifi_password_manager_lifetime`)
All purchases are processed by Google Play. Subscriptions renew automatically until canceled in your Google Play account. You can manage or cancel subscriptions at any time at https://play.google.com/store/account/subscriptions. The developer does not receive or store your payment information.
---
## 7. GDPR, UK-GDPR, and CCPA Compliance
### For users in the EEA, UK, and Switzerland (GDPR / UK-GDPR)
- **Lawful basis:** For the tiny amount of anonymous data the app does transmit (crash reports, analytics, ads), our lawful basis is either your consent (collected via the UMP dialog on first launch) or legitimate interest in keeping the app stable and free.
- **Your rights:** Since we do not collect personal identifiers, we have no user account to look up. You can exercise your right to withdraw consent at any time via **Settings → Privacy options** inside the app, which re-opens the UMP dialog.
- **Data controller:** Muhammad Ilyas (muhammadilyas15@gmail.com).
### For California residents (CCPA / CPRA)
- We do **not** sell or share your personal information.
- We do not collect "sensitive personal information" as defined by the CCPA.
- You may contact us at muhammadilyas15@gmail.com for any California-specific privacy request.
---
## 8. Data Retention and Deletion
- **Your saved WiFi networks** stay on your device until you delete them inside the app or uninstall the app.
- **Uninstalling the app instantly and permanently deletes** the entire Room database, all shared preferences, and all cached data. Because nothing was ever uploaded, there is no cloud copy to worry about.
- **Anonymous crash and analytics data** retained by Google follows Google's standard retention windows (typically 14 months for Analytics; see Google's policies). You can opt out at any time via Settings → Privacy options.
To delete everything right now: long-press the app icon → App info → Uninstall, or Storage → Clear data.
---
## 9. Children's Privacy
WiFi Password Manager is intended for users aged **13 and older**. The app is not directed to children under 13, and we do not knowingly collect any information from children under 13. If you believe a child under 13 has used the app, please contact us and we will assist where possible — although, because the app stores nothing in the cloud, there is no server-side data for us to delete.
---
## 10. Changes to This Policy
We may update this Privacy Policy from time to time — for example, if a new SDK is added or if laws change. When we do, we will update the "Last Updated" date at the top and, for material changes, display an in-app notice on the next launch. Continued use of the app after an update constitutes acceptance of the revised policy.
---
## 11. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your data:
**Email:** muhammadilyas15@gmail.com
**Play Store:** https://play.google.com/store/apps/developer?id=Mobilia+Apps
**Privacy hub:** https://sites.google.com/view/mobilia-apps/
We aim to respond to all privacy inquiries within 7 business days.