A lightweight Android app that reveals exactly what permissions every installed app holds — and whether they actually need them.
- Full app scan — scans every installed app via a native
MethodChannel, returning permissions, install source, and system flag - Risk analysis — assigns each app a privacy score (0–100) and risk level (safe / medium / dangerous) based on dangerous permission count
- Justification engine — maps app capabilities (e.g. "Take Photos") to the permissions they require and flags unjustified access
- Smart caching — fingerprint-based cache invalidation means the UI loads instantly on repeat visits; only re-scans when apps change
- Interactive dashboard — animated security score ring, risk distribution bar, quick actions, and per-app tiles
- Permission database — searchable reference of all Android permissions with descriptions, grouped by category
- Notifications — optional local alerts when a newly installed app requests a high number of dangerous permissions
- Filter & sort — segment by user apps, system apps, or unknown sources; sort by name or risk level
- Developer mode — toggle to reveal low-level / non-dangerous permissions on the detail screen
- Verification dialog — tag an app's capabilities and see which permissions are justified by those capabilities
lib/
├── main.dart # App entry, splash → main flow
├── models/
│ ├── app_info.dart # AppInfo model with RiskLevel enum
│ ├── permission_info.dart # PermissionInfo model
│ └── permission_justification.dart # Capability → permission mapping
├── screens/
│ ├── splash_screen.dart # Animated splash with progress
│ ├── home_screen.dart # App list with search & filters
│ ├── app_detail_screen.dart # Per-app permission breakdown
│ ├── permission_info_screen.dart # Permission reference database
│ └── dashboard_screen.dart # Security overview dashboard
├── services/
│ ├── app_providers.dart # Riverpod state providers
│ ├── cache_service.dart # Hive-backed cache (5 boxes)
│ ├── notification_service.dart # Local notification service
│ ├── permission_analyzer.dart # Risk scoring & analysis
│ ├── permission_justification_service.dart
│ └── permission_scanner_service.dart # Native bridge
├── utils/
│ ├── app_colors.dart # Material 3 theme & palette
│ └── permission_database.dart # Permission definitions
└── widgets/
├── app_card.dart
├── filter_sort_bar.dart
├── permission_history_chart.dart
├── permission_item.dart
├── permission_verification_dialog.dart
├── risk_badge.dart
└── stat_card.dart
| Pattern | Detail |
|---|---|
| State management | flutter_riverpod — AsyncNotifierProvider for app list, StateProvider for filters |
| Caching | Hive with 5 boxes; fingerprint check avoids redundant native calls |
| Background work | compute() isolate for permission enrichment off the main thread |
| Native bridge | MethodChannel('permission_scanner') with getInstalledApps / getAppsFingerprint |
| Risk scoring | 100 − (10 × dangerous permissions), clamped 0–100; justification can reduce risk one level |
- Flutter SDK ≥ 3.11.1
- Android SDK (minSdk 21 / targetSdk 35)
- An Android device or emulator
git clone https://github.com/AHS-Mobile-Labs/Permission_Scanner.git
cd Permission_Scanner
flutter pub get
flutter rundart run flutter_launcher_icons| Permission | Why |
|---|---|
QUERY_ALL_PACKAGES |
Read the permission manifest of every installed app |
POST_NOTIFICATIONS |
Send local alerts for high-risk apps (requested at runtime, non-blocking) |
| Package | Version | Purpose |
|---|---|---|
flutter_riverpod |
^2.4.1 | State management |
hive / hive_flutter |
^2.2.3 / ^1.1.0 | Local key-value cache |
fl_chart |
^0.65.0 | Data visualization |
flutter_local_notifications |
^17.1.0 | Local push notifications |
permission_handler |
^11.0.0 | Runtime permission requests |
intl |
^0.19.0 | Date formatting |
© 2026 AHS Mobile Labs