To function and deliver a good user experience, the XUMM application will request several permissions from your phone's operating system ("OS", iOS or Android).
Please note that XUMM absolutely does not collect personal information. XUMM is open source, XRPL Labs (the creator(s) of XUMM) have nothing to hide.
XUMM relies on several open source components, like:
- React Native for app compilation, user interfaces & compile one code base to multiple platforms (iOS and Android)
- Firebase (by Google) for push notification delivery and crash report collection
- Tangem SDK for the support of Tangem hardware key cards
- Veriff SDK
XUMM needs access to:
- Phone storage (to store the encrypted database with your XRPL accounts, XUMM address book, etc.)
- Your internet connection (to connect to XRPL nodes)
- Anonymous diagnostic & usage data, to collect anonymous crash report information. We collect zero statistics about specific users or their devices, but we do collect anonymous data (for our eyes only) that help us find and fix problems even before users report it to us. The things we fix are communicated in the XUMM update release notes.
Optionally, XUMM needs access to these features:
- Your camera (current version, opt in, to scan QR codes)
- Push notifications (current version, opt in, to receive xApp / transaction push notifications)
- Face ID / Fingerprint reader (current version, opt in, for user friendly unlocking of XUMM)
- Your address book (in the future, opt in, to anonymously match contacts with XRPL accounts)
Finally, these permissions will be asked by the 3rd party modules we use in XUMM. We only work with trusted, audited 3rd party libraries, known not to collect data without absolutely requiring the data & informing the end user:
- Tangem SDK: uses the NFC circuit of your phone to scan a Tangem card
- Veriff SDK: uses your camera and microphone for a liveliness check during (and only during) the KYC process