Data Security Faq

Data Security FAQ for TimeTrack Pro – 2026 Edition

TimeTrack Pro is built with security and privacy as absolute priorities — 100% offline, no network access, no telemetry, no cloud dependency. Your location history exports stay entirely on your device, protected by Android's built-in safeguards and optional user-controlled encryption. This FAQ answers the most common data security questions based on real user inquiries in 2026. It covers storage, permissions, encryption, lost device scenarios, backups, manufacturer differences, threat model, auditing tips, and more. All details reflect the current app version (January 2026).

1. Is my location data ever sent anywhere?

No — never. TimeTrack Pro has no internet permission in its manifest. After APK install:

No outbound connections
No DNS queries
No servers, no cloud sync, no analytics
No crash reporting (unless you manually opt-in and send)
Verify yourself: use NetGuard/firewall — zero traffic from the app

2. What permissions does the app request, and why?

Minimal and temporary:

Storage/Files and media: only during import/export — one-time grant, revocable
No location permission — never reads live GPS
No internet/network permission
No background services or wake locks
No contacts, camera, microphone, or other dangerous permissions

Revoke storage anytime — app can't access files until re-granted.

3. Where is my imported data stored?

App-private storage: /data/user/0/com.timetrackpro.app/files/ (Android scoped storage)
Inaccessible to other apps
Protected by your phone lock screen/PIN/biometric
Optional AES-256 encryption applied to files

4. What does the optional encryption protect against?

AES-256-CBC with PBKDF2 key derivation:

Protects against physical access if phone lost/stolen (without screen lock bypass)
Prevents reading on shared/family devices
Tamper-evident for professional/legal use
Forgotten password = permanent loss (no backdoor, no recovery)

See "encryption-options-explained" for setup.

5. What happens if my phone is lost or stolen?

With encryption + strong password: data unreadable
Without encryption: readable if attacker bypasses screen lock
Use Android Find My Device → remote wipe
Keep unencrypted export backups separate (encrypted drive)
Re-install on new phone → re-import backups

6. Can other apps or malware access my data?

Android sandbox + scoped storage: no — unless device rooted with malware
No shared user ID or content providers
Encryption adds extra layer
Avoid sideloading unknown APKs

7. How secure are backups and exports?

Original exports: as secure as your storage choice
Recommend: move to encrypted folder/SD/USB after download
Delete from Downloads after import
TimeTrack Pro encrypted files: safe even if copied

8. Does the app have any telemetry or analytics?

No — zero. No Firebase, no Crashlytics, no usage tracking. Opt-in crash report (manual send) includes only stack trace — no location data.

9. How does security differ on custom ROMs or rooted devices?

GrapheneOS/CalyxOS: hardened — excellent match
Rooted: higher risk if malware present — encryption still protects files
Samsung Knox: extra hardware isolation

10. Can I audit the app's security myself?

Yes:

Firewall test: NetGuard → zero traffic
Permission check: Settings → Apps → TimeTrack Pro
APK analysis: use Jadx or APK Analyzer → no hidden code
Network capture: PCAPdroid → confirm silence

11. Common Security Concerns & Answers

"Is it safe to import years of data?" Yes — stays local, encrypt for sensitivity.

"What if developer access?" No backdoor — encryption key yours only.

"Shared phone with family?" Encrypt + separate user profile.

"Professional use (tax/legal)?" Encrypted + screenshots = strong chain of custody.

12. Summary

TimeTrack Pro's security model: minimal permissions, no network, app sandbox, optional AES-256 encryption — data stays on your device, under your control. No cloud risks, no telemetry, no third-party access.

Security questions or concerns? Email [email protected] with device details — direct, personal reply.