Transparency

Privacy & Trust

Because an app that monitors your behavior deserves full transparency. Here: every permission, the APK hash, PIN security, and network policy.

Network policy

Zero outbound network calls.

The monitoring engine, risk scorer, detection loops, PIN verification, usage tracking, and preset storage all run entirely on-device. There are no API endpoints, no analytics SDK, no crash reporter, and no server of any kind receiving your data.

The app requests the INTERNET permission only because Android requires it as a prerequisite for some internal system APIs. We make zero use of it. You can verify this by running the app behind a firewall or DNS sinkhole — behavior is 100% identical.

Every permission, explained

What we ask for and why

PACKAGE_USAGE_STATS

Requires manual grant in Settings

Required — core feature. This is how we detect which app is in the foreground every second. Without this, we cannot detect reopen loops or app-switching. Data never leaves the device.

SYSTEM_ALERT_WINDOW

Requires manual grant in Settings

Required — core feature. Allows the full-screen blocking overlay to appear on top of any app. Without this, the app cannot display the cooldown screen. It is dismiss-resistant by design.

FOREGROUND_SERVICE

Declared in manifest

Required — reliability. Keeps the monitoring service alive in the background on Samsung and other aggressive battery-management devices. You will see a persistent notification indicating the service is running.

BIND_ACCESSIBILITY_SERVICE

Optional — scroll detection only

Optional. Only active if you enable scroll-rate detection in settings. Counts scroll events per minute in the foreground app. It does not read screen content, text, passwords, or input fields. You can disable this entirely.

ACCESS_FINE_LOCATION

Optional — location presets only

Optional. Only used if you configure a location-triggered preset (e.g., “switch to Outdoor mode when I leave the office”). Not requested at install. Coordinates are stored on-device only, never transmitted.

RECEIVE_BOOT_COMPLETED

Required — reliability. Restarts the monitoring service after a device reboot so you don’t have to open the app to re-enable it.

REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

Required — reliability. Requests exemption from Android’s doze mode so the monitor runs continuously. Background killing defeats the entire product.

INTERNET

Declared — not used

Not used. Present in the manifest due to Android framework requirements. No outbound connection is ever made. Block it in your firewall — the app works identically.

ACCESS_WIFI_STATE
CHANGE_WIFI_STATE
ACCESS_NETWORK_STATE

Optional — airplane mode block only

Optional. Used only if you enable the “full airplane mode during blocks” option. We save and restore your WiFi state after the cooldown. Disabled by default.

ACCESS_NOTIFICATION_POLICY

Optional — DND silence only

Optional. Used only if you enable “Silence device during blocks.” Activates Do Not Disturb for the cooldown duration, then restores your previous setting. Disabled by default.

PIN protection

Your PIN is never stored in plain text

If you enable a settings PIN, it is processed with PBKDF2-HMAC-SHA256 using a random per-device salt before being written to Android DataStore. The raw PIN is discarded immediately.

  • Random salt generated per device on first PIN set
  • Hash and salt stored only in Android’s DataStore (private to the app)
  • Verification computes the same hash and compares — plain PIN is never written to disk
  • No PIN recovery — uninstall the app to reset
  • Emergency unlock option available (if enabled before setting a strong PIN)
Why sideload?

We are not on Google Play — yet

Google Play review for apps using PACKAGE_USAGE_STATS and SYSTEM_ALERT_WINDOW is particularly slow. Both permissions require a manual policy review by Google staffers, and the process can take weeks to months for a first submission.

We are in that queue. In the meantime, the release APK available here is the exact file linked on this site, with its SHA-256 published below for verification.

APK integrity

Verify the APK yourself

Hash the file you downloaded and compare it to the value below. If they match, you have the exact binary we released — not a tampered copy.

SHA-256 — pause-ai-latest.apk (v1.6.1, April 11 2026)
9D521D257B6B201BC16FF97E5FA9F00D7F9414A73FDE3F0F93CA0D26121E7EBD

Verification steps

1

On Windows (PowerShell)

Get-FileHash pause-ai-latest.apk -Algorithm SHA256 | Select-Object Hash
2

On macOS / Linux (Terminal)

shasum -a 256 pause-ai-latest.apk
3

Compare the output

The hash printed must match the value above exactly. If it differs by a single character, do not install the file — contact us.

Local storage

What is stored on your device

  • App preferences Mode, thresholds, whitelist, cooldown settings — stored in Android DataStore (key-value, private to the app).
  • Daily stats Number of blocks triggered today and screen-on minutes. Stored in a local Room database. Reset daily.
  • Calibration feedback Your “was that fair?” answers from past blocks. Stored locally in the same Room database. Used only to adjust thresholds on-device.
  • Presets Named configuration snapshots including schedule times and GPS coordinates (if set). Stored in Room database, private to the app.
  • PIN hash + salt PBKDF2-SHA256 hash and random salt only. The raw PIN is never persisted.
  • Diagnostic logs Optional in-app diagnostics for debugging. Stored in a local file. Never transmitted. Can be cleared from the app.
Uninstalling the app deletes all of the above automatically via Android’s standard app data cleanup.

Questions?

If something on this page is unclear, or if you want to discuss the technical details of the implementation, reach out directly to Guillaume Bray via LinkedIn or through minoai.us.