menu
Return to solutions

What's on this page

Android app requirements

On your Android payment terminal, you can install and use Android apps. Below is an overview of the requirements that these apps must meet before they can be uploaded to the CCV Store for distribution. To successfully upload an Android APK to CCV Store, check the follow application requirements, limitations and device permissions first. After signing an NDA and developing your application and integration, you will be able to provide the application and release information via the developer centre.

App requirements and limitations

Make sure that your app complies with the following specifications.

  • The Android Package (APK) of your app is required for distribution to the terminals.
  • In the CCV Store, a name, short description, full description, icon, 3 screenshots, and release notes of your app are required.
  • The maximum APK file size is 200 MB.
  • The application must be digitally signed with a developer certificate. More information on how to create a self-signed certificate can be found here and in the Android documentation here and here.
  • The osType, package name and developer certificate (developer signature) of the apk should be consistent with the previous release.
  • The versionCode and versionName of every release of your app must be unique.
  • Application must be signed with at least v2 signature scheme (only v1 is not allowed).
  • Application must not be delivered as debug build with a debug signer certificate (usually Subject: CN=Android Debug, O=Android, C=US).
  • Debugging must not be enabled for the app in the manifest. More information in the Android documentation can be found here.
  • Neptune or NeptuneLite API must not be used directly by your application, only via the Android SDK (mAPI) is allowed.

Device permissions

To maintain the security of payment terminals, we don’t allow every permissions to used for any reason. This is why, when submitting your release, you are asked to provide the reason for using certain permissions. CCV will then evaluate whether the usage of these permissions is justified for the stated purpose.

We specifically request the reasoning behind permissions that are deemed dangerous, such as:

Permission Description
ACCESS_BACKGROUND_LOCATION Allows an app to access location in the background.
CAMERA Allows access to the camera device.
MANAGE_EXTERNAL_STORAGE Allows an application a broad access to external storage in scoped storage.
READ_EXTERNAL_STORAGE Allows an application to read from external storage.
WRITE_EXTERNAL_STORAGE Allows an application to write to external storage.
AUTHENTICATE_ACCOUNTS Allows an application to act as an account authenticator and manage the authentication process.
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service.
USE_CREDENTIALS Allows an application to request authentication tokens and use credentials from the AccountManager.
MANAGE_ACCOUNTS Allows an application to manage the accounts list, including creating and removing accounts, as well as retrieving and modifying account credentials.
ACCESS_FINE_LOCATION Allows an app to access precise location.
ACCESS_COARSE_LOCATION Allows an app to access approximate location.
WRITE_SETTINGS Allows an application to read or write the system settings.
REQUEST_INSTALL_PACKAGE Allows an application to request installing packages.
SYSTEM_ALERT_WINDOW Allows an app to create windows using the type WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.
READ_USER_DICTIONARY Allows an application to read the user’s personal dictionary of words that they have saved for text input.
WRITE_USER_DICTIONARY Allows an application to write new words to the user’s personal dictionary.
RECORD_AUDIO Allows an application to record audio.

In addition, you must also provide the reason for using any permissions that are not standard Android permissions, including user-defined or custom OS-defined permissions.

Requirements and Test Catalogue Interoperability

In addition to the general app requirements, there are specific requirements related to the app’s interoperability with the terminal and the payment engine.

The fulfilment of these requirements is a prerequisite for the upload of an app into the CCVStore. The App Partner is generally fully responsible for quality assurance and the associated tests of the application itself. The App Partner is also responsible for testing the application with the CCV Payment Engine and for quality assurance (so-called interoperability testing) so that no negative cross-effects arise from the app on payment transactions and the use of the CCV Android terminals. Before the initial upload of the app into the CCVStore and also after each update (also for minor updates) of an app, the tests associated with the requirements listed below must be carried out by the app partner.

You can download the requirements and test catalogue interoperability document here. You will also need to complete these interoperability tests when creating a release in the developer centre.

Android Developer Guidelines and FAQs

This document will give you an overview about the basic requirements for developing an app for our CCV Android Terminals and CCVStore. You can download this document here.