HFP Blocker — Privacy Policy

Last updated: 2026-04-30

HFP Blocker (the "App") is developed by CIRUA (ciruagametest@gmail.com).

Summary

The App does not collect, transmit, or store any personal data about you. It operates entirely on your device. The only off-device network activity comes from two embedded Google SDKs: AdMob (to fetch ads) and Google Play Billing (only when you tap the optional Pro upgrade). Both are described below.

What the App does on your device

• Watches the system's Bluetooth audio state.
• When another app tries to switch your Bluetooth headset into Hands-Free Profile / telephony mode (which degrades music quality), the App reverts the system back to media / A2DP mode.
• Disconnects the Hands-Free profile from connected Bluetooth audio devices where possible.

All of this happens locally. No audio is recorded. No microphone is opened by this App. No Bluetooth device identifier (MAC address, display name, or paired-device list) is read into application memory beyond the opaque device handle needed to call the disconnect API, and none of it is logged, stored, or transmitted.

Data the App reads on your device (not collected, not transmitted)

To do its job locally, the App continuously reads:

• Audio routing state — AudioManager.mode and isBluetoothScoOn. Polled every 50–2000 ms while the watcher is running. Used to detect switches into telephony mode. Not persisted beyond an in-memory counter.
• Currently HFP-connected Bluetooth device handles — obtained via BluetoothHeadset.connectedDevices. Used solely to invoke the disconnect API on those handles. Their MAC addresses and display names are never read, logged, or transmitted by the App.

The App also keeps a small on-device ring-buffer log (last ~80 events) in private SharedPreferences so you can see in the main screen what the watcher has been doing. Each entry is a timestamp plus a short status string (e.g. kick — mode=3 sco=true → reverted). It contains no Bluetooth identifiers, no device names, no app names, and no personal data. It never leaves your device. Uninstalling the App deletes it.

Data the App collects

None. The App has no analytics, no telemetry, no crash reporting of its own. No account, login, sign-up, or user-identifier is required to use the App.

Advertising

The App displays advertisements via Google AdMob in three places:

• A banner / medium-rectangle on the main screen.
• An App Open ad shown at most once per cold-start of the app process, suppressed if a fullscreen ad is already on screen.
• An interstitial that fires only when you toggle the watcher on or off, and only after a generous free window: the first 10 minutes after install never show an interstitial, the first two toggles ever are always free, and there is a minimum two-minute cooldown between any two interstitials.

AdMob is subject to Google's privacy policy. AdMob may collect standard advertising identifiers (Android Advertising ID or similar), approximate location from IP, and device/app information to deliver relevant ads. You can control this via:

• Android Settings → Google → Ads → Opt out of Ads Personalization
• Android Settings → Privacy → Reset Advertising ID / Delete advertising ID

Users who purchase the optional one-time Remove Ads upgrade no longer see any ads. The unlock flag is read by every ad surface (banner, App Open, interstitial) before showing.

Remove Ads / in-app purchase

The Remove Ads upgrade is a one-time $1.99 in-app purchase that disables every ad surface in the App. The unlock state is stored locally on your device (private SharedPreferences). Purchases are processed via the Google Play Billing SDK; your purchase token flows between your device and Google Play under Google's privacy policy. The App itself keeps no server-side record of who has purchased and runs no backend of its own. On sideloaded or unsigned builds where Play Billing is unreachable, the App falls back to a local development unlock and still makes no network calls of its own.

Pro Mode (future feature, not active in v1.0)

A future "Pro Mode" upgrade — separate from Remove Ads — will add a per-app allowlist (so voice-calling apps that genuinely need the headset's microphone can be exempted), a custom poll interval, and a proactive HFP re-assert cycle. Pro Mode ships in v1.1. None of these features are active in v1.0, and the App does not request the PACKAGE_USAGE_STATS Special-Access permission required to implement the per-app filter at runtime. The in-code app-list reader described below will only be reachable from a UI entry point added back in v1.1; in v1.0 it never runs.

Per-app allowlist (Pro feature, dormant in v1.0)

The Pro feature set includes a per-app allowlist that lets you mark specific apps so the watcher leaves their HFP/SCO requests alone (e.g. voice-calling apps that genuinely need the headset's microphone). To populate that list, the App opens an in-app picker that reads the list of installed apps which expose a launcher icon via Android's LauncherApps.getActivityList(...). Only the package name and the user-visible app label and icon are read, only while the picker is open, and only the package names you actually tick are saved — locally, in private SharedPreferences. Nothing about your installed apps is collected, logged, or transmitted off your device. The App does not hold the privacy-restricted QUERY_ALL_PACKAGES permission; the picker is limited to launcher-visible apps via the <queries> filter declared in the manifest.

Permissions requested

Permissions explicitly declared by HFP Blocker:

• BLUETOOTH_CONNECT, BLUETOOTH, BLUETOOTH_ADMIN — to enumerate currently-HFP-connected audio devices and request that the system drop their Hands-Free profile connection.
• MODIFY_AUDIO_SETTINGS — to read the current audio mode and switch it back to normal when another app forces telephony mode.
• FOREGROUND_SERVICE, FOREGROUND_SERVICE_SPECIAL_USE, POST_NOTIFICATIONS — to display the persistent notification while the watcher is running.
• INTERNET, ACCESS_NETWORK_STATE — used by Google AdMob to fetch ads and by Google Play Billing to broker the Pro purchase flow.

Permissions auto-merged by Google's bundled SDKs (visible to Play Console because they appear in the final manifest):

• com.google.android.gms.permission.AD_ID — declared by the AdMob SDK so it can read the system-wide Android Advertising ID. You can reset or delete this ID at any time via Android Settings → Privacy → Ads.
• android.permission.ACCESS_ADSERVICES_AD_ID, …ACCESS_ADSERVICES_ATTRIBUTION, …ACCESS_ADSERVICES_TOPICS — Privacy Sandbox APIs declared by AdMob for ad attribution and topics on supported Android versions. The App does not call these APIs directly.
• com.android.vending.BILLING — declared by the Google Play Billing SDK so it can launch the Play Store purchase sheet for the Pro upgrade.
• android.permission.WAKE_LOCK — declared by the Google AdMob SDK for ad-loading lifecycle. The App itself acquires no wake locks.

The App does not request RECORD_AUDIO, location, contacts, storage, phone, SMS, QUERY_ALL_PACKAGES, or any other sensitive permission.

Data deletion

Three deletion paths cover everything the App and its bundled SDKs touch:

• Local app data on your device — uninstall HFP Blocker. Private SharedPreferences (Pro flag, allowlist, log ring-buffer) are removed automatically by Android when the App is uninstalled.
• AdMob advertising data — Android Settings → Privacy → Ads → Delete advertising ID (or Reset advertising ID). This is a system-level setting and applies to every AdMob-served app on your device, not just HFP Blocker.
• Play Billing purchase records — Google Play account → Account → Order history → tap the Pro purchase → request a refund or removal. Purchase records are managed by Google Play, not by HFP Blocker.

The App itself runs no backend and stores no server-side data about you. There is no email-based deletion request because there is nothing on a server to delete. If Google Play Console or a reviewer needs a deletion-request URL, this page serves as that URL.

Children

The App is not directed at children under 13. It does not knowingly collect data from children.

Changes

If this policy changes, the updated version will be published at the same URL and the Last updated date above will be revised.

Contact

Questions → ciruagametest@gmail.com