1 files changed, 10 insertions, 9 deletions

diff --git a/README.md b/README.md
index ec38a7e09..86be161c6 100644
--- a/README.md
+++ b/README.md
@@ -62,11 +62,15 @@ See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exc
 
 ## Basic goals
 
-* Never (even with permissions) give out actual PGPSecretKey/PGPSecretKeyRing blobs
 * Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
 
 Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
 
+## Permission
+
+* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
+* ACCESS_KEYS: get and import actual public and secret keys (remote service)
+
 ## Intents
 
 ### Without permission
@@ -92,16 +96,13 @@ Android primitives to exchange data: Intent, Intent with return values, Send (al
 ## Content Provider
 
 * The whole content provider requires a permission (only read)
-* Don't give out blobs
+* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
 * Make an internal and external content provider (or pathes with <path-permission>)
 * Look at android:grantUriPermissions especially for ApgServiceBlobProvider
 * Only give out android:readPermission
 
-## Remote Service
-
-* The whole service requires the permission ACCESS_API
-
-## Resulting permission
+## ApgApiService (Remote Service)
+* ACCESS_API
 
-* READ_KEY_DATABASE: Read key information (not the actual keys)(content provider)
-* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service)
\ No newline at end of file
+## ApgKeyService (Remote Service)
+* ACCESS_KEYS
\ No newline at end of file