When you are first using report sender and click on New Schedule you'll see a warning about authorization, and then a Salesforce permissions screen asking you to approve access. If you've wondered why that comes up, this article is for you.

This is the warning users see:

And this is the permission request:

Even though Report Sender is completely native, Salesforce doesn't just let our code login as any user we want. But when you're sending reports, you want the data to look exactly like the user that scheduled the report sees it, right? And you want the code to be able to see any data that's in that report, right? So that's why we need to be able to login as you and request all those permissions, especially that last one (Perform requests on your behalf at any time).

With technical terms:

When the report sender job runs natively in your Salesforce instance, it makes API calls to the reporting API to get the report data. To do this, it needs to login as the user who scheduled the report.

When a user schedules a report for the first time, Report Sender requests their permission via Oauth and stores the resulting token in a private custom setting. This token is used when Report Sender needs to send reports as this user.

How Report Sender uses your Oauth token: