Conversation

To be honest: I think this is difficult to solve. Bluetooth Scans actually *can* be used to pinpoint the exact location of someone. So Android asking for the location permission is actually the right thing to do. In this case it unfortunately creates a wrong impression for users.

Quote Tweet

Juhani Lehtimäki, Слава Україні

@lehtimaeki

Jun 16, 2020

Android's misleading permissions cause issues with the Corona app. To have BT access you need to grant location permission (on older devices). People are rightfully sceptical for location tracking with a government app.

Replying to

It should be noted that the app is not requesting the location permission. The app is requesting permission to use the Play Services contact tracing API. Play Services needs location to be enabled for the device for that API to work, otherwise it can't scan the nearby devices.

Replying to

and

If the user has location enabled for the device, they are only going to get a prompt about permitting the app to access contact tracing. The app itself is not directly using Bluetooth scanning, which is what requires the location permission and location to be enabled.

Replying to

and

Play Services has the location permission by default. There's no location permission being requested. Rather, it's asking the user to turn on location for the device, just like toggling it on in Settings or via the quick tile. It's not a permission request. If Play Services...

Replying to

and

... wasn't simply a privileged app with certain permissions granted but rather could do whatever it wanted, then they could hide the fact that this depends on doing a form of location tracking. I think the scanning Play is doing should certainly be considered location tracking.

8:26 AM · Jun 16, 2020Twitter Web App

Replying to

and

It's converting location identifying information into a much more limited form of information for the app. There are still privacy implications. The device having Bluetooth on and actively engaging in the contact tracing protocol has real privacy implications for location.

Replying to

and

If Play Services was built into the OS they could make it much friendlier but that isn't always a good thing. It's a good thing if you see this kind of app-based contact tracing as very important. It is really not clear that app-based contact tracing accomplishes much though...

Show replies