Conversation

Andreas Proschofsky

To be honest: I think this is difficult to solve. Bluetooth Scans actually *can* be used to pinpoint the exact location of someone. So Android asking for the location permission is actually the right thing to do. In this case it unfortunately creates a wrong impression for users.

Quote Tweet

Juhani Lehtimäki, Слава Україні

Android's misleading permissions cause issues with the Corona app. To have BT access you need to grant location permission (on older devices). People are rightfully sceptical for location tracking with a government app.

2

1

3

Replying to

It should be noted that the app is not requesting the location permission. The app is requesting permission to use the Play Services contact tracing API. Play Services needs location to be enabled for the device for that API to work, otherwise it can't scan the nearby devices.

2

5

Replying to

and

If the user has location enabled for the device, they are only going to get a prompt about permitting the app to access contact tracing. The app itself is not directly using Bluetooth scanning, which is what requires the location permission and location to be enabled.

1

2

Replying to

and

Play Services has the location permission by default. There's no location permission being requested. Rather, it's asking the user to turn on location for the device, just like toggling it on in Settings or via the quick tile. It's not a permission request. If Play Services...

1

2

Replying to

and

... wasn't simply a privileged app with certain permissions granted but rather could do whatever it wanted, then they could hide the fact that this depends on doing a form of location tracking. I think the scanning Play is doing should certainly be considered location tracking.

1

2

Replying to

and

It's converting location identifying information into a much more limited form of information for the app. There are still privacy implications. The device having Bluetooth on and actively engaging in the contact tracing protocol has real privacy implications for location.

1

2

Replying to

and

If Play Services was built into the OS they could make it much friendlier but that isn't always a good thing. It's a good thing if you see this kind of app-based contact tracing as very important. It is really not clear that app-based contact tracing accomplishes much though...

1

2

Replying to

and

Even if it was used by 80% of people, it's not clear how much it really accomplishes, especially if everyone is wearing masks and social distancing. How many people are actually using it, including using it to notify others that they tested positive?

1

2

Ben ₿erry.Remnant

Replying to

and

Hi Daniel. Do you know what happens when person x, with a Play Services activated tracing app, meets person y without it (Graphene). Does their app record they've interacted with someone but they register it as pseudonymous person?

2

Replying to

and

Contact tracing is implemented in Play Services. It doesn't exist in AOSP or GrapheneOS. Bluetooth isn't enabled by default in GrapheneOS, and even when it is there's no interaction with the contact tracing API. Bluetooth also has privacy by default, particularly when not paired.

1

Replying to

and

Bluetooth LE privacy is designed to be anonymous, not pseudonymous. Contact tracing uses Bluetooth to implement a tracing protocol. Both devices need to implement it, or it doesn't do anything. Bluetooth doesn't have this as part of the baseline. It's a protocol they implemented.

10:20 AM · Jun 16, 2020Twitter Web App

Ben ₿erry.Remnant

Replying to

and

That's great to know. Thank you for coming back to me and keep up the good work.