search

DP-3T / dp3t-app-android-demo

The DP3T-App for Android
Mozilla Public License 2.0
323 stars 79 forks source link

Do you really need ACCESS_FINE_LOCATION permission? #55

Open sonew-c opened 4 years ago

sonew-c commented 4 years ago

dp3t-app-android/app/src/main/AndroidManifest.xml Line 18:

Are you sure you want to have this? It seems to defeat the purpose of the app itself.

BTW, good project

goebelUB commented 4 years ago

https://developer.android.com/guide/topics/connectivity/bluetooth#Permissions

aemxn commented 4 years ago

According to Switzerland's client manifest file, it doesn't include this line.

https://github.com/DP-3T/dp3t-app-android-ch/blob/master/app/src/main/AndroidManifest.xml#L14

Can someone clarify this?

EDIT: I think this issue have also discussed about it https://github.com/DP-3T/dp3t-app-android-ch/issues/61

Filius-Patris commented 4 years ago

(I'm not 100% sure on this. Correct me if I'm wrong)

AFAIK the SwissCovid app uses the ExposureNotification framework provided by Google. As this call goes through the Google Play libraries and not the OS, permissions required are specified by the library. On the thread you mentioned, they cite the specifications, which clearly state that you do not have to have the ACCESS_FINE_LOCATION permission. (If I understood correctly, you may even not have it.)

I think this repo does not use the Google backend and makes the call through the OS. Thus it needs the ACCESS_FINE_LOCATION permission to scan for BLE beacons.